Merge branch 'master' of github.com:LeeEirc/cocogo

pkg/auth/server.go

 package auth
 
 import (
+	"cocogo/pkg/cctx"
 	"cocogo/pkg/i18n"
 	"strings"
 
@@ -29,12 +30,28 @@ func checkAuth(ctx ssh.Context, password, publicKey string) (res ssh.AuthResult)
 	}
 	if err != nil {
 		action = "Failed"
+
 	} else if resp.Seed != "" && resp.Token == "" {
 		ctx.SetValue(contentKeyMFASeed, resp.Seed)
 		res = ssh.AuthPartiallySuccessful
 	} else {
 		res = ssh.AuthSuccessful
 	}
+	if resp != nil {
+		switch resp.User.IsMFA {
+		case 0:
+			res = ssh.AuthSuccessful
+		case 1:
+			res = ssh.AuthPartiallySuccessful
+		case 2:
+			res = ssh.AuthPartiallySuccessful
+		default:
+		}
+		ctx.SetValue(cctx.ContextKeyUser, resp.User)
+		ctx.SetValue(cctx.ContextKeySeed, resp.Seed)
+		ctx.SetValue(cctx.ContextKeyToken, resp.Token)
+	}
+
 	logger.Infof("%s %s for %s from %s", action, authMethod, username, remoteAddr)
 	return res
 }
@@ -51,6 +68,7 @@ func CheckUserPublicKey(ctx ssh.Context, key ssh.PublicKey) ssh.AuthResult {
 }
 
 func CheckMFA(ctx ssh.Context, challenger gossh.KeyboardInteractiveChallenge) ssh.AuthResult {
+
 	username := ctx.User()
 	answers, err := challenger(username, mfaInstruction, []string{mfaQuestion}, []bool{true})
 	if err != nil {
@@ -66,6 +84,7 @@ func CheckMFA(ctx ssh.Context, challenger gossh.KeyboardInteractiveChallenge) ss
 		return ssh.AuthFailed
 	}
 	resp, err := service.CheckUserOTP(seed, mfaCode)
+
 	if err != nil {
 		logger.Error("Mfa Auth failed: ", err)
 		return ssh.AuthFailed

pkg/cctx/context.go

@@ -19,6 +19,8 @@ var (
 	ContextKeySSHSession = &contextKey{"sshSession"}
 	ContextKeyLocalAddr  = &contextKey{"localAddr"}
 	ContextKeySSHCtx     = &contextKey{"sshCtx"}
+	ContextKeySeed       = &contextKey{"seed"}
+	ContextKeyToken      = &contextKey{"token"}
 )
 
 type Context interface {

pkg/handler/session.go

@@ -29,6 +29,7 @@ func SessionHandler(sess ssh.Session) {
 	_, _, ptyOk := sess.Pty()
 	if ptyOk {
 		ctx, cancel := cctx.NewContext(sess)
+		fmt.Println(ctx.User())
 		handler := &InteractiveHandler{
 			sess: sess,
 			user: ctx.User(),
@@ -88,6 +89,7 @@ func (i *InteractiveHandler) watchWinSizeChange(winCh <-chan ssh.Window, done <-
 
 func (i *InteractiveHandler) Dispatch(ctx cctx.Context) {
 	i.preDispatch()
+	fmt.Println(i.user)
 	_, winCh, _ := i.sess.Pty()
 	for {
 		doneChan := make(chan struct{})
@@ -323,8 +325,8 @@ func (i *InteractiveHandler) searchNodeAssets(num int) (assets []model.Asset) {
 }
 
 func (i *InteractiveHandler) Proxy(ctx context.Context) {
-	i.assetSelect = &model.Asset{Hostname: "centos", Port: 22, Ip: "192.168.244.185"}
-	i.systemUserSelect = &model.SystemUser{Name: "web", UserName: "web", Password: "redhat"}
+	i.assetSelect = &model.Asset{Hostname: "centos", Port: 32768, Ip: "127.0.0.1"}
+	i.systemUserSelect = &model.SystemUser{Name: "web", UserName: "root", Password: "screencast"}
 	p := proxy.ProxyServer{
 		Session:    i.sess,
 		User:       i.user,

pkg/model/users.go

@@ -18,6 +18,12 @@ package model
 	'date_expired': '2089-03-21 18:18:24 +0800'}
 */
 
+type AuthResponse struct {
+	Token string `json:"token"`
+	Seed  string `json:"seed"`
+	User  *User  `json:"user"`
+}
+
 type User struct {
 	Id       string `json:"id"`
 	Name     string `json:"name"`
@@ -27,6 +33,7 @@ type User struct {
 	Role     string `json:"role"`
 	IsValid  bool   `json:"is_valid"`
 	IsActive bool   `json:"is_active"`
+	IsMFA    int    `json:"otp_level"`
 }
 
 type TokenUser struct {

pkg/proxy/proxy.go

@@ -3,6 +3,7 @@ package proxy
 import (
 	"fmt"
 	"io"
+	"strconv"
 	"strings"
 	"time"
 
@@ -13,7 +14,6 @@ import (
 	"cocogo/pkg/logger"
 	"cocogo/pkg/model"
 	"cocogo/pkg/service"
-	"strconv"
 )
 
 type ProxyServer struct {

pkg/service/perms.go

@@ -15,7 +15,7 @@ func GetUserAssets(userId, cachePolicy string) (assets model.AssetList) {
 	Url := fmt.Sprintf(UserAssetsURL, userId)
 	err := authClient.Get(Url, &assets, payload)
 	if err != nil {
-		logger.Error(err)
+		logger.Error("GetUserAssets---err")
 	}
 	return
 }
@@ -28,7 +28,7 @@ func GetUserNodes(userId, cachePolicy string) (nodes model.NodeList) {
 	Url := fmt.Sprintf(UserNodesAssetsURL, userId)
 	err := authClient.Get(Url, &nodes, payload)
 	if err != nil {
-		logger.Error(err)
+		logger.Error("GetUserNodes err")
 	}
 	return
 }

pkg/service/urls.go

@@ -7,6 +7,8 @@ const (
 	UserDetailURL  = "/api/users/v1/users/%s/" // 获取用户信息
 	UserAuthOTPURL = "/api/users/v1/otp/auth/" // 验证OTP
 
+	AuthMFAURL = "/api/authentication/v1/otp/auth/" // MFA 验证用户信息
+
 	SystemUserAssetAuthURL   = "/api/assets/v1/system-user/%s/asset/%s/auth-info/" // 该系统用户对某资产的授权
 	SystemUserAuthInfoURL    = "/api/assets/v1/system-user/%s/auth-info/"          // 该系统用户的授权
 	SystemUserCmdFilterRules = "/api/assets/v1/system-user/%s/cmd-filter-rules/"   // 过滤规则url

pkg/service/users.go

@@ -2,6 +2,7 @@ package service
 
 import (
 	"fmt"
+
 	"github.com/pkg/errors"
 
 	"cocogo/pkg/logger"
@@ -22,14 +23,40 @@ func Authenticate(username, password, publicKey, remoteAddr, loginType string) (
 		"remote_addr": remoteAddr,
 		"login_type":  loginType,
 	}
-	err = client.Post(UserAuthURL, data, &resp)
+	Url := client.ParseUrl(UserAuthURL, nil)
+	err = client.Post(Url, data, &resp)
+
 	if err != nil {
 		logger.Error(err)
-		return
 	}
 	return
 }
 
+func AuthenticateMFA(seed, code, loginType string) (resp *model.AuthResponse, err error) {
+	/*
+		data = {
+		            'seed': seed,
+		            'otp_code': otp_code,
+		            'login_type': login_type,
+		        }
+
+	*/
+
+	data := map[string]string{
+		"seed":       seed,
+		"otp_code":   code,
+		"login_type": loginType,
+	}
+
+	Url := client.ParseUrl(AuthMFAURL, nil)
+	err = client.Post(Url, data, resp)
+	if err != nil {
+		logger.Error(err)
+	}
+	return
+
+}
+
 func GetUserProfile(userId string) (user *model.User) {
 	Url := fmt.Sprintf(UserDetailURL, userId)
 	err := authClient.Get(Url, user)