Merge pull request #44 from seknox/dev

.github/workflows/test.yaml

@@ -38,16 +38,21 @@ jobs:
           sudo mkdir -p /tmp/trasa/accessproxy/ssh
           sudo chmod 777 /tmp/trasa/accessproxy/ssh
 
+
+      - name: Go get
+        working-directory: ./server
+        run: go get -v ./...
+
       - name: Unit Test
-        working-directory: ./tests
-        run: make unit-test
+        working-directory: ./server
+        run: go test -v ./...
 
       - name: Integration Test
         working-directory: ./tests
-        run: make integration-test
+        run: cd build/integration && docker-compose up --build -d && cd ../.. && go test -v  ./server
 
       - name: Clean
-        working-directory: ./tests
-        run: make clear
+        working-directory: ./tests/build/integration
+        run: docker-compose down
 
 

.gitignore

@@ -4,6 +4,8 @@
 trasa-server
 server/server
 
+devenv/
+
 .vscode/
 .idea/
 

Makefile

@@ -0,0 +1,11 @@
+.PHONY: dependency unit-test integration-test docker-up-all docker-down-all docker-up-db docker-down-db clear
+
+
+dev-setup:
+	@mkdir -p devenv/var/log && cp -r build/etc devenv/ && touch devenv/var/log/trasa.log
+
+dev-run:
+	@cd build/docker && docker-compose up --build
+
+clear:
+	@cd build/docker && docker-compose down

build/docker/dev/Dockerfile

@@ -30,11 +30,13 @@ RUN yarn run build
 FROM ubuntu:xenial-20200706
 
 WORKDIR /trasa
+ENV GUACENC_INSTALLED=true
 RUN apt-get update
 RUN apt-get install -y --no-install-recommends ca-certificates
 RUN update-ca-certificates
 COPY --from=gobuilder /go/src/seknox/trasa/server/server .
 COPY --from=dashbuilder /trasa/build /var/trasa/dashboard
+COPY --from=seknox/guacd:v0.0.1 /usr/local/guacamole/bin/guacenc /usr/local/guacamole/bin/guacenc
 COPY build/etc/trasa /etc/trasa
 COPY build/docker/wait-for-it.sh .
 CMD ["/trasa/wait-for-it.sh","db:5432", "--","/trasa/server"]

dashboard/src/pages/Control/policies/newCreatePolicy.tsx

@@ -630,7 +630,7 @@ function PolicyTab(props: any) {
         aria-label="styled tabs example"
       >
         <StyledTab label="Basic Policy" />
-        <StyledTab label="Device Hygiene" />
+        <StyledTab label="Device Hygiene (Beta)" />
       </StyledTabs>
       <TabPanel value={tabValue} index={0}>
         <TrasaUAC
@@ -748,7 +748,7 @@ export function ReviewAccess(props: reviewAccessProps) {
         aria-label="styled tabs example"
       >
         <StyledTab label="Basic Policy" />
-        <StyledTab label="Device Hygiene" />
+        <StyledTab label="Device Hygiene (Beta)" />
       </StyledTabs>
       {/* Basic Policy */}
       <TabPanel value={tabValue} index={0}>

dashboard/src/pages/Providers/CryptoOps/CertificateAuthority/index.tsx

@@ -130,7 +130,7 @@ export default function CA(props: any) {
 
   const generateSSHCA = (type: any) => () => {
     axios
-      .post(`${Constants.TRASA_HOSTNAME}/api/v1/system/sshca/init/${type}`)
+      .post(`${Constants.TRASA_HOSTNAME}/api/v1/providers/ca/tsxca/ssh/init/${type}`)
       .then((response) => {});
   };
 
@@ -336,7 +336,7 @@ function CATable(props: any) {
   const downloadCA = (name: any, type: any) => () => {
     switch (type) {
       case 'SSH_CA':
-        axios.get(`${Constants.TRASA_HOSTNAME}/api/v1/system/ca/ssh/${name}`).then((response) => {
+        axios.get(`${Constants.TRASA_HOSTNAME}/api/v1/providers/ca/tsxca/ssh/${name}`).then((response) => {
           fileDownload(response.data, 'ca-cert.pem', 'application/x-pem-file');
         });
         break;

dashboard/src/pages/Services/Service/Settings/ServiceSetting.tsx

@@ -271,7 +271,7 @@ export default function Servicesetting(props: ServicesettingProps) {
                   <div className={classes.settingSHeader}>SSH </div>
                 </MenuItem>
                 <MenuItem value="http" id="http">
-                  <div className={classes.settingSHeader}>HTTP </div>
+                  <div className={classes.settingSHeader}>HTTP (Beta)</div>
                 </MenuItem>
 
                 <MenuItem value="rdp" id="rdp">

go.mod

@@ -23,7 +23,6 @@ require (
 	github.com/hashicorp/vault/api v1.0.5-0.20200317185738-82f498082f02
 	github.com/huandu/go-sqlbuilder v1.8.0
 	github.com/jinzhu/now v1.1.1
-	github.com/kabukky/httpscerts v0.0.0-20150320125433-617593d7dcb3
 	github.com/lib/pq v1.8.0
 	github.com/manifoldco/promptui v0.7.0
 	github.com/mholt/archiver v3.1.1+incompatible

go.sum

@@ -501,8 +501,6 @@ github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfV
 github.com/juju/ansiterm v0.0.0-20180109212912-720a0952cc2a h1:FaWFmfWdAUKbSCtOU2QjDaorUexogfaMgbipgYATUMU=
 github.com/juju/ansiterm v0.0.0-20180109212912-720a0952cc2a/go.mod h1:UJSiEoRfvx3hP73CvoARgeLjaIOjybY9vj8PUPPFGeU=
 github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w=
-github.com/kabukky/httpscerts v0.0.0-20150320125433-617593d7dcb3 h1:Iy7Ifq2ysilWU4QlCx/97OoI4xT1IV7i8byT/EyIT/M=
-github.com/kabukky/httpscerts v0.0.0-20150320125433-617593d7dcb3/go.mod h1:BYpt4ufZiIGv2nXn4gMxnfKV306n3mWXgNu/d2TqdTU=
 github.com/kelseyhightower/envconfig v1.3.0/go.mod h1:cccZRl6mQpaq41TPp5QxidR+Sa3axMbJDNb//FQX6Gg=
 github.com/keybase/go-crypto v0.0.0-20190403132359-d65b6b94177f/go.mod h1:ghbZscTyKdM07+Fw3KSi0hcJm+AlEUWj8QLlPtijN/M=
 github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q=

server/accessproxy/http/logger.go

@@ -2,11 +2,12 @@ package http
 
 import (
 	"fmt"
+	"github.com/seknox/trasa/server/utils"
 	"github.com/sirupsen/logrus"
-
 	"net/http"
 	"net/http/httputil"
 	"os"
+	"path/filepath"
 	"time"
 )
 
@@ -27,14 +28,14 @@ func passwordManAndLogger(r *http.Request, sessionID, csrfToken, userName string
 		return err
 	}
 
-	directoryBuilder := fmt.Sprintf("/tmp/trasa/accessproxy/http/%s", sessionID)
+	directoryBuilder := fmt.Sprintf(filepath.Join(utils.GetTmpDir(), "trasa", "accessproxy", "http", sessionID))
 
 	err = createDirIfNotExist(directoryBuilder)
 	if err != nil {
 		return err
 	}
 
-	logPath := fmt.Sprintf("%s/%s.http-raw", directoryBuilder, sessionID)
+	logPath := filepath.Join(directoryBuilder, fmt.Sprintf("%s.http-raw", sessionID))
 	file, err := os.OpenFile(logPath, os.O_WRONLY|os.O_CREATE|os.O_APPEND, 0755)
 	if err != nil {
 		logrus.Error(err)

server/accessproxy/rdpproxy/session.go

@@ -169,7 +169,7 @@ func (s *Session) Start(ws *websocket.Conn) (errcode string, err error) {
 	reader := s.tunnel.AcquireReader()
 	defer s.tunnel.ReleaseReader()
 
-	errcode, err = catchInitialErrors(*ws, writer, reader)
+	errcode, err = catchInitialErrors(ws, writer, reader)
 	if err != nil {
 		logrus.Error(errcode, err)
 		if errcode == "519" || errcode == "769" {
@@ -235,13 +235,13 @@ func (s *Session) Start(ws *websocket.Conn) (errcode string, err error) {
 
 //It will listen for error within first few instructions
 //If everything seem fine continue to serveIO
-func catchInitialErrors(ws websocket.Conn, guacdWriter io.Writer, guacdReader guacamole.InstructionReader) (errcode string, err error) {
+func catchInitialErrors(ws *websocket.Conn, guacdWriter io.Writer, guacdReader guacamole.InstructionReader) (errcode string, err error) {
 	wg := sync.WaitGroup{}
 	exit := make(chan error, 2)
 	wg.Add(2)
 	var done = false
 
-	go func(conn guacamole.InstructionReader, ws websocket.Conn) {
+	go func(conn guacamole.InstructionReader, ws *websocket.Conn) {
 		var err error
 		var raw []byte
 		var inst *guacamole.Instruction
@@ -279,7 +279,7 @@ func catchInitialErrors(ws websocket.Conn, guacdWriter io.Writer, guacdReader gu
 		wg.Done()
 	}(guacdReader, ws)
 
-	go func(conn io.Writer, ws websocket.Conn) {
+	go func(conn io.Writer, ws *websocket.Conn) {
 		var err error
 		var buf []byte
 		for !done {

server/accessproxy/rdpproxy/store.go

@@ -2,9 +2,11 @@ package rdpproxy
 
 import (
 	"fmt"
+	"github.com/seknox/trasa/server/utils"
 	"os"
 	"os/exec"
 	"path/filepath"
+	"runtime"
 	"time"
 
 	"github.com/pkg/errors"
@@ -20,15 +22,20 @@ func (s GWStore) CheckPolicy(params *models.ConnectionParams, policy *models.Pol
 
 func (s GWStore) uploadSessionLog(authlog *logs.AuthLog) error {
 
-	tempFileDir := "/tmp/trasa/accessproxy/guac"
+	tempFileDir := filepath.Join(utils.GetTmpDir(), "trasa", "accessproxy", "guac")
 	bucketName := "trasa-guac-logs"
 	sessionID := authlog.SessionID
 	logrus.Debugf("sessionID is %s", sessionID)
 
 	loginTime := time.Unix(0, authlog.LoginTime)
 
-	guacencCmdStr := fmt.Sprintf("sudo docker exec  guacd /usr/local/guacamole/bin/guacenc -f /tmp/trasa/accessproxy/guac/%s.guac", sessionID)
-	guacenc := exec.Command("/bin/bash", "-c", guacencCmdStr)
+	//TODO @sshahcodes
+
+	//sudo docker exec  guacd /usr/local/guacamole/bin/guacenc -f /tmp/trasa/accessproxy/guac/%s.guac
+	//here guacd is container name
+
+	guacenc := getGuacencCmd(sessionID)
+
 	ll, err := guacenc.CombinedOutput()
 	//	logger.Debug(string(ll))
 	if err != nil {
@@ -42,8 +49,7 @@ func (s GWStore) uploadSessionLog(authlog *logs.AuthLog) error {
 
 	}
 
-	ffmpegCmdStr := fmt.Sprintf("sudo ffmpeg -i %s/%s.guac.m4v %s/%s.mp4", tempFileDir, sessionID, tempFileDir, sessionID)
-	ffmpeg := exec.Command("/bin/bash", "-c", ffmpegCmdStr)
+	ffmpeg := getFFMPEGcmd(tempFileDir, sessionID)
 	ll, err = ffmpeg.CombinedOutput()
 	//logger.Debug(string(ll))
 	if err != nil {
@@ -57,8 +63,9 @@ func (s GWStore) uploadSessionLog(authlog *logs.AuthLog) error {
 
 	}
 
+	//don't use fileapth.join in object name
 	objectName := fmt.Sprintf("%s/%d/%d/%d/%s.guac", authlog.OrgID, loginTime.Year(), int(loginTime.Month()), loginTime.Day(), sessionID)
-	filePath := fmt.Sprintf("%s/%s.mp4", tempFileDir, sessionID)
+	filePath := filepath.Join(tempFileDir, fmt.Sprintf("%s.mp4", sessionID))
 
 	// Upload log file to minio
 	uploadErr := logs.Store.PutIntoMinio(objectName, filePath, bucketName)
@@ -77,3 +84,38 @@ func (s GWStore) uploadSessionLog(authlog *logs.AuthLog) error {
 
 	return uploadErr
 }
+
+func getGuacencCmd(sessionID string) *exec.Cmd {
+	if os.Getenv("GUACENC_INSTALLED") == "true" {
+		guacencCmdStr := fmt.Sprintf(
+			"/usr/local/guacamole/bin/guacenc -f /tmp/trasa/accessproxy/guac/%s.guac", sessionID)
+
+		return exec.Command("/bin/sh", "-c", guacencCmdStr)
+
+	}
+
+	if runtime.GOOS == "windows" {
+		guacencCmdStr := fmt.Sprintf(
+			"docker.exe exec  guacd /usr/local/guacamole/bin/guacenc -f /tmp/trasa/accessproxy/guac/%s.guac", sessionID)
+
+		return exec.Command("powershell", "-c", guacencCmdStr)
+	}
+
+	guacencCmdStr := fmt.Sprintf(
+		"sudo docker exec  guacd /usr/local/guacamole/bin/guacenc -f /tmp/trasa/accessproxy/guac/%s.guac", sessionID)
+	return exec.Command("/bin/bash", "-c", guacencCmdStr)
+
+}
+
+func getFFMPEGcmd(tempFileDir, sessionID string) *exec.Cmd {
+
+	if runtime.GOOS == "windows" {
+		ffmpegCmdStr := fmt.Sprintf(`ffmpeg.exe -i %s\%s.guac.m4v %s\%s.mp4`, tempFileDir, sessionID, tempFileDir, sessionID)
+		return exec.Command("powershell", "-c", ffmpegCmdStr)
+
+	}
+
+	ffmpegCmdStr := fmt.Sprintf("sudo ffmpeg -i %s/%s.guac.m4v %s/%s.mp4", tempFileDir, sessionID, tempFileDir, sessionID)
+	return exec.Command("/bin/bash", "-c", ffmpegCmdStr)
+
+}

server/accessproxy/sshproxy/listner.go

@@ -8,6 +8,7 @@ import (
 	"github.com/sirupsen/logrus"
 	"io/ioutil"
 	"net"
+	"path/filepath"
 )
 
 func ListenSSH(closeChan chan bool) error {
@@ -18,7 +19,7 @@ func ListenSSH(closeChan chan bool) error {
 	//	}
 	//}()
 
-	privateBytes, err := ioutil.ReadFile("/etc/trasa/certs/id_rsa")
+	privateBytes, err := ioutil.ReadFile(filepath.Join(utils.GetETCDir(), "trasa", "certs", "id_rsa"))
 	if err != nil {
 		pkey, err := utils.GeneratePrivateKey(4082)
 		if err != nil {

server/accessproxy/sshproxy/multiwriter.go

@@ -3,9 +3,11 @@ package sshproxy
 import (
 	"fmt"
 	"github.com/gorilla/websocket"
+	"github.com/seknox/trasa/server/utils"
 	"github.com/sirupsen/logrus"
 	"io"
 	"os"
+	"path/filepath"
 	"runtime/debug"
 )
 
@@ -21,7 +23,7 @@ type WrappedTunnel struct {
 
 func NewWrappedTunnel(sessionID string, sessionRecord bool, backendReader io.Reader, backendWriter io.WriteCloser, guestChan chan GuestClient) (*WrappedTunnel, error) {
 
-	err := os.MkdirAll("/tmp/trasa/accessproxy/ssh/", 0644)
+	err := os.MkdirAll(filepath.Join(utils.GetTmpDir(), "trasa", "accessproxy", "ssh"), 0644)
 	if err != nil {
 		logrus.Error(err)
 		return nil, err
@@ -35,7 +37,7 @@ func NewWrappedTunnel(sessionID string, sessionRecord bool, backendReader io.Rea
 	}
 
 	if sessionRecord {
-		tunn.tempLogFile, err = os.OpenFile("/tmp/trasa/accessproxy/ssh/"+sessionID+".session", os.O_WRONLY|os.O_CREATE|os.O_APPEND, 0644)
+		tunn.tempLogFile, err = os.OpenFile(filepath.Join(utils.GetTmpDir(), "trasa", "accessproxy", "ssh", sessionID+".session"), os.O_WRONLY|os.O_CREATE|os.O_APPEND, 0644)
 		if err != nil {
 			logrus.Error(err)
 			return nil, err

server/accessproxy/sshproxy/store.go

@@ -7,6 +7,7 @@ import (
 	"fmt"
 	"net"
 	"os"
+	"path/filepath"
 	"strings"
 	"time"
 
@@ -293,15 +294,15 @@ func (s Store) deleteGuestChannel(sessionID string) {
 
 func (s Store) uploadSessionLog(authlog *logs.AuthLog) error {
 
-	tempFileDir := "/tmp/trasa/accessproxy/ssh"
+	tempFileDir := filepath.Join(utils.GetTmpDir(), "trasa", "accessproxy", "ssh")
 	bucketName := "trasa-ssh-logs"
 	sessionID := authlog.SessionID
 
 	loginTime := time.Unix(0, authlog.LoginTime)
 	authlog.LogoutTime = time.Now().UnixNano()
 
-	objectName := fmt.Sprintf("%s/%d/%d/%d/%s.session", authlog.OrgID, loginTime.Year(), int(loginTime.Month()), loginTime.Day(), sessionID)
-	filePath := fmt.Sprintf("%s/%s.session", tempFileDir, sessionID)
+	objectName := filepath.Join(authlog.OrgID, fmt.Sprintf("%d", loginTime.Year()), fmt.Sprintf("%d", int(loginTime.Month())), fmt.Sprintf("%d", loginTime.Day()), fmt.Sprintf("%s.session", sessionID))
+	filePath := filepath.Join(tempFileDir, fmt.Sprintf("%s.session", sessionID))
 
 	// Upload log file to minio
 	uploadErr := logs.Store.PutIntoMinio(objectName, filePath, bucketName)