forked from urvishpatelce/lxd-app
fixes
This commit is contained in:
@ -1,86 +0,0 @@
|
||||
<?php
|
||||
|
||||
namespace App\Controllers;
|
||||
|
||||
use App\Services\LxdService;
|
||||
use Psr\Http\Message\ResponseInterface;
|
||||
use Psr\Http\Message\ServerRequestInterface;
|
||||
use App\Utils\ContainerHelper;
|
||||
|
||||
class HandoffController
|
||||
{
|
||||
public function post(ServerRequestInterface $req, ResponseInterface $res): ResponseInterface
|
||||
{
|
||||
// if (session_status() !== PHP_SESSION_ACTIVE) { session_start(); }
|
||||
|
||||
$q = $req->getQueryParams();
|
||||
$name = ContainerHelper::getName($req);
|
||||
$id = (string)($q['handoff'] ?? '');
|
||||
$path = (string)($q['path'] ?? '/');
|
||||
|
||||
if (!$name || !$id) {
|
||||
return $this->html($res, 400, '<h1>Bad request</h1>');
|
||||
}
|
||||
|
||||
$lxd = new LxdService();
|
||||
$ip = $lxd->getContainerIP($name);
|
||||
if (!$ip) {
|
||||
return $this->html($res, 503, '<h1>Container not ready</h1>');
|
||||
}
|
||||
|
||||
$key = "handoff:$name:$id";
|
||||
$data = $_SESSION[$key] ?? null;
|
||||
unset($_SESSION[$key]); // one-time use
|
||||
|
||||
if (!$data || empty($data['username']) || empty($data['password'])) {
|
||||
return $this->html($res, 410, '<h1>Handoff expired</h1>');
|
||||
}
|
||||
|
||||
// Restrict to relative paths
|
||||
$path = $this->sanitizePath($path);
|
||||
|
||||
// If your container has TLS, prefer https://
|
||||
$action = 'http://' . $ip . $path;
|
||||
|
||||
$html = <<<HTML
|
||||
<!doctype html>
|
||||
<html>
|
||||
<head><meta charset="utf-8"><title>Signing you in…</title></head>
|
||||
<body>
|
||||
<form id="f" method="POST" action="{$this->e($action)}">
|
||||
<input type="hidden" name="username" value="{$this->e($data['username'])}">
|
||||
<input type="hidden" name="password" value="{$this->e($data['password'])}">
|
||||
</form>
|
||||
<script>document.getElementById('f').submit();</script>
|
||||
<noscript>
|
||||
<p>JavaScript is required to continue. Click the button below.</p>
|
||||
<button form="f" type="submit">Continue</button>
|
||||
</noscript>
|
||||
</body>
|
||||
</html>
|
||||
HTML;
|
||||
|
||||
return $this->html($res, 200, $html);
|
||||
}
|
||||
|
||||
private function e(string $s): string
|
||||
{
|
||||
return htmlspecialchars($s, ENT_QUOTES | ENT_SUBSTITUTE, 'UTF-8');
|
||||
}
|
||||
|
||||
private function html(ResponseInterface $res, int $code, string $html): ResponseInterface
|
||||
{
|
||||
$res->getBody()->write($html);
|
||||
return $res->withHeader('Content-Type', 'text/html; charset=utf-8')->withStatus($code);
|
||||
}
|
||||
|
||||
private function sanitizePath(string $raw): string
|
||||
{
|
||||
if (preg_match('#^https?://#i', $raw)) return '/login';
|
||||
if (!str_starts_with($raw, '/')) return '/login';
|
||||
$path = parse_url($raw, PHP_URL_PATH) ?? '/login';
|
||||
$allow = ['/', '/login', '/signin'];
|
||||
return in_array($path, $allow, true) ? $path : '/login';
|
||||
}
|
||||
}
|
||||
|
||||
@ -41,25 +41,9 @@ class LoginController
|
||||
|
||||
LogWriterHelper::write($name);
|
||||
|
||||
// ---- NEW: create one-time handoff and store creds server-side ----
|
||||
$handoffId = bin2hex(random_bytes(16));
|
||||
$_SESSION["handoff:$name:$handoffId"] = [
|
||||
'username' => (string)($params['username'] ?? ''),
|
||||
'password' => (string)($params['password'] ?? ''),
|
||||
'created_at' => time(),
|
||||
];
|
||||
|
||||
// sanitize the container path (not a full URL!)
|
||||
// $path = $this->sanitizeRedirectPath($params['redirect'] ?? '/login');
|
||||
|
||||
// Client goes to waiting page; when ready it will be sent to the bridge
|
||||
$redirect = '/waiting?handoff=' . rawurlencode($handoffId);
|
||||
//. '&path=' . rawurlencode($path);
|
||||
|
||||
return $this->json($response, [
|
||||
'status' => 'success',
|
||||
'message' => 'Container started!',
|
||||
'redirect' => $redirect
|
||||
'message' => 'Container gestartet!'
|
||||
]);
|
||||
} catch (\Throwable $e) {
|
||||
return $this->json($response, [
|
||||
|
||||
@ -36,6 +36,7 @@ class LxdService
|
||||
curl_setopt($ch, CURLOPT_SSLCERT, $clientCert);
|
||||
curl_setopt($ch, CURLOPT_SSLKEY, $clientKey);
|
||||
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
|
||||
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
|
||||
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
|
||||
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, $method);
|
||||
|
||||
@ -84,6 +85,7 @@ class LxdService
|
||||
curl_setopt($ch, CURLOPT_SSLCERT, $clientCert);
|
||||
curl_setopt($ch, CURLOPT_SSLKEY, $clientKey);
|
||||
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
|
||||
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
|
||||
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
|
||||
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'GET');
|
||||
|
||||
|
||||
Reference in New Issue
Block a user