sendnrw/rdpgw
2
0
Fork 0
mirror of https://github.com/bolkedebruin/rdpgw.git synced 2026-03-29 07:06:34 +00:00
Code Issues Packages Projects Releases Wiki Activity

Refactor config and improve security

Browse Source
This commit is contained in:
Bolke de Bruin
2020-07-18 19:17:53 +02:00
parent 76e30ffa98
commit c68ec69b92
3 changed files with 17 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
download.go
View File

@@ -4,11 +4,9 @@ import (
"encoding/hex" "encoding/hex"
"encoding/json" "encoding/json"
"github.com/patrickmn/go-cache" "github.com/patrickmn/go-cache"
"github.com/spf13/viper"
"golang.org/x/oauth2" "golang.org/x/oauth2"
"log" "log"
"math/rand" "math/rand"
"net"
"net/http" "net/http"
"strings" "strings"
"time" "time"
@@ -30,7 +28,12 @@ func handleRdpDownload(w http.ResponseWriter, r *http.Request) {
return return
} }
host := strings.Replace(viper.GetString("hostTemplate"), "%%", data.(string), 1) var host = conf.Server.HostTemplate
for k, v := range data.(map[string]interface{}) {
if val, ok := v.(string); ok == true {
host = strings.Replace(host, "{{ " + k + " }}", val, 1)
}
}
// authenticated // authenticated
seed := make([]byte, 16) seed := make([]byte, 16)
@@ -41,7 +44,7 @@ func handleRdpDownload(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "application/x-rdp") w.Header().Set("Content-Type", "application/x-rdp")
http.ServeContent(w, r, fn, time.Now(), strings.NewReader( http.ServeContent(w, r, fn, time.Now(), strings.NewReader(
"full address:s:" + host + "\r\n"+ "full address:s:" + host + "\r\n"+
"gatewayhostname:s:" + net.JoinHostPort(conf.Server.GatewayAddress, string(conf.Server.Port)) +"\r\n"+ "gatewayhostname:s:" + conf.Server.GatewayAddress +"\r\n"+
"gatewaycredentialssource:i:5\r\n"+ "gatewaycredentialssource:i:5\r\n"+
"gatewayusagemethod:i:1\r\n"+ "gatewayusagemethod:i:1\r\n"+
"gatewayaccesstoken:s:" + cookie.Value + "\r\n")) "gatewayaccesstoken:s:" + cookie.Value + "\r\n"))
@@ -99,7 +102,7 @@ func handleCallback(w http.ResponseWriter, r *http.Request) {
} }
// TODO: make dynamic // TODO: make dynamic
tokens.Set(token, data["preferred_username"].(string), cache.DefaultExpiration) tokens.Set(token, data, cache.DefaultExpiration)
http.SetCookie(w, &cookie) http.SetCookie(w, &cookie)
http.Redirect(w, r, "/connect", http.StatusFound) http.Redirect(w, r, "/connect", http.StatusFound)

6
main.go
View File

@@ -59,13 +59,13 @@ func main() {
log.Fatalf("Cannot get oidc provider: %s", err) log.Fatalf("Cannot get oidc provider: %s", err)
} }
oidcConfig := &oidc.Config{ oidcConfig := &oidc.Config{
ClientID: viper.GetString("clientId"), ClientID: conf.OpenId.ClientId,
} }
verifier = provider.Verifier(oidcConfig) verifier = provider.Verifier(oidcConfig)
oauthConfig = oauth2.Config{ oauthConfig = oauth2.Config{
ClientID: viper.GetString("clientId"), ClientID: conf.OpenId.ClientId,
ClientSecret: viper.GetString("clientSecret"), ClientSecret: conf.OpenId.ClientSecret,
RedirectURL: "https://" + conf.Server.GatewayAddress + "/callback", RedirectURL: "https://" + conf.Server.GatewayAddress + "/callback",
Endpoint: provider.Endpoint(), Endpoint: provider.Endpoint(),
Scopes: []string{oidc.ScopeOpenID, "profile", "email"}, Scopes: []string{oidc.ScopeOpenID, "profile", "email"},

7
rdg.go
View File

@@ -225,7 +225,12 @@ func handleWebsocketProtocol(conn *websocket.Conn) {
log.Printf("Invalid PAA cookie: %s from %s", cookie, conn.RemoteAddr()) log.Printf("Invalid PAA cookie: %s from %s", cookie, conn.RemoteAddr())
return return
} }
host = strings.Replace(conf.Server.HostTemplate, "%%", data.(string), 1) host = conf.Server.HostTemplate
for k, v := range data.(map[string]interface{}) {
if val, ok := v.(string); ok == true {
host = strings.Replace(host, "{{ " + k + " }}", val, 1)
}
}
msg := createTunnelResponse() msg := createTunnelResponse()
log.Printf("Create tunnel response: %x", msg) log.Printf("Create tunnel response: %x", msg)
conn.WriteMessage(mt, msg) conn.WriteMessage(mt, msg)