ION_Archive/web-to-fish
1
0
Fork 0
mirror of https://github.com/ION606/web-to-fish.git synced 2026-05-14 18:36:53 +00:00
Code Issues Packages Projects Releases Wiki Activity

migrated

Browse Source
This commit is contained in:
ION606
2024-12-15 11:36:16 -05:00
parent a518ec550e
commit 4e8a65fcb7
3 changed files with 1061 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files
main.js
+21 -22
View File
@@ -4,6 +4,7 @@ import { fileURLToPath } from 'url';
import session from 'express-session';
import expressWs from 'express-ws';
import { spawn } from 'node-pty';
import linuxpam from 'node-linux-pam';
import json from './secrets/config.json' with { type: 'json' };
const __dirname = path.dirname(fileURLToPath(import.meta.url)),
@@ -43,41 +44,39 @@ app.get('/login', (req, res) => {
});
// process login
app.post('/login', (req, res) => {
app.post('/login', async (req, res) => {
try {
const username = req.body.username;
const password = req.body.password;
if (!username) return res.sendStatus(404);
else if (!password) return res.sendStatus(401);
// validate input
if (!username) return res.status(400).send('Username is required');
if (!password) return res.status(400).send('Password is required');
const shell = spawn('su', [`${username}`], {
cwd: process.env.HOME,
env: process.env
});
req.on('end', () => shell.kill());
shell.onData((data) => {
if (data?.toLowerCase().trim() === 'password:') shell.write(password + '\n');
else if (data.includes('does not exist')) res.sendStatus(404);
else if (data.includes('Authentication failure')) res.sendStatus(401);
else if (data.includes('Welcome to fish')) {
// authenticate using PAM
linuxpam.pamAuthenticate({
username,
password,
serviceName: 'login',
}, (err, success) => {
console.log(err);
if (err.message.includes('User not known')) res.sendStatus(404);
else if (err.message.includes('Authentication failure')) res.sendStatus(401);
else if (success) {
req.session.authenticated = true;
res.redirect('/shell');
shell.kill();
req.session.username = username;
return res.redirect('/shell');
}
else if (data.match(/\[\w+@\w+ \w+\]\$ ?/)) shell.write('fish\n');
else console.error(`unknown terminal output:\n"${data}"`);
else console.error("what?", err, success);
});
}
catch (err) {
} catch (err) {
console.error(err);
res.status(500).send('Internal server error');
}
});
// shell interface
app.get('/shell', requireAuth, (req, res) => {
res.sendFile('shell.html', { root: path.join(__dirname, 'HTML') });
package-lock.json
Generated
+1039
View File
File diff suppressed because it is too large Load Diff
package.json
+1
View File
@@ -14,6 +14,7 @@
"express": "^4.21.2",
"express-session": "^1.18.1",
"express-ws": "^5.0.2",
"node-linux-pam": "^0.2.1",
"node-pty": "^1.0.0"
},
"type": "module"