Skip to content

W
webssh
Commit db3ee2b7 by Sheng
Options

Added proxies option for trusted downstream

parent a51918d2
Showing with 30 additions and 1 deletions
tests/test_settings.py
...@@ -10,7 +10,7 @@ from tests.utils import make_tests_data_path ...@@ -10,7 +10,7 @@ from tests.utils import make_tests_data_path
from webssh.policy import load_host_keys from webssh.policy import load_host_keys
from webssh.settings import ( from webssh.settings import (
get_host_keys_settings, get_policy_setting, base_dir, print_version, get_host_keys_settings, get_policy_setting, base_dir, print_version,
get_ssl_context get_ssl_context, get_trusted_downstream
) )
from webssh.utils import UnicodeType from webssh.utils import UnicodeType
from webssh._version import __version__ from webssh._version import __version__
...@@ -120,3 +120,20 @@ class TestSettings(unittest.TestCase): ...@@ -120,3 +120,20 @@ class TestSettings(unittest.TestCase):
options.keyfile = make_tests_data_path('cert.key') options.keyfile = make_tests_data_path('cert.key')
ssl_ctx = get_ssl_context(options) ssl_ctx = get_ssl_context(options)
self.assertIsNotNone(ssl_ctx) self.assertIsNotNone(ssl_ctx)
def test_get_trusted_downstream(self):
options.proxies = ''
proxies = set()
self.assertEqual(get_trusted_downstream(options), proxies)
options.proxies = '1.1.1.1, 2.2.2.2'
proxies = set(['1.1.1.1', '2.2.2.2'])
self.assertEqual(get_trusted_downstream(options), proxies)
options.proxies = '1.1.1.1, 2.2.2.2, 2.2.2.2'
proxies = set(['1.1.1.1', '2.2.2.2'])
self.assertEqual(get_trusted_downstream(options), proxies)
options.proxies = '1.1.1.1, 2.2.2.'
with self.assertRaises(ValueError):
get_trusted_downstream(options), proxies
webssh/settings.py
...@@ -7,6 +7,7 @@ from tornado.options import define ...@@ -7,6 +7,7 @@ from tornado.options import define
from webssh.policy import ( from webssh.policy import (
load_host_keys, get_policy_class, check_policy_setting load_host_keys, get_policy_class, check_policy_setting
) )
from webssh.utils import to_ip_address
from webssh._version import __version__ from webssh._version import __version__
...@@ -27,6 +28,7 @@ define('policy', default='warning', ...@@ -27,6 +28,7 @@ define('policy', default='warning',
help='Missing host key policy, reject|autoadd|warning') help='Missing host key policy, reject|autoadd|warning')
define('hostFile', default='', help='User defined host keys file') define('hostFile', default='', help='User defined host keys file')
define('sysHostFile', default='', help='System wide host keys file') define('sysHostFile', default='', help='System wide host keys file')
define('proxies', default='', help='trusted downstream, separated by comma')
define('wpIntvl', type=int, default=0, help='Websocket ping interval') define('wpIntvl', type=int, default=0, help='Websocket ping interval')
define('version', type=bool, help='Show version information', define('version', type=bool, help='Show version information',
callback=print_version) callback=print_version)
...@@ -92,3 +94,13 @@ def get_ssl_context(options): ...@@ -92,3 +94,13 @@ def get_ssl_context(options):
ssl_ctx = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH) ssl_ctx = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH)
ssl_ctx.load_cert_chain(options.certfile, options.keyfile) ssl_ctx.load_cert_chain(options.certfile, options.keyfile)
return ssl_ctx return ssl_ctx
def get_trusted_downstream(options):
proxies = set()
for ip in options.proxies.split(','):
ip = ip.strip()
if ip:
to_ip_address(ip)
proxies.add(ip)
return proxies
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment