Added user access control to all builtin apps

pajama-coder · pajama-coder · commit cebc138ca225 · 2024-07-30T16:50:43.000+08:00
diff --git a/agent/apps/ztm/proxy/api.js b/agent/apps/ztm/proxy/api.js
@@ -30,7 +30,10 @@ export default function ({ app, mesh }) {
           path: `/api/config`,
         },
         JSON.encode(config)
-      ))
+      )).then(res => {
+        var status = res?.head?.status
+        if (!(200 <= status && status <= 299)) throw res.head.statusText
+      })
     }
   }
 
diff --git a/agent/apps/ztm/proxy/main.js b/agent/apps/ztm/proxy/main.js
@@ -10,6 +10,9 @@ export default function ({ app, mesh, utils }) {
   var gui = new http.Directory(os.path.join(app.root, 'gui'))
   var response = utils.createResponse
   var responder = utils.createResponder
+  var responderOwnerOnly = (f) => responder((params, req) => (
+    $ctx.peer.username === app.username ? f(params, req) : Promise.resolve(response(403))
+  ))
 
   var serveUser = utils.createServer({
     '/cli': {
@@ -55,7 +58,7 @@ export default function ({ app, mesh, utils }) {
         ret => ret ? response(200, ret) : response(404)
       )),
 
-      'POST': responder((_, req) => {
+      'POST': responderOwnerOnly((_, req) => {
         var config = JSON.decode(req.body)
         return api.setEndpointConfig(app.endpoint.id, config).then(response(201))
       }),
diff --git a/agent/apps/ztm/script/api.js b/agent/apps/ztm/script/api.js
@@ -5,6 +5,7 @@ export default function ({ app, mesh }) {
 
   var scripts = {}
 
+  var $ctx
   var $ep
   var $hash
   var $command
@@ -24,27 +25,34 @@ export default function ({ app, mesh }) {
   )
 
   var executeScriptLocal = pipeline($=>$
-    .replaceMessage(req => {
-      var url = new URL(req.head.path)
-      var argv = JSON.parse(URL.decodeComponent(url.searchParams.get('argv') || '[]'))
-      var exe = app.executable
-      var program = exe.endsWith('pipy') || exe.endsWith('pipy.exe') ? [exe] : [exe, '--pipy']
-      $hash = addScript(req.body)
-      $command = [
-        ...program,
-        '--no-reload',
-        '--log-level=error',
-        `${app.url}/api/scripts/${$hash}`,
-        '--args', ...argv
-      ]
-      return new Data
-    })
-    .exec(() => $command, { stderr: true })
-    .replaceStreamStart(evt => [new MessageStart, evt])
-    .replaceStreamEnd(() => {
-      delete scripts[$hash]
-      return new MessageEnd
+    .onStart(c => { $ctx = c })
+    .pipe(() => $ctx.peer.username === app.username ? 'exec' : 'deny', {
+      'exec': ($=>$
+        .replaceMessage(req => {
+          var url = new URL(req.head.path)
+          var argv = JSON.parse(URL.decodeComponent(url.searchParams.get('argv') || '[]'))
+          var exe = app.executable
+          var program = exe.endsWith('pipy') || exe.endsWith('pipy.exe') ? [exe] : [exe, '--pipy']
+          $hash = addScript(req.body)
+          $command = [
+            ...program,
+            '--no-reload',
+            '--log-level=error',
+            `${app.url}/api/scripts/${$hash}`,
+            '--args', ...argv
+          ]
+          return new Data
+        })
+        .exec(() => $command, { stderr: true })
+        .replaceStreamStart(evt => [new MessageStart, evt])
+        .replaceStreamEnd(() => {
+          delete scripts[$hash]
+          return new MessageEnd
+        })
+      ),
+      'deny': $=>$.replaceMessage(new Message({ status: 403 }, 'Forbidden'))
     })
+
   )
 
   function addScript(script) {
diff --git a/agent/apps/ztm/script/cli.js b/agent/apps/ztm/script/cli.js
@@ -24,7 +24,6 @@ export default function ({ app, api, utils }) {
     }
 
     try {
-      println(argv)
       return utils.parseArgv(argv, {
         help: text => Promise.resolve(output(text + '\n')),
         commands: [
diff --git a/agent/apps/ztm/script/main.js b/agent/apps/ztm/script/main.js
@@ -55,7 +55,7 @@ export default function ({ app, mesh, utils }) {
 
   var servePeer = utils.createServer({
     '/api/script': {
-      'POST': api.executeScriptLocal,
+      'POST': pipeline($=>$.pipe(api.executeScriptLocal, () => $ctx)),
     },
   })
 
diff --git a/agent/apps/ztm/terminal/api.js b/agent/apps/ztm/terminal/api.js
@@ -1,4 +1,5 @@
 export default function ({ app, mesh }) {
+  var $ctx
   var $shell
 
   function allEndpoints() {
@@ -14,7 +15,11 @@ export default function ({ app, mesh }) {
           method: 'GET',
           path: `/api/config`,
         }
-      )).then(res => res ? JSON.decode(res.body) : null)
+      )).then(res => {
+        var status = res?.head?.status
+        if (!(200 <= status && status <= 299)) throw res.head.statusText
+        return JSON.decode(res.body)
+      })
     }
   }
 
@@ -49,18 +54,24 @@ export default function ({ app, mesh }) {
   }
 
   var serveTerminal = pipeline($=>$
-    .acceptHTTPTunnel(() => new Message({ status: 200 })).to($=>$
-      .onStart(() => getLocalConfig().then(config => {
-        $shell = config.shell || os.env['SHELL'] || 'sh'
-        return new Data
-      }))
-      .exec(
-        () => $shell, {
-          pty: true,
-          onExit: () => new StreamEnd
-        }
-      )
-    )
+    .onStart(c => { $ctx = c })
+    .pipe(() => $ctx.peer.username === app.username ? 'exec' : 'deny', {
+      'exec': ($=>$
+        .acceptHTTPTunnel(() => new Message({ status: 200 })).to($=>$
+          .onStart(() => getLocalConfig().then(config => {
+            $shell = config.shell || os.env['SHELL'] || 'sh'
+            return new Data
+          }))
+          .exec(
+            () => $shell, {
+              pty: true,
+              onExit: () => new StreamEnd
+            }
+          )
+        )
+      ),
+      'deny': $=>$.replaceMessage(new Message({ status: 403 }))
+    })
   )
 
   function getLocalConfig() {
diff --git a/agent/apps/ztm/terminal/main.js b/agent/apps/ztm/terminal/main.js
@@ -9,6 +9,9 @@ export default function ({ app, mesh, utils }) {
 
   var response = utils.createResponse
   var responder = utils.createResponder
+  var responderOwnerOnly = (f) => responder((params, req) => (
+    $ctx.peer.username === app.username ? f(params, req) : Promise.resolve(response(403))
+  ))
 
   var serveUser = utils.createServer({
     '/cli': {
@@ -44,18 +47,18 @@ export default function ({ app, mesh, utils }) {
 
   var servePeer = utils.createServer({
     '/api/config': {
-      'GET': responder(() => api.getEndpointConfig(app.endpoint.id).then(
+      'GET': responderOwnerOnly(() => api.getEndpointConfig(app.endpoint.id).then(
         ret => ret ? response(200, ret) : response(404)
       )),
 
-      'POST': responder((_, req) => {
+      'POST': responderOwnerOnly((_, req) => {
         var config = JSON.decode(req.body)
         return api.setEndpointConfig(app.endpoint.id, config).then(response(201))
       }),
     },
 
     '/api/shell': {
-      'CONNECT': api.serveTerminal,
+      'CONNECT': pipeline($=>$.pipe(api.serveTerminal, () => $ctx)),
     },
   })
 
diff --git a/agent/apps/ztm/tunnel/api.js b/agent/apps/ztm/tunnel/api.js
@@ -327,7 +327,7 @@ export default function ({ app, mesh }) {
 
   var matchApiOutbound = new http.Match('/api/outbound/{proto}/{name}')
   var response200 = new Message({ status: 200 })
-  var response401 = new Message({ status: 401 })
+  var response403 = new Message({ status: 403 })
   var response404 = new Message({ status: 404 })
 
   var $ctx
@@ -356,7 +356,7 @@ export default function ({ app, mesh }) {
           return response200
         } else {
           app.log(`Rejected inbound from ${peer.id} (user = ${peer.username}) for ${key}`)
-          return response401
+          return response403
         }
       }
       app.log(`No target found for ${key}`)
diff --git a/agent/apps/ztm/tunnel/main.js b/agent/apps/ztm/tunnel/main.js
@@ -11,7 +11,7 @@ export default function ({ app, mesh, utils }) {
   var response = utils.createResponse
   var responder = utils.createResponder
   var responderOwnerOnly = (f) => responder((params, req) => (
-    $ctx.peer.username === app.username ? f(params, req) : Promise.resolve(response(401))
+    $ctx.peer.username === app.username ? f(params, req) : Promise.resolve(response(403))
   ))
 
   var serveUser = utils.createServer({

Original file line number	Diff line number	Diff line change
`@@ -30,7 +30,10 @@ export default function ({ app, mesh }) {`
`30`	`30`	path: `/api/config`,
`31`	`31`	`},`
`32`	`32`	`JSON.encode(config)`
`33`		`- ))`
	`33`	`+ )).then(res => {`
	`34`	`+ var status = res?.head?.status`
	`35`	`+ if (!(200 <= status && status <= 299)) throw res.head.statusText`
	`36`	`+ })`
`34`	`37`	`}`
`35`	`38`	`}`
`36`	`39`
Original file line number	Diff line number	Diff line change
`@@ -24,7 +24,6 @@ export default function ({ app, api, utils }) {`
`24`	`24`	`}`
`25`	`25`
`26`	`26`	`try {`
`27`		`- println(argv)`
`28`	`27`	`return utils.parseArgv(argv, {`
`29`	`28`	`help: text => Promise.resolve(output(text + '\n')),`
`30`	`29`	`commands: [`