Merging with upstream

.github/workflows/build-snapshot.yml

@@ -2,7 +2,7 @@
 name: "Build Snapshot"
 
 on:
-  - push
+  #- push
   - workflow_dispatch
 
 jobs:

.github/workflows/build-tag.yml

@@ -2,9 +2,9 @@
 name: "Build Tag"
 
 on:
-  push:
-    tags:
-      - '*'
+  #push:
+  #  tags:
+  #    - '*'
 
 jobs:
   build-tag:

.github/workflows/codeql-analysis.yml

@@ -13,14 +13,14 @@
 name: "CodeQL"
 
 on:
-  push:
-    paths:
-      - 'cmd/**'
-      - 'internal/**'
-      - 'webui/**'
-      - 'integration-tests/**'
-      - 'OliveTin.proto'
-    branches: [main]
+  #push:
+  #  paths:
+  #    - 'cmd/**'
+  #    - 'internal/**'
+  #    - 'webui/**'
+  #    - 'integration-tests/**'
+  #    - 'OliveTin.proto'
+  #  branches: [main]
   pull_request:
     branches: [main]
   schedule:

.github/workflows/codestyle.yml

@@ -2,13 +2,13 @@
 name: "Codestyle checks"
 
 on:
-  push:
-    paths:
-      - 'cmd/**'
-      - 'internal/**'
-      - 'webui/**'
-      - 'integration-tests/**'
-      - 'OliveTin.proto'
+  #push:
+  #  paths:
+  #    - 'cmd/**'
+  #    - 'internal/**'
+  #    - 'webui/**'
+  #    - 'integration-tests/**'
+  #    - 'OliveTin.proto'
 
 
 jobs:

.github/workflows/main.yaml

@@ -0,0 +1,89 @@
+name: CI
+
+on:
+  # Allows you to run this workflow manually from the Actions tab
+  workflow_dispatch:
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        # build targets
+        include:
+          - goos: linux
+            goarch: amd64
+          - goos: linux
+            goarch: arm64
+          #- goos: linux
+          #  goarch: '386'
+          - goos: darwin
+            goarch: amd64
+          - goos: darwin
+            goarch: arm64
+          - goos: windows
+            goarch: amd64
+          - goos: windows
+            goarch: arm64
+    steps:
+      - name: Checkout source code
+        uses: actions/checkout@v2.3.4
+        with:
+          lfs: true
+          fetch-depth: 0
+
+      - name: Set up Go
+        uses: actions/setup-go@v2
+        with:
+          go-version: '1.20'
+
+      - name: Build for Linux
+        env:
+          GOOS: ${{ matrix.goos }}
+          GOARCH: ${{ matrix.goarch }}
+
+        run: |
+          export GO_PATH=~/go
+          export PATH=$PATH:$GO_PATH/bin
+          GOOS=linux GOARCH=amd64 make grpc
+          CGO_ENABLED=0 go build -x -v -trimpath -ldflags "-w -s -buildid=" -o "OliveTin" github.com/OliveTin/OliveTin/cmd/OliveTin
+          tar -zcvf OliveTin_${GOOS}-${GOARCH}.tar.gz OliveTin config.yaml webui/
+
+      - name: Upload to artifact storage
+        uses: actions/upload-artifact@v2
+        with:
+          path: OliveTin_${{ matrix.goos }}-${{ matrix.goarch }}.tar.gz
+          if-no-files-found: error
+          # only meant for sharing with the publish job
+          retention-days: 1
+
+  publish:
+    needs: build
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/download-artifact@v3
+        with:
+          path: ./
+    #
+    #  - uses: "marvinpinto/action-automatic-releases@latest"
+    #    with:
+    #      repo_token: "${{ secrets.GITHUB_TOKEN }}"
+    #      prerelease: false
+    #      files: |
+    #        NI_*
+    #    id: "automatic_releases"
+
+      - name: Create tag
+        id: create_tag
+        run: |
+          tag=$(date +%Y-%m-%d_%H%M%S)
+          echo "::set-output name=tag::$tag"
+
+      - name: Release
+        uses: softprops/action-gh-release@v1
+        with:
+          files: artifact/OliveTin_*
+          tag_name: ${{ steps.create_tag.outputs.tag }}
+          #body_path: rel_note.txt
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

config.yaml

@@ -5,6 +5,13 @@
 # Listen on all addresses available, port 1337
 listenAddressSingleHTTPFrontend: 0.0.0.0:1337
 
+# Base url to use for built-in proxy, default is '/'. Can be changed here
+#ProxyBaseURL: /control/
+
+# Global HTTP Basic authentication
+#AuthUser: user
+#AuthPass: password
+
 # Choose from INFO (default), WARN and DEBUG
 logLevel: "INFO"
 
@@ -81,3 +88,11 @@ actions:
   shell: sleep 5
   timeout: 5
   icon: "&#x1F62A"
+
+# Create reverse proxies for given URLs
+#externalproxies:
+#- target: http://localhost:8975
+#  baseurl: /application1/
+#- target: http://localhost:2222
+#  baseurl: /application2/
+#  noauth: true  # exclude from global HTTP authentication if defined in this config

internal/config/config.go

@@ -17,6 +17,7 @@ type Action struct {
 	MaxConcurrent          int
 	Arguments              []ActionArgument
 	PopupOnStart           bool
+	Hidden                 bool `default:false`
 }
 
 // ActionArgument objects appear on Actions.
@@ -59,6 +60,12 @@ type AccessControlList struct {
 	Permissions      PermissionsList
 }
 
+type ExternalProxy struct {
+	BaseURL string
+	Target 	string
+	NoAuth  bool `default:false`
+}
+
 // Config is the global config used through the whole app.
 type Config struct {
 	UseSingleHTTPFrontend           bool
@@ -68,6 +75,10 @@ type Config struct {
 	ListenAddressRestActions        string
 	ListenAddressGrpcActions        string
 	ExternalRestAddress             string
+	ProxyBaseURL                    string
+	AuthUser                        string
+	AuthPass                        string
+	ExternalProxies                 []ExternalProxy `mapstructure:"externalproxies"`
 	LogLevel                        string
 	Actions                         []Action `mapstructure:"actions"`
 	Entities                        []Entity `mapstructure:"entities"`
@@ -92,17 +103,20 @@ type Config struct {
 func DefaultConfig() *Config {
 	config := Config{}
 	config.UseSingleHTTPFrontend = true
-	config.PageTitle = "OliveTin"
-	config.ShowFooter = true
+	config.PageTitle = "Control Center"
+	config.ShowFooter = false
 	config.ShowNavigation = true
 	config.ShowNewVersions = true
 	config.ListenAddressSingleHTTPFrontend = "0.0.0.0:1337"
 	config.ListenAddressRestActions = "localhost:1338"
 	config.ListenAddressGrpcActions = "localhost:1339"
 	config.ListenAddressWebUI = "localhost:1340"
 	config.ExternalRestAddress = "."
+	config.ProxyBaseURL = "/"
+	config.AuthUser = ""
+	config.AuthPass = ""
 	config.LogLevel = "INFO"
-	config.CheckForUpdates = true
+	config.CheckForUpdates = false
 	config.DefaultPermissions.Exec = true
 	config.DefaultPermissions.View = true
 	config.AuthJwtClaimUsername = "name"

internal/grpcapi/grpcApiActions.go

@@ -12,7 +12,7 @@ func actionsCfgToPb(cfgActions []config.Action, user *acl.AuthenticatedUser) *pb
 	res := &pb.GetDashboardComponentsResponse{}
 
 	for _, action := range cfgActions {
-		if !acl.IsAllowedView(cfg, user, &action) {
+		if !acl.IsAllowedView(cfg, user, &action) || action.Hidden {
 			continue
 		}
 

internal/httpservers/singleFrontend.go

@@ -22,7 +22,7 @@ import (
 // and webui internally.
 func StartSingleHTTPFrontend(cfg *config.Config) {
 	log.WithFields(log.Fields{
-		"address": cfg.ListenAddressSingleHTTPFrontend,
+		"address": cfg.ListenAddressSingleHTTPFrontend+cfg.ProxyBaseURL,
 	}).Info("Starting single HTTP frontend")
 
 	apiURL, _ := url.Parse("http://" + cfg.ListenAddressRestActions)
@@ -33,12 +33,30 @@ func StartSingleHTTPFrontend(cfg *config.Config) {
 
 	mux := http.NewServeMux()
 
-	mux.HandleFunc("/api/", func(w http.ResponseWriter, r *http.Request) {
+	AuthFunc := func (w http.ResponseWriter, r *http.Request) bool {
+		u, p, ok := r.BasicAuth()
+		if !(cfg.AuthUser == "" && cfg.AuthPass == "") && !(ok && u == cfg.AuthUser && p ==cfg.AuthPass ){
+				w.Header().Set("WWW-Authenticate", "Basic realm=\"Control Server\", charset=\"UTF-8\"")
+				w.WriteHeader(401)
+				return false
+		}
+		return true
+	}
+
+	mux.HandleFunc(cfg.ProxyBaseURL+"api/", func(w http.ResponseWriter, r *http.Request) {
 		log.Debugf("api req: %q", r.URL)
+		if (!AuthFunc(w,r)) {
+			return
+		}
+		r.URL.Path = strings.Replace(r.URL.Path,cfg.ProxyBaseURL,"/",1)
 		apiProxy.ServeHTTP(w, r)
 	})
 
-	mux.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
+	mux.HandleFunc(cfg.ProxyBaseURL, func(w http.ResponseWriter, r *http.Request) {
+		if (!AuthFunc(w,r)) {
+			return
+		}
+		r.URL.Path = strings.Replace(r.URL.Path,cfg.ProxyBaseURL,"/",1)
 		if strings.Contains(r.Header.Get("Connection"), "Upgrade") {
 			websocket.HandleWebsocket(w, r)
 		} else {
@@ -47,6 +65,23 @@ func StartSingleHTTPFrontend(cfg *config.Config) {
 		}
 	})
 
+	MakeProxy := func (proxy config.ExternalProxy) {
+		log.Info("Setting up external Proxy: " + proxy.BaseURL + " -> " + proxy.Target)
+		appURL, _ := url.Parse(proxy.Target)
+		appProxy := httputil.NewSingleHostReverseProxy(appURL)
+		mux.HandleFunc(proxy.BaseURL, func(w http.ResponseWriter, r *http.Request) {
+										if (!proxy.NoAuth && !AuthFunc(w,r)) {
+												return
+										}
+										r.URL.Path = strings.Replace(r.URL.Path,proxy.BaseURL,"/",1)
+										appProxy.ServeHTTP(w, r)
+		})
+	}
+
+	for _, extproxy := range cfg.ExternalProxies {
+			MakeProxy(extproxy)
+	}
+
 	srv := &http.Server{
 		Addr:    cfg.ListenAddressSingleHTTPFrontend,
 		Handler: mux,

webui/index.html

@@ -28,6 +28,7 @@ <h1 id = "page-title">OliveTin</h1>
 				<input type = "checkbox" id = "hide-sidebar-checkbox" hidden checked />
 				<aside>
 					<ul>
+						<!--<li><a href="/webssh" target="_blank">Web SSH</a></li>-->
 						<li><a id = "showActions">Actions</a></li>
 						<li><a id = "showLogs">Logs</a></li>
 					</ul>

webui/js/websocket.js

@@ -17,7 +17,8 @@ function reconnectWebsocket () {
     proto = 'wss:'
   }
 
-  const websocketConnectionUrl = proto + window.location.host + '/websocket'
+  //const websocketConnectionUrl = proto + window.location.host + '/websocket'
+  const websocketConnectionUrl = proto + window.location.host + window.location.pathname + 'websocket'
   const ws = window.ws = new WebSocket(websocketConnectionUrl)
 
   ws.addEventListener('open', websocketOnOpen)
@@ -26,6 +27,13 @@ function reconnectWebsocket () {
   ws.addEventListener('close', websocketOnClose)
 }
 
+function heartbeat() {
+  if (window.ws && window.ws.readyState == 1)
+        window.ws.send("heartbeat");
+  setTimeout(heartbeat, 30000);
+}
+heartbeat()
+
 function websocketOnOpen (evt) {
   window.websocketAvailable = true