mirror of
https://github.com/Termix-SSH/Termix.git
synced 2026-07-17 05:43:36 +00:00
d1a8dcf3c6
* chore(deps-dev): bump the dev-minor-updates group across 1 directory with 12 updates (#910) Bumps the dev-minor-updates group with 12 updates in the / directory: | Package | From | To | | --- | --- | --- | | [@radix-ui/react-select](https://github.com/radix-ui/primitives/tree/HEAD/packages/react/select) | `2.2.6` | `2.3.1` | | [@radix-ui/react-slider](https://github.com/radix-ui/primitives/tree/HEAD/packages/react/slider) | `1.3.6` | `1.4.1` | | [@radix-ui/react-slot](https://github.com/radix-ui/primitives/tree/HEAD/packages/react/slot) | `1.2.5` | `1.3.0` | | [@radix-ui/react-switch](https://github.com/radix-ui/primitives/tree/HEAD/packages/react/switch) | `1.2.6` | `1.3.1` | | [cytoscape](https://github.com/cytoscape/cytoscape.js) | `3.33.4` | `3.34.0` | | [electron](https://github.com/electron/electron) | `42.2.0` | `42.4.1` | | [electron-builder](https://github.com/electron-userland/electron-builder/tree/HEAD/packages/electron-builder) | `26.8.1` | `26.15.3` | | [lucide-react](https://github.com/lucide-icons/lucide/tree/HEAD/packages/lucide-react) | `1.16.0` | `1.20.0` | | [radix-ui](https://github.com/radix-ui/primitives/tree/HEAD/packages/react/radix-ui) | `1.4.3` | `1.6.0` | | [react-hook-form](https://github.com/react-hook-form/react-hook-form) | `7.76.1` | `7.79.0` | | [sharp](https://github.com/lovell/sharp) | `0.34.5` | `0.35.1` | | [typescript-eslint](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/typescript-eslint) | `8.60.0` | `8.61.1` | Updates `@radix-ui/react-select` from 2.2.6 to 2.3.1 - [Changelog](https://github.com/radix-ui/primitives/blob/main/packages/react/select/CHANGELOG.md) - [Commits](https://github.com/radix-ui/primitives/commits/HEAD/packages/react/select) Updates `@radix-ui/react-slider` from 1.3.6 to 1.4.1 - [Changelog](https://github.com/radix-ui/primitives/blob/main/packages/react/slider/CHANGELOG.md) - [Commits](https://github.com/radix-ui/primitives/commits/HEAD/packages/react/slider) Updates `@radix-ui/react-slot` from 1.2.5 to 1.3.0 - [Changelog](https://github.com/radix-ui/primitives/blob/main/packages/react/slot/CHANGELOG.md) - [Commits](https://github.com/radix-ui/primitives/commits/HEAD/packages/react/slot) Updates `@radix-ui/react-switch` from 1.2.6 to 1.3.1 - [Changelog](https://github.com/radix-ui/primitives/blob/main/packages/react/switch/CHANGELOG.md) - [Commits](https://github.com/radix-ui/primitives/commits/HEAD/packages/react/switch) Updates `cytoscape` from 3.33.4 to 3.34.0 - [Release notes](https://github.com/cytoscape/cytoscape.js/releases) - [Commits](https://github.com/cytoscape/cytoscape.js/compare/v3.33.4...v3.34.0) Updates `electron` from 42.2.0 to 42.4.1 - [Release notes](https://github.com/electron/electron/releases) - [Commits](https://github.com/electron/electron/compare/v42.2.0...v42.4.1) Updates `electron-builder` from 26.8.1 to 26.15.3 - [Release notes](https://github.com/electron-userland/electron-builder/releases) - [Changelog](https://github.com/electron-userland/electron-builder/blob/master/packages/electron-builder/CHANGELOG.md) - [Commits](https://github.com/electron-userland/electron-builder/commits/electron-builder@26.15.3/packages/electron-builder) Updates `lucide-react` from 1.16.0 to 1.20.0 - [Release notes](https://github.com/lucide-icons/lucide/releases) - [Commits](https://github.com/lucide-icons/lucide/commits/1.20.0/packages/lucide-react) Updates `radix-ui` from 1.4.3 to 1.6.0 - [Changelog](https://github.com/radix-ui/primitives/blob/main/packages/react/radix-ui/CHANGELOG.md) - [Commits](https://github.com/radix-ui/primitives/commits/HEAD/packages/react/radix-ui) Updates `react-hook-form` from 7.76.1 to 7.79.0 - [Release notes](https://github.com/react-hook-form/react-hook-form/releases) - [Changelog](https://github.com/react-hook-form/react-hook-form/blob/master/CHANGELOG.md) - [Commits](https://github.com/react-hook-form/react-hook-form/compare/v7.76.1...v7.79.0) Updates `sharp` from 0.34.5 to 0.35.1 - [Release notes](https://github.com/lovell/sharp/releases) - [Commits](https://github.com/lovell/sharp/compare/v0.34.5...v0.35.1) Updates `typescript-eslint` from 8.60.0 to 8.61.1 - [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases) - [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/typescript-eslint/CHANGELOG.md) - [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.61.1/packages/typescript-eslint) --- updated-dependencies: - dependency-name: "@radix-ui/react-select" dependency-version: 2.3.1 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: dev-minor-updates - dependency-name: "@radix-ui/react-slider" dependency-version: 1.4.1 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: dev-minor-updates - dependency-name: "@radix-ui/react-slot" dependency-version: 1.3.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: dev-minor-updates - dependency-name: "@radix-ui/react-switch" dependency-version: 1.3.1 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: dev-minor-updates - dependency-name: cytoscape dependency-version: 3.34.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: dev-minor-updates - dependency-name: electron dependency-version: 42.4.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: dev-minor-updates - dependency-name: electron-builder dependency-version: 26.15.3 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: dev-minor-updates - dependency-name: lucide-react dependency-version: 1.18.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: dev-minor-updates - dependency-name: radix-ui dependency-version: 1.6.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: dev-minor-updates - dependency-name: react-hook-form dependency-version: 7.79.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: dev-minor-updates - dependency-name: sharp dependency-version: 0.35.1 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: dev-minor-updates - dependency-name: typescript-eslint dependency-version: 8.61.1 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: dev-minor-updates ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump node in /docker in the docker-major-updates group (#914) Bumps the docker-major-updates group in /docker with 1 update: node. Updates `node` from 24-slim to 26-slim --- updated-dependencies: - dependency-name: node dependency-version: 26-slim dependency-type: direct:production dependency-group: docker-major-updates ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * ci(deps): bump the github-actions group with 2 updates (#915) Bumps the github-actions group with 2 updates: [actions/checkout](https://github.com/actions/checkout) and [actions/setup-node](https://github.com/actions/setup-node). Updates `actions/checkout` from 5 to 6 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v5...v6) Updates `actions/setup-node` from 4 to 6 - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](https://github.com/actions/setup-node/compare/v4...v6) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/setup-node dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump the prod-minor-updates group across 1 directory with 5 updates (#916) Bumps the prod-minor-updates group with 5 updates in the / directory: | Package | From | To | | --- | --- | --- | | [axios](https://github.com/axios/axios) | `1.17.0` | `1.18.0` | | [better-sqlite3](https://github.com/WiseLibs/better-sqlite3) | `12.10.0` | `12.11.1` | | [body-parser](https://github.com/expressjs/body-parser) | `2.2.2` | `2.3.0` | | [multer](https://github.com/expressjs/multer) | `2.1.1` | `2.2.0` | | [undici](https://github.com/nodejs/undici) | `8.4.0` | `8.5.0` | Updates `axios` from 1.17.0 to 1.18.0 - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](https://github.com/axios/axios/compare/v1.17.0...v1.18.0) Updates `better-sqlite3` from 12.10.0 to 12.11.1 - [Release notes](https://github.com/WiseLibs/better-sqlite3/releases) - [Commits](https://github.com/WiseLibs/better-sqlite3/compare/v12.10.0...v12.11.1) Updates `body-parser` from 2.2.2 to 2.3.0 - [Release notes](https://github.com/expressjs/body-parser/releases) - [Changelog](https://github.com/expressjs/body-parser/blob/master/HISTORY.md) - [Commits](https://github.com/expressjs/body-parser/compare/v2.2.2...v2.3.0) Updates `multer` from 2.1.1 to 2.2.0 - [Release notes](https://github.com/expressjs/multer/releases) - [Changelog](https://github.com/expressjs/multer/blob/main/CHANGELOG.md) - [Commits](https://github.com/expressjs/multer/compare/v2.1.1...v2.2.0) Updates `undici` from 8.4.0 to 8.5.0 - [Release notes](https://github.com/nodejs/undici/releases) - [Commits](https://github.com/nodejs/undici/compare/v8.4.0...v8.5.0) --- updated-dependencies: - dependency-name: axios dependency-version: 1.18.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: prod-minor-updates - dependency-name: better-sqlite3 dependency-version: 12.11.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: prod-minor-updates - dependency-name: body-parser dependency-version: 2.3.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: prod-minor-updates - dependency-name: multer dependency-version: 2.2.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: prod-minor-updates - dependency-name: undici dependency-version: 8.5.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: prod-minor-updates ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * feat: add unlink button for dual auth * fix: general bug fixes * fix: general qol/small feature additions * fix: 100mb max upload size * fix: terminal syntax not handling carriage returns or shell prompt lines properly * feat: continued general improvements * fix: terminal outputting success right after folder path * chore: update release notes * feat: continued fixes and improvements * chore: lint, format, and bump version to 2.4.1 * chore: sync Crowdin translations for 2.4.1 * fix: rebase dev branch onto main before Crowdin download * fix: use merge instead of rebase to sync main before Crowdin --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
422 lines
12 KiB
TypeScript
422 lines
12 KiB
TypeScript
import type { WebSocket } from "ws";
|
|
import { sshLogger, authLogger } from "../utils/logger.js";
|
|
import { getDb } from "../database/db/index.js";
|
|
import { sshCredentials } from "../database/db/schema.js";
|
|
import { eq, and } from "drizzle-orm";
|
|
import { SimpleDBOps } from "../utils/simple-db-ops.js";
|
|
interface ResolvedCredentials {
|
|
username: string;
|
|
password?: string;
|
|
key?: Buffer;
|
|
keyPassword?: string;
|
|
authType?: string;
|
|
certPublicKey?: string;
|
|
}
|
|
|
|
interface HostConfig {
|
|
id: number;
|
|
ip: string;
|
|
port: number;
|
|
username: string;
|
|
password?: string;
|
|
key?: string;
|
|
keyPassword?: string;
|
|
keyType?: string;
|
|
authType?: string;
|
|
useWarpgate?: boolean;
|
|
credentialId?: number;
|
|
userId?: string;
|
|
forceKeyboardInteractive?: boolean;
|
|
}
|
|
|
|
interface AuthContext {
|
|
userId: string;
|
|
ws: WebSocket;
|
|
hostId: number;
|
|
isKeyboardInteractive: boolean;
|
|
keyboardInteractiveResponded: boolean;
|
|
keyboardInteractiveFinish: ((responses: string[]) => void) | null;
|
|
totpPromptSent: boolean;
|
|
warpgateAuthPromptSent: boolean;
|
|
totpTimeout: NodeJS.Timeout | null;
|
|
warpgateAuthTimeout: NodeJS.Timeout | null;
|
|
totpAttempts: number;
|
|
}
|
|
|
|
export class SSHAuthManager {
|
|
public context: AuthContext;
|
|
|
|
constructor(context: AuthContext) {
|
|
this.context = context;
|
|
}
|
|
|
|
async resolveCredentials(
|
|
hostConfig: HostConfig,
|
|
): Promise<ResolvedCredentials> {
|
|
let resolvedCredentials: ResolvedCredentials = {
|
|
username: hostConfig.username,
|
|
authType: hostConfig.authType || "none",
|
|
};
|
|
|
|
if (hostConfig.credentialId) {
|
|
const credentials = await SimpleDBOps.select(
|
|
getDb()
|
|
.select()
|
|
.from(sshCredentials)
|
|
.where(
|
|
and(
|
|
eq(sshCredentials.id, hostConfig.credentialId),
|
|
eq(sshCredentials.userId, this.context.userId),
|
|
),
|
|
),
|
|
"ssh_credentials",
|
|
this.context.userId,
|
|
);
|
|
|
|
if (credentials.length > 0) {
|
|
const cred = credentials[0];
|
|
resolvedCredentials = {
|
|
username: (cred.username as string) || hostConfig.username,
|
|
password: (cred.password as string) || undefined,
|
|
key:
|
|
cred.key || cred.privateKey
|
|
? Buffer.from((cred.key || cred.privateKey) as string)
|
|
: undefined,
|
|
keyPassword: (cred.keyPassword as string) || undefined,
|
|
authType: (cred.authType as string) || "none",
|
|
certPublicKey: (cred.certPublicKey as string) || undefined,
|
|
};
|
|
}
|
|
} else {
|
|
if (hostConfig.password) {
|
|
resolvedCredentials.password = hostConfig.password;
|
|
resolvedCredentials.authType = "password";
|
|
}
|
|
|
|
if (hostConfig.key) {
|
|
resolvedCredentials.key = Buffer.from(hostConfig.key, "utf8");
|
|
resolvedCredentials.authType = "key";
|
|
|
|
if (hostConfig.keyPassword) {
|
|
resolvedCredentials.keyPassword = hostConfig.keyPassword;
|
|
}
|
|
}
|
|
}
|
|
|
|
return resolvedCredentials;
|
|
}
|
|
|
|
handleKeyboardInteractive(
|
|
name: string,
|
|
instructions: string,
|
|
instructionsLang: string,
|
|
prompts: Array<{ prompt: string; echo: boolean }>,
|
|
finish: (responses: string[]) => void,
|
|
resolvedCredentials: ResolvedCredentials,
|
|
hostConfig?: HostConfig,
|
|
): void {
|
|
this.context.isKeyboardInteractive = true;
|
|
const promptTexts = prompts.map((p) => p.prompt);
|
|
|
|
const warpgatePattern = /warpgate\s+authentication/i;
|
|
const isWarpgate =
|
|
warpgatePattern.test(name) ||
|
|
warpgatePattern.test(instructions) ||
|
|
promptTexts.some((p) => warpgatePattern.test(p));
|
|
|
|
if (isWarpgate) {
|
|
this.handleWarpgateAuth(name, instructions, promptTexts, finish);
|
|
return;
|
|
}
|
|
|
|
const totpPromptIndex = prompts.findIndex((p) =>
|
|
/verification code|verification_code|token|otp|2fa|authenticator|google.*auth/i.test(
|
|
p.prompt,
|
|
),
|
|
);
|
|
|
|
if (totpPromptIndex !== -1) {
|
|
this.handleTotpAuth(
|
|
prompts,
|
|
totpPromptIndex,
|
|
finish,
|
|
resolvedCredentials,
|
|
);
|
|
return;
|
|
}
|
|
|
|
this.handlePasswordAuth(prompts, finish, resolvedCredentials, hostConfig);
|
|
}
|
|
|
|
private handleWarpgateAuth(
|
|
name: string,
|
|
instructions: string,
|
|
promptTexts: string[],
|
|
finish: (responses: string[]) => void,
|
|
): void {
|
|
const fullText = `${name}\n${instructions}\n${promptTexts.join("\n")}`;
|
|
|
|
const urlMatch = fullText.match(/https?:\/\/[^\s\n]+/i);
|
|
const keyMatch = fullText.match(
|
|
/security key[:\s]+([a-z0-9](?:\s+[a-z0-9]){3}|[a-z0-9]{4})/i,
|
|
);
|
|
|
|
if (urlMatch) {
|
|
this.context.keyboardInteractiveFinish = () => {
|
|
finish([""]);
|
|
};
|
|
|
|
this.context.warpgateAuthPromptSent = true;
|
|
|
|
this.sendLog("auth", "info", "Warpgate authentication required");
|
|
|
|
this.context.ws.send(
|
|
JSON.stringify({
|
|
type: "warpgate_auth_required",
|
|
url: urlMatch[0],
|
|
securityKey: keyMatch ? keyMatch[1] : "N/A",
|
|
instructions: instructions,
|
|
}),
|
|
);
|
|
|
|
this.context.warpgateAuthTimeout = setTimeout(() => {
|
|
if (this.context.keyboardInteractiveFinish) {
|
|
this.context.keyboardInteractiveFinish = null;
|
|
this.context.warpgateAuthPromptSent = false;
|
|
sshLogger.warn("Warpgate authentication timeout", {
|
|
operation: "warpgate_timeout",
|
|
hostId: this.context.hostId,
|
|
});
|
|
this.context.ws.send(
|
|
JSON.stringify({
|
|
type: "error",
|
|
message: "Warpgate authentication timeout. Please reconnect.",
|
|
}),
|
|
);
|
|
}
|
|
}, 300000);
|
|
}
|
|
}
|
|
|
|
private handleTotpAuth(
|
|
prompts: Array<{ prompt: string; echo: boolean }>,
|
|
totpPromptIndex: number,
|
|
finish: (responses: string[]) => void,
|
|
resolvedCredentials: ResolvedCredentials,
|
|
): void {
|
|
if (this.context.totpPromptSent) {
|
|
sshLogger.warn("TOTP prompt asked again - invalid code", {
|
|
operation: "ssh_keyboard_interactive_totp_retry",
|
|
hostId: this.context.hostId,
|
|
});
|
|
authLogger.warn("TOTP verification failed for SSH session", {
|
|
operation: "terminal_totp_failed",
|
|
userId: this.context.userId,
|
|
hostId: this.context.hostId,
|
|
});
|
|
|
|
this.sendLog("auth", "warning", "Invalid TOTP code");
|
|
|
|
this.context.ws.send(
|
|
JSON.stringify({
|
|
type: "totp_retry",
|
|
}),
|
|
);
|
|
return;
|
|
}
|
|
|
|
this.context.totpPromptSent = true;
|
|
this.context.keyboardInteractiveResponded = true;
|
|
|
|
this.context.keyboardInteractiveFinish = (totpResponses: string[]) => {
|
|
const totpCode = (totpResponses[0] || "").trim();
|
|
|
|
const responses = prompts.map((p, index) => {
|
|
if (index === totpPromptIndex) {
|
|
return totpCode;
|
|
}
|
|
if (/password/i.test(p.prompt) && resolvedCredentials.password) {
|
|
return resolvedCredentials.password;
|
|
}
|
|
return "";
|
|
});
|
|
|
|
finish(responses);
|
|
};
|
|
|
|
if (this.context.totpTimeout) {
|
|
clearTimeout(this.context.totpTimeout);
|
|
}
|
|
|
|
this.context.totpTimeout = setTimeout(() => {
|
|
if (this.context.keyboardInteractiveFinish) {
|
|
this.context.keyboardInteractiveFinish = null;
|
|
this.context.totpPromptSent = false;
|
|
sshLogger.warn("TOTP prompt timeout", {
|
|
operation: "totp_timeout",
|
|
hostId: this.context.hostId,
|
|
});
|
|
this.context.ws.send(
|
|
JSON.stringify({
|
|
type: "error",
|
|
message: "TOTP verification timeout. Please reconnect.",
|
|
}),
|
|
);
|
|
}
|
|
}, 180000);
|
|
|
|
this.sendLog("auth", "info", "TOTP verification required");
|
|
authLogger.info("TOTP verification prompt sent to client", {
|
|
operation: "terminal_totp_prompt",
|
|
userId: this.context.userId,
|
|
hostId: this.context.hostId,
|
|
});
|
|
|
|
this.context.ws.send(
|
|
JSON.stringify({
|
|
type: "totp_required",
|
|
prompt: prompts[totpPromptIndex].prompt,
|
|
}),
|
|
);
|
|
}
|
|
|
|
private handlePasswordAuth(
|
|
prompts: Array<{ prompt: string; echo: boolean }>,
|
|
finish: (responses: string[]) => void,
|
|
resolvedCredentials: ResolvedCredentials,
|
|
hostConfig?: HostConfig,
|
|
): void {
|
|
// For Warpgate hosts: auto-answer password prompts silently using stored credentials.
|
|
// Warpgate sends a password prompt before its browser-verification round; we must
|
|
// not show a UI prompt here -- the WarpgateDialog handles user interaction later.
|
|
if (hostConfig?.useWarpgate) {
|
|
const responses = prompts.map((p) => {
|
|
if (/password/i.test(p.prompt) && resolvedCredentials.password) {
|
|
return resolvedCredentials.password as string;
|
|
}
|
|
return "";
|
|
});
|
|
finish(responses);
|
|
return;
|
|
}
|
|
|
|
const hasStoredPassword =
|
|
resolvedCredentials.password && resolvedCredentials.authType !== "none";
|
|
|
|
const passwordPromptIndex = prompts.findIndex((p) =>
|
|
/password/i.test(p.prompt),
|
|
);
|
|
|
|
// Find the first prompt we can't auto-answer. This handles DUO/PAM challenges
|
|
// that don't say "password" (e.g. "Passcode or option (1-N):").
|
|
const firstUnansweredIndex = prompts.findIndex((p) => {
|
|
if (/password/i.test(p.prompt) && hasStoredPassword) return false;
|
|
return true;
|
|
});
|
|
|
|
if (firstUnansweredIndex !== -1) {
|
|
if (this.context.keyboardInteractiveResponded) {
|
|
return;
|
|
}
|
|
this.context.keyboardInteractiveResponded = true;
|
|
|
|
const promptIndex =
|
|
passwordPromptIndex !== -1 && !hasStoredPassword
|
|
? passwordPromptIndex
|
|
: firstUnansweredIndex;
|
|
|
|
this.context.keyboardInteractiveFinish = (userResponses: string[]) => {
|
|
const userInput = (userResponses[0] || "").trim();
|
|
|
|
const responses = prompts.map((p, index) => {
|
|
if (index === promptIndex) {
|
|
return userInput;
|
|
}
|
|
if (/password/i.test(p.prompt) && resolvedCredentials.password) {
|
|
return resolvedCredentials.password;
|
|
}
|
|
return "";
|
|
});
|
|
|
|
finish(responses);
|
|
};
|
|
|
|
if (this.context.totpTimeout) {
|
|
clearTimeout(this.context.totpTimeout);
|
|
}
|
|
|
|
this.context.totpTimeout = setTimeout(() => {
|
|
if (this.context.keyboardInteractiveFinish) {
|
|
this.context.keyboardInteractiveFinish = null;
|
|
this.context.keyboardInteractiveResponded = false;
|
|
sshLogger.warn("Password prompt timeout", {
|
|
operation: "password_timeout",
|
|
hostId: this.context.hostId,
|
|
});
|
|
this.context.ws.send(
|
|
JSON.stringify({
|
|
type: "error",
|
|
message: "Password verification timeout. Please reconnect.",
|
|
}),
|
|
);
|
|
}
|
|
}, 180000);
|
|
|
|
this.sendLog("auth", "info", "Password authentication required");
|
|
|
|
this.context.ws.send(
|
|
JSON.stringify({
|
|
type: "password_required",
|
|
prompt: prompts[promptIndex].prompt,
|
|
}),
|
|
);
|
|
return;
|
|
}
|
|
|
|
const responses = prompts.map((p) => {
|
|
if (/password/i.test(p.prompt) && resolvedCredentials.password) {
|
|
return resolvedCredentials.password;
|
|
}
|
|
return "";
|
|
});
|
|
|
|
finish(responses);
|
|
}
|
|
|
|
sendLog(
|
|
stage: string,
|
|
level: string,
|
|
message: string,
|
|
details?: Record<string, unknown>,
|
|
): void {
|
|
this.context.ws.send(
|
|
JSON.stringify({
|
|
type: "connection_log",
|
|
data: {
|
|
stage,
|
|
level,
|
|
message,
|
|
details,
|
|
},
|
|
}),
|
|
);
|
|
}
|
|
|
|
cleanup(): void {
|
|
if (this.context.totpTimeout) {
|
|
clearTimeout(this.context.totpTimeout);
|
|
this.context.totpTimeout = null;
|
|
}
|
|
|
|
if (this.context.warpgateAuthTimeout) {
|
|
clearTimeout(this.context.warpgateAuthTimeout);
|
|
this.context.warpgateAuthTimeout = null;
|
|
}
|
|
|
|
this.context.keyboardInteractiveFinish = null;
|
|
this.context.totpPromptSent = false;
|
|
this.context.warpgateAuthPromptSent = false;
|
|
this.context.keyboardInteractiveResponded = false;
|
|
}
|
|
}
|