hendrik/lens
1
0
Fork 0
mirror of https://github.com/lensapp/lens.git synced 2025-05-20 05:10:56 +00:00
Code Issues Projects Releases Wiki Activity

Make the upgrade routes actually use a router

Browse Source 
Signed-off-by: Sebastian Malton <sebastian@malton.name>
This commit is contained in:
Sebastian Malton 2023-01-12 14:39:13 -05:00
parent 01bc135c59
commit aea545526d
16 changed files with 367 additions and 238 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

61
src/common/utils/__tests__/chunk.test.ts Normal file
View File

@ -0,0 +1,61 @@
/**
* Copyright (c) OpenLens Authors. All rights reserved.
* Licensed under MIT License. See LICENSE in root directory for more information.
*/
import { chunkSkipEnd } from "../chunk";
describe("chunkSkipEnd", () => {
it("should yield no elements when given an empty iterator", () => {
const i = chunkSkipEnd([], 2);
expect(i.next()).toEqual({ done: true });
});
it("should yield no elements when given an iterator of size less than chunk=2", () => {
const i = chunkSkipEnd([1], 2);
expect(i.next()).toEqual({ done: true });
});
it("should yield no elements when given an chunk=0", () => {
const i = chunkSkipEnd([1], 0);
expect(i.next()).toEqual({ done: true });
});
it("should yield no elements when given an chunk<0", () => {
const i = chunkSkipEnd([1], 0);
expect(i.next()).toEqual({ done: true });
});
it("should yield no elements when given an iterator of size less than chunk=3", () => {
const i = chunkSkipEnd([1, 2], 3);
expect(i.next()).toEqual({ done: true });
});
it("should yield one chunk when given an iterator of size equal to chunk", () => {
const i = chunkSkipEnd([1, 2], 2);
expect(i.next()).toEqual({ done: false, value: [1, 2] });
expect(i.next()).toEqual({ done: true });
});
it("should yield two chunks when given an iterator of size equal to chunk*2", () => {
const i = chunkSkipEnd([1, 2, 3, 4], 2);
expect(i.next()).toEqual({ done: false, value: [1, 2] });
expect(i.next()).toEqual({ done: false, value: [3, 4] });
expect(i.next()).toEqual({ done: true });
});
it("should yield two chunks when given an iterator of size between chunk*2 and chunk*3", () => {
const i = chunkSkipEnd([1, 2, 3, 4, 5], 2);
expect(i.next()).toEqual({ done: false, value: [1, 2] });
expect(i.next()).toEqual({ done: false, value: [3, 4] });
expect(i.next()).toEqual({ done: true });
});
});

36
src/common/utils/chunk.ts Normal file
View File

@ -0,0 +1,36 @@
/**
* Copyright (c) OpenLens Authors. All rights reserved.
* Licensed under MIT License. See LICENSE in root directory for more information.
*/
import type { Tuple } from "./tuple";
/**
* Will yield consecutive chunks of `size` length. If `src.length` is not a multiple of `size`
* then the final values will be iterated over but not yielded.
* @param src The original array
* @param size The size of the chunks
*/
export function* chunkSkipEnd<T, Size extends number>(src: Iterable<T>, size: Size): IterableIterator<Tuple<T, Size>> {
if (size <= 0) {
return;
}
const iter = src[Symbol.iterator]();
for (;;) {
const chunk = [];
for (let i = 0; i < size; i += 1) {
const result = iter.next();
if (result.done === true) {
return;
}
chunk.push(result.value);
}
yield chunk as Tuple<T, Size>;
}
}

5
src/main/lens-proxy/get-cluster-for-request.injectable.ts
View File

@ -6,7 +6,10 @@ import { getInjectable } from "@ogre-tools/injectable";
import getClusterByIdInjectable from "../../common/cluster-store/get-by-id.injectable"; import getClusterByIdInjectable from "../../common/cluster-store/get-by-id.injectable";
import { getClusterIdFromHost } from "../../common/utils"; import { getClusterIdFromHost } from "../../common/utils";
import { apiKubePrefix } from "../../common/vars"; import { apiKubePrefix } from "../../common/vars";
import type { GetClusterForRequest } from "./lens-proxy"; import type { IncomingMessage } from "http";
import type { Cluster } from "../../common/cluster/cluster";
export type GetClusterForRequest = (req: IncomingMessage) => Cluster | undefined;
const getClusterForRequestInjectable = getInjectable({ const getClusterForRequestInjectable = getInjectable({
id: "get-cluster-for-request", id: "get-cluster-for-request",

34
src/main/lens-proxy/lens-proxy.injectable.ts
View File

@ -3,23 +3,14 @@
* Licensed under MIT License. See LICENSE in root directory for more information. * Licensed under MIT License. See LICENSE in root directory for more information.
*/ */
import { getInjectable } from "@ogre-tools/injectable"; import { getInjectable } from "@ogre-tools/injectable";
import type { ProxyApiRequestArgs } from "./proxy-functions";
import { kubeApiUpgradeRequest } from "./proxy-functions";
import shellApiRequestInjectable from "./proxy-functions/shell-api-request.injectable";
import lensProxyPortInjectable from "./lens-proxy-port.injectable"; import lensProxyPortInjectable from "./lens-proxy-port.injectable";
import emitAppEventInjectable from "../../common/app-event-bus/emit-event.injectable"; import emitAppEventInjectable from "../../common/app-event-bus/emit-event.injectable";
import loggerInjectable from "../../common/logger.injectable"; import loggerInjectable from "../../common/logger.injectable";
import lensProxyCertificateInjectable from "../../common/certificate/lens-proxy-certificate.injectable"; import lensProxyCertificateInjectable from "../../common/certificate/lens-proxy-certificate.injectable";
import getClusterForRequestInjectable from "./get-cluster-for-request.injectable";
import type { IncomingMessage } from "http";
import type net from "net"; import type net from "net";
import type { Cluster } from "../../common/cluster/cluster";
import { apiPrefix } from "../../common/vars";
import { createServer } from "https"; import { createServer } from "https";
import handleLensRequestInjectable from "./handle-lens-request.injectable"; import handleLensRequestInjectable from "./handle-lens-request.injectable";
import routeUpgradeRequestInjectable from "./upgrade-router/router.injectable";
export type GetClusterForRequest = (req: IncomingMessage) => Cluster | undefined;
export type LensProxyApiRequest = (args: ProxyApiRequestArgs) => void | Promise<void>;
export interface LensProxy { export interface LensProxy {
listen: () => Promise<void>; listen: () => Promise<void>;
@ -48,13 +39,12 @@ const lensProxyInjectable = getInjectable({
id: "lens-proxy", id: "lens-proxy",
instantiate: (di): LensProxy => { instantiate: (di): LensProxy => {
const shellApiRequest = di.inject(shellApiRequestInjectable);
const getClusterForRequest = di.inject(getClusterForRequestInjectable);
const lensProxyPort = di.inject(lensProxyPortInjectable); const lensProxyPort = di.inject(lensProxyPortInjectable);
const emitAppEvent = di.inject(emitAppEventInjectable); const emitAppEvent = di.inject(emitAppEventInjectable);
const logger = di.inject(loggerInjectable); const logger = di.inject(loggerInjectable);
const certificate = di.inject(lensProxyCertificateInjectable).get(); const certificate = di.inject(lensProxyCertificateInjectable).get();
const handleLensRequest = di.inject(handleLensRequestInjectable); const handleLensRequest = di.inject(handleLensRequestInjectable);
const routeUpgradeRequest = di.inject(routeUpgradeRequestInjectable);
const proxyServer = createServer( const proxyServer = createServer(
{ {
@ -63,25 +53,7 @@ const lensProxyInjectable = getInjectable({
}, },
handleLensRequest.handle, handleLensRequest.handle,
) )
.on("upgrade", (req, socket, head) => { .on("upgrade", routeUpgradeRequest);
const cluster = getClusterForRequest(req);
if (!cluster || !req.url) {
logger.error(`[LENS-PROXY]: Could not find cluster for upgrade request from url=${req.url}`);
socket.destroy();
} else {
const isInternal = req.url.startsWith(`${apiPrefix}?`);
const reqHandler = isInternal ? shellApiRequest : kubeApiUpgradeRequest;
(async () => {
try {
await reqHandler({ req, socket, head, cluster });
} catch (error) {
logger.error("[LENS-PROXY]: failed to handle proxy upgrade", error);
}
})();
}
});
const attemptToListen = () => new Promise<number>((resolve, reject) => { const attemptToListen = () => new Promise<number>((resolve, reject) => {
proxyServer.listen(0, "127.0.0.1"); proxyServer.listen(0, "127.0.0.1");

6
src/main/lens-proxy/proxy-functions/index.ts
View File

@ -1,6 +0,0 @@
/**
* Copyright (c) OpenLens Authors. All rights reserved.
* Licensed under MIT License. See LICENSE in root directory for more information.
*/
export * from "./kube-api-upgrade-request";
export * from "./types";

66
src/main/lens-proxy/proxy-functions/kube-api-upgrade-request.ts
View File

@ -1,66 +0,0 @@
/**
* Copyright (c) OpenLens Authors. All rights reserved.
* Licensed under MIT License. See LICENSE in root directory for more information.
*/
import { chunk } from "lodash";
import type { ConnectionOptions } from "tls";
import { connect } from "tls";
import url from "url";
import { apiKubePrefix } from "../../../common/vars";
import type { ProxyApiRequestArgs } from "./types";
const skipRawHeaders = new Set(["Host", "Authorization"]);
export async function kubeApiUpgradeRequest({ req, socket, head, cluster }: ProxyApiRequestArgs) {
const proxyUrl = await cluster.contextHandler.resolveAuthProxyUrl() + req.url.replace(apiKubePrefix, "");
const proxyCa = cluster.contextHandler.resolveAuthProxyCa();
const apiUrl = url.parse(cluster.apiUrl);
const pUrl = url.parse(proxyUrl);
const connectOpts: ConnectionOptions = {
port: pUrl.port ? parseInt(pUrl.port) : undefined,
host: pUrl.hostname ?? undefined,
ca: proxyCa,
};
const proxySocket = connect(connectOpts, () => {
proxySocket.write(`${req.method} ${pUrl.path} HTTP/1.1\r\n`);
proxySocket.write(`Host: ${apiUrl.host}\r\n`);
for (const [key, value] of chunk(req.rawHeaders, 2)) {
if (skipRawHeaders.has(key)) {
continue;
}
proxySocket.write(`${key}: ${value}\r\n`);
}
proxySocket.write("\r\n");
proxySocket.write(head);
});
proxySocket.setKeepAlive(true);
socket.setKeepAlive(true);
proxySocket.setTimeout(0);
socket.setTimeout(0);
proxySocket.on("data", function (chunk) {
socket.write(chunk);
});
proxySocket.on("end", function () {
socket.end();
});
proxySocket.on("error", function () {
socket.write(`HTTP/${req.httpVersion} 500 Connection error\r\n\r\n`);
socket.end();
});
socket.on("data", function (chunk) {
proxySocket.write(chunk);
});
socket.on("end", function () {
proxySocket.end();
});
socket.on("error", function () {
proxySocket.end();
});
}

42
src/main/lens-proxy/proxy-functions/shell-api-request.injectable.ts
View File

@ -1,42 +0,0 @@
/**
* Copyright (c) OpenLens Authors. All rights reserved.
* Licensed under MIT License. See LICENSE in root directory for more information.
*/
import { getInjectable } from "@ogre-tools/injectable";
import shellRequestAuthenticatorInjectable from "./shell-request-authenticator/shell-request-authenticator.injectable";
import openShellSessionInjectable from "../../shell-session/create-shell-session.injectable";
import type { LensProxyApiRequest } from "../lens-proxy";
import URLParse from "url-parse";
import { Server as WebSocketServer } from "ws";
import loggerInjectable from "../../../common/logger.injectable";
import getClusterForRequestInjectable from "../get-cluster-for-request.injectable";
const shellApiRequestInjectable = getInjectable({
id: "shell-api-request",
instantiate: (di): LensProxyApiRequest => {
const openShellSession = di.inject(openShellSessionInjectable);
const authenticateRequest = di.inject(shellRequestAuthenticatorInjectable).authenticate;
const getClusterForRequest = di.inject(getClusterForRequestInjectable);
const logger = di.inject(loggerInjectable);
return ({ req, socket, head }) => {
const cluster = getClusterForRequest(req);
const { query: { node: nodeName, shellToken, id: tabId }} = new URLParse(req.url, true);
if (!tabId || !cluster || !authenticateRequest(cluster.id, tabId, shellToken)) {
socket.write("Invalid shell request");
socket.end();
} else {
const ws = new WebSocketServer({ noServer: true });
ws.handleUpgrade(req, socket, head, (websocket) => {
openShellSession({ websocket, cluster, tabId, nodeName })
.catch(error => logger.error(`[SHELL-SESSION]: failed to open a ${nodeName ? "node" : "local"} shell`, error));
});
}
};
},
});
export default shellApiRequestInjectable;

20
src/main/lens-proxy/proxy-functions/shell-request-authenticator/shell-request-authenticator.injectable.ts
View File

@ -1,20 +0,0 @@
/**
* Copyright (c) OpenLens Authors. All rights reserved.
* Licensed under MIT License. See LICENSE in root directory for more information.
*/
import { getInjectable } from "@ogre-tools/injectable";
import { ShellRequestAuthenticator } from "./shell-request-authenticator";
const shellRequestAuthenticatorInjectable = getInjectable({
id: "shell-request-authenticator",
instantiate: () => {
const authenticator = new ShellRequestAuthenticator();
authenticator.init();
return authenticator;
},
});
export default shellRequestAuthenticatorInjectable;

53
src/main/lens-proxy/proxy-functions/shell-request-authenticator/shell-request-authenticator.ts
View File

@ -1,53 +0,0 @@
/**
* Copyright (c) OpenLens Authors. All rights reserved.
* Licensed under MIT License. See LICENSE in root directory for more information.
*/
import { getOrInsertMap } from "../../../../common/utils";
import type { ClusterId } from "../../../../common/cluster-types";
import { ipcMainHandle } from "../../../../common/ipc";
import crypto from "crypto";
import { promisify } from "util";
const randomBytes = promisify(crypto.randomBytes);
export class ShellRequestAuthenticator {
private tokens = new Map<ClusterId, Map<string, Uint8Array>>();
init() {
ipcMainHandle("cluster:shell-api", async (event, clusterId, tabId) => {
const authToken = Uint8Array.from(await randomBytes(128));
const forCluster = getOrInsertMap(this.tokens, clusterId);
forCluster.set(tabId, authToken);
return authToken;
});
}
/**
* Authenticates a single use token for creating a new shell
* @param clusterId The `ClusterId` for the shell
* @param tabId The ID for the shell
* @param token The value that is being presented as a one time authentication token
* @returns `true` if `token` was valid, false otherwise
*/
authenticate = (clusterId: ClusterId, tabId: string, token: string | undefined): boolean => {
const clusterTokens = this.tokens.get(clusterId);
if (!clusterTokens || !tabId || !token) {
return false;
}
const authToken = clusterTokens.get(tabId);
const buf = Uint8Array.from(Buffer.from(token, "base64"));
if (authToken instanceof Uint8Array && authToken.length === buf.length && crypto.timingSafeEqual(authToken, buf)) {
// remove the token because it is a single use token
clusterTokens.delete(tabId);
return true;
}
return false;
};
}

16
src/main/lens-proxy/proxy-functions/types.ts
View File

@ -1,16 +0,0 @@
/**
* Copyright (c) OpenLens Authors. All rights reserved.
* Licensed under MIT License. See LICENSE in root directory for more information.
*/
import type http from "http";
import type net from "net";
import type { SetRequired } from "type-fest";
import type { Cluster } from "../../../common/cluster/cluster";
export interface ProxyApiRequestArgs {
req: SetRequired<http.IncomingMessage, "url" | "method">;
socket: net.Socket;
head: Buffer;
cluster: Cluster;
}

78
src/main/lens-proxy/upgrade-router/kube-api-upgrade-route.injectable.ts Normal file
View File

@ -0,0 +1,78 @@
/**
* Copyright (c) OpenLens Authors. All rights reserved.
* Licensed under MIT License. See LICENSE in root directory for more information.
*/
import type { ConnectionOptions } from "tls";
import { connect } from "tls";
import url from "url";
import { chunkSkipEnd } from "../../../common/utils/chunk";
import { apiKubePrefix } from "../../../common/vars";
const skipRawHeaders = new Set(["host", "authorization"]);
import { getInjectable } from "@ogre-tools/injectable";
import { lensProxyUpgradeRouteInjectionToken } from "./proxy-upgrade-route";
const kubeApiUpgradeRouteInjectable = getInjectable({
id: "kube-api-upgrade-route",
instantiate: () => ({
handler: async ({ req, socket, head, cluster }) => {
const proxyUrl = await cluster.contextHandler.resolveAuthProxyUrl() + req.url.replace(apiKubePrefix, "");
const proxyCa = cluster.contextHandler.resolveAuthProxyCa();
const apiUrl = url.parse(cluster.apiUrl);
const pUrl = url.parse(proxyUrl);
const connectOpts: ConnectionOptions = {
port: pUrl.port ? parseInt(pUrl.port) : undefined,
host: pUrl.hostname ?? undefined,
ca: proxyCa,
};
const proxySocket = connect(connectOpts, () => {
proxySocket.write(`${req.method} ${pUrl.path} HTTP/1.1\r\n`);
proxySocket.write(`Host: ${apiUrl.host}\r\n`);
for (const [key, value] of chunkSkipEnd(req.rawHeaders, 2)) {
if (skipRawHeaders.has(key.toLowerCase())) {
continue;
}
proxySocket.write(`${key}: ${value}\r\n`);
}
proxySocket.write("\r\n");
proxySocket.write(head);
});
proxySocket.setKeepAlive(true);
socket.setKeepAlive(true);
proxySocket.setTimeout(0);
socket.setTimeout(0);
proxySocket.on("data", function (chunk) {
socket.write(chunk);
});
proxySocket.on("end", function () {
socket.end();
});
proxySocket.on("error", function () {
socket.write(`HTTP/${req.httpVersion} 500 Connection error\r\n\r\n`);
socket.end();
});
socket.on("data", function (chunk) {
proxySocket.write(chunk);
});
socket.on("end", function () {
proxySocket.end();
});
socket.on("error", function () {
proxySocket.end();
});
},
path: `${apiKubePrefix}/*`,
}),
injectionToken: lensProxyUpgradeRouteInjectionToken,
});
export default kubeApiUpgradeRouteInjectable;

29
src/main/lens-proxy/upgrade-router/proxy-upgrade-route.ts Normal file
View File

@ -0,0 +1,29 @@
/**
* Copyright (c) OpenLens Authors. All rights reserved.
* Licensed under MIT License. See LICENSE in root directory for more information.
*/
import { getInjectionToken } from "@ogre-tools/injectable";
import type { SetRequired } from "type-fest";
import type { IncomingMessage } from "http";
import type { Cluster } from "../../../common/cluster/cluster";
import type { Socket } from "net";
export type LensProxyRequest = SetRequired<IncomingMessage, "url" | "method">;
export interface LensProxyUpgradeRequestArgs {
req: LensProxyRequest;
socket: Socket;
head: Buffer;
cluster: Cluster;
}
export type LensProxyUpgradeRequestHandler = (args: LensProxyUpgradeRequestArgs) => void | Promise<void>;
export interface LensProxyUpgradeRoute {
path: string;
handler: LensProxyUpgradeRequestHandler;
}
export const lensProxyUpgradeRouteInjectionToken = getInjectionToken<LensProxyUpgradeRoute>({
id: "lens-proxy-upgrade-route-token",
});

56
src/main/lens-proxy/upgrade-router/router.injectable.ts Normal file
View File

@ -0,0 +1,56 @@
/**
* Copyright (c) OpenLens Authors. All rights reserved.
* Licensed under MIT License. See LICENSE in root directory for more information.
*/
import { Router } from "@hapi/call";
import { getInjectable } from "@ogre-tools/injectable";
import type { Socket } from "net";
import loggerInjectable from "../../../common/logger.injectable";
import getClusterForRequestInjectable from "../get-cluster-for-request.injectable";
import type { LensProxyRequest, LensProxyUpgradeRequestHandler } from "./proxy-upgrade-route";
import { lensProxyUpgradeRouteInjectionToken } from "./proxy-upgrade-route";
export type RouteUpgradeRequest = (req: LensProxyRequest, socket: Socket, head: Buffer) => Promise<void>;
const routeUpgradeRequestInjectable = getInjectable({
id: "route-upgrade-request",
instantiate: (di): RouteUpgradeRequest => {
const routes = di.injectMany(lensProxyUpgradeRouteInjectionToken);
const logger = di.inject(loggerInjectable);
const getClusterForRequest = di.inject(getClusterForRequestInjectable);
const router = new Router<LensProxyUpgradeRequestHandler>();
for (const route of routes) {
router.add({ method: "get", path: route.path }, route.handler);
}
return async (req, socket, head) => {
const cluster = getClusterForRequest(req);
const url = new URL(req.url, "https://localhost");
if (!cluster) {
logger.error(`[LENS-PROXY]: Could not find cluster for upgrade request from url=${req.url}`);
socket.destroy();
return;
}
const matchingRoute = router.route("get", url.pathname);
if (matchingRoute instanceof Error) {
logger.warn(`[LENS-PROXY]: no matching upgrade route found for url=${req.url}`);
return;
}
try {
await matchingRoute.route({ cluster, head, req, socket });
} catch (error) {
logger.error("[LENS-PROXY]: failed to handle proxy upgrade", error);
}
};
},
});
export default routeUpgradeRequestInjectable;

47
src/main/lens-proxy/upgrade-router/shell-api-request.injectable.ts Normal file
View File

@ -0,0 +1,47 @@
/**
* Copyright (c) OpenLens Authors. All rights reserved.
* Licensed under MIT License. See LICENSE in root directory for more information.
*/
import { getInjectable } from "@ogre-tools/injectable";
import authenticateShellRequestInjectable from "./shell-request-authenticator.injectable";
import openShellSessionInjectable from "../../shell-session/create-shell-session.injectable";
import URLParse from "url-parse";
import { Server as WebSocketServer } from "ws";
import loggerInjectable from "../../../common/logger.injectable";
import getClusterForRequestInjectable from "../get-cluster-for-request.injectable";
import { lensProxyUpgradeRouteInjectionToken } from "./proxy-upgrade-route";
import { apiPrefix } from "../../../common/vars";
const shellApiUpgradeRouteInjectable = getInjectable({
id: "shell-api-request",
instantiate: (di) => {
const openShellSession = di.inject(openShellSessionInjectable);
const authenticateShellRequest = di.inject(authenticateShellRequestInjectable);
const getClusterForRequest = di.inject(getClusterForRequestInjectable);
const logger = di.inject(loggerInjectable);
return {
handler: ({ req, socket, head }) => {
const cluster = getClusterForRequest(req);
const { query: { node: nodeName, shellToken, id: tabId }} = new URLParse(req.url, true);
if (!tabId || !cluster || !authenticateShellRequest(cluster.id, tabId, shellToken)) {
socket.write("Invalid shell request");
socket.end();
} else {
const ws = new WebSocketServer({ noServer: true });
ws.handleUpgrade(req, socket, head, (websocket) => {
openShellSession({ websocket, cluster, tabId, nodeName })
.catch(error => logger.error(`[SHELL-SESSION]: failed to open a ${nodeName ? "node" : "local"} shell`, error));
});
}
},
path: apiPrefix,
};
},
injectionToken: lensProxyUpgradeRouteInjectionToken,
});
export default shellApiUpgradeRouteInjectable;

52
src/main/lens-proxy/upgrade-router/shell-request-authenticator.injectable.ts Normal file
View File

@ -0,0 +1,52 @@
/**
* Copyright (c) OpenLens Authors. All rights reserved.
* Licensed under MIT License. See LICENSE in root directory for more information.
*/
import { getInjectable } from "@ogre-tools/injectable";
import type { ClusterId } from "../../../common/cluster-types";
import { ipcMainHandle } from "../../../common/ipc";
import { getOrInsertMap } from "../../../common/utils";
import randomBytesInjectable from "../../../common/utils/random-bytes.injectable";
import crypto from "crypto";
export type AuthenticateShellRequest = (clusterId: ClusterId, tabId: string, token: string | undefined) => boolean;
const authenticateShellRequestInjectable = getInjectable({
id: "authenticate-shell-request",
instantiate: (di): AuthenticateShellRequest => {
const randomBytes = di.inject(randomBytesInjectable);
const tokens = new Map<ClusterId, Map<string, Uint8Array>>();
ipcMainHandle("cluster:shell-api", async (event, clusterId, tabId) => {
const authToken = Uint8Array.from(await randomBytes(128));
const forCluster = getOrInsertMap(tokens, clusterId);
forCluster.set(tabId, authToken);
return authToken;
});
return (clusterId, tabId, token) => {
const clusterTokens = tokens.get(clusterId);
if (!clusterTokens || !tabId || !token) {
return false;
}
const authToken = clusterTokens.get(tabId);
const buf = Uint8Array.from(Buffer.from(token, "base64"));
if (authToken instanceof Uint8Array && authToken.length === buf.length && crypto.timingSafeEqual(authToken, buf)) {
// remove the token because it is a single use token
clusterTokens.delete(tabId);
return true;
}
return false;
};
},
});
export default authenticateShellRequestInjectable;

4
src/main/router/route-request.injectable.ts
View File

@ -50,9 +50,7 @@ const routeRequestInjectable = getInjectable({
} }
const url = new URL(req.url, "https://localhost"); const url = new URL(req.url, "https://localhost");
const path = url.pathname; const matchingRoute = router.route(req.method, url.pathname);
const method = req.method.toLowerCase();
const matchingRoute = router.route(method, path);
if (matchingRoute instanceof Error) { if (matchingRoute instanceof Error) {
return false; return false;