You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@knox.apache.org by GitBox <gi...@apache.org> on 2021/08/05 18:34:41 UTC
[GitHub] [knox] risdenk commented on a change in pull request #477: [WIP] KNOX-2631
risdenk commented on a change in pull request #477:
URL: https://github.com/apache/knox/pull/477#discussion_r683692338
##########
File path: gateway-applications/src/main/resources/applications/webshell/app/libs/bower/jquery/js/jquery-3.5.1.min.js
##########
@@ -0,0 +1,2 @@
+/*! jQuery v3.5.1 | (c) JS Foundation and other contributors | jquery.org/license */
Review comment:
Do we need this copied in? Can we follow the pattern of other applications using npm to at least keep it reasonable to upgrade in the future?
##########
File path: gateway-applications/src/main/resources/applications/webshell/app/index.html
##########
@@ -0,0 +1,97 @@
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<!DOCTYPE html>
+<html>
+<head>
+ <meta charset="utf-8">
+ <title>WebShell</title>
+ <link rel="shortcut icon" href="images/favicon.ico">
+ <link href="styles/xterm.css" media="all" rel="stylesheet" type="text/css">
+
+</head>
+<body>
+<div id="terminal" style="width: 100%;height: 100%"></div>
+<script src="libs/bower/jquery/js/jquery-3.5.1.min.js" ></script>
Review comment:
Why is jquery under a different folder than the other js files?
##########
File path: gateway-server/src/main/java/org/apache/knox/gateway/webshell/WebshellWebSocketAdapter.java
##########
@@ -0,0 +1,162 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.knox.gateway.webshell;
+
+import java.io.IOException;
+import java.nio.charset.StandardCharsets;
+import java.util.Locale;
+import java.util.concurrent.ExecutorService;
+
+import com.fasterxml.jackson.core.JsonProcessingException;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import org.eclipse.jetty.io.RuntimeIOException;
+import org.eclipse.jetty.websocket.api.Session;
+import org.eclipse.jetty.websocket.api.WebSocketAdapter;
+import org.eclipse.jetty.websocket.servlet.ServletUpgradeRequest;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class WebshellWebSocketAdapter extends WebSocketAdapter {
+ private static final Logger LOG = LoggerFactory.getLogger(WebshellWebSocketAdapter.class);
+
+ private Session session;
+
+ private final ExecutorService pool;
+
+ private ConnectInfo connectInfo;
+
+ public static final String OPERATION_CONNECT = "connect";
+ public static final String OPERATION_COMMAND = "command";
+
+ public WebshellWebSocketAdapter(ServletUpgradeRequest req, ExecutorService pool) {
+ super();
+ this.pool = pool;
+ //todo: validate hadoop-jwt cookie
+ }
+
+ @Override
+ public void onWebSocketConnect(final Session session) {
+ this.session = session;
+ //todo: process based works on mac but not on Centos 7, use JSch to connect for now
+ //this.connectInfo = new ProcessConnectInfo();
+ this.connectInfo = new JSchConnectInfo();
+ LOG.info("websocket connected.");
+ }
+
+
+ @SuppressWarnings("PMD.DoNotUseThreads")
+ @Override
+ public void onWebSocketText(final String message) {
+ LOG.info("received message "+ message);
+
+ ObjectMapper objectMapper = new ObjectMapper();
+ final WebShellData webShellData;
+ try {
+ webShellData = objectMapper.readValue(message, WebShellData.class);
+ } catch (JsonProcessingException e) {
+ LOG.error("error parsing string to WebShellData");
+ throw new RuntimeException(e);
+ }
+
+ if (OPERATION_CONNECT.equals(webShellData.getOperation())) {
+ connectInfo.connect(webShellData.getUsername());
+ pool.execute(new Runnable() {
+ @Override
+ public void run(){
+ blockingReadFromHost();
+ }
+ });
+ } else if (OPERATION_COMMAND.equals(webShellData.getOperation())) {
+ transToHost(webShellData.getCommand());
+ } else {
+ String err = String.format(Locale.ROOT, "Operation %s not supported",webShellData.getOperation());
+ LOG.error(err);
+ throw new UnsupportedOperationException(err);
+ }
+ }
+
+ // this function will block, should be run in an asynchronous thread
+ private void blockingReadFromHost(){
+ LOG.info("start listening to bash process");
+ byte[] buffer = new byte[1024];
+ int i;
+ try {
+ // blocks until data comes in
+ while ((i = connectInfo.getInputStream().read(buffer)) != -1) {
+ transToClient(new String(buffer, 0, i, StandardCharsets.UTF_8));
+ }
+ } catch (IOException e){
+ LOG.error("Error reading from host:" + e.getMessage());
+ throw new RuntimeIOException(e);
+ }
+ }
+
+ private void transToHost (String command){
+ LOG.info("sending to host: "+command);
Review comment:
Should these commands be logged?
##########
File path: gateway-server/src/main/java/org/apache/knox/gateway/webshell/WebshellWebSocketAdapter.java
##########
@@ -0,0 +1,162 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.knox.gateway.webshell;
+
+import java.io.IOException;
+import java.nio.charset.StandardCharsets;
+import java.util.Locale;
+import java.util.concurrent.ExecutorService;
+
+import com.fasterxml.jackson.core.JsonProcessingException;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import org.eclipse.jetty.io.RuntimeIOException;
+import org.eclipse.jetty.websocket.api.Session;
+import org.eclipse.jetty.websocket.api.WebSocketAdapter;
+import org.eclipse.jetty.websocket.servlet.ServletUpgradeRequest;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class WebshellWebSocketAdapter extends WebSocketAdapter {
+ private static final Logger LOG = LoggerFactory.getLogger(WebshellWebSocketAdapter.class);
+
+ private Session session;
+
+ private final ExecutorService pool;
+
+ private ConnectInfo connectInfo;
+
+ public static final String OPERATION_CONNECT = "connect";
+ public static final String OPERATION_COMMAND = "command";
+
+ public WebshellWebSocketAdapter(ServletUpgradeRequest req, ExecutorService pool) {
+ super();
+ this.pool = pool;
+ //todo: validate hadoop-jwt cookie
+ }
+
+ @Override
+ public void onWebSocketConnect(final Session session) {
+ this.session = session;
+ //todo: process based works on mac but not on Centos 7, use JSch to connect for now
+ //this.connectInfo = new ProcessConnectInfo();
+ this.connectInfo = new JSchConnectInfo();
+ LOG.info("websocket connected.");
+ }
+
+
+ @SuppressWarnings("PMD.DoNotUseThreads")
+ @Override
+ public void onWebSocketText(final String message) {
+ LOG.info("received message "+ message);
+
+ ObjectMapper objectMapper = new ObjectMapper();
+ final WebShellData webShellData;
+ try {
+ webShellData = objectMapper.readValue(message, WebShellData.class);
+ } catch (JsonProcessingException e) {
+ LOG.error("error parsing string to WebShellData");
+ throw new RuntimeException(e);
+ }
+
+ if (OPERATION_CONNECT.equals(webShellData.getOperation())) {
+ connectInfo.connect(webShellData.getUsername());
+ pool.execute(new Runnable() {
+ @Override
+ public void run(){
+ blockingReadFromHost();
+ }
+ });
+ } else if (OPERATION_COMMAND.equals(webShellData.getOperation())) {
+ transToHost(webShellData.getCommand());
+ } else {
+ String err = String.format(Locale.ROOT, "Operation %s not supported",webShellData.getOperation());
+ LOG.error(err);
+ throw new UnsupportedOperationException(err);
+ }
+ }
+
+ // this function will block, should be run in an asynchronous thread
+ private void blockingReadFromHost(){
+ LOG.info("start listening to bash process");
+ byte[] buffer = new byte[1024];
+ int i;
+ try {
+ // blocks until data comes in
+ while ((i = connectInfo.getInputStream().read(buffer)) != -1) {
+ transToClient(new String(buffer, 0, i, StandardCharsets.UTF_8));
+ }
+ } catch (IOException e){
+ LOG.error("Error reading from host:" + e.getMessage());
+ throw new RuntimeIOException(e);
+ }
+ }
+
+ private void transToHost (String command){
+ LOG.info("sending to host: "+command);
+ try {
+ connectInfo.getOutputStream().write(command.getBytes(StandardCharsets.UTF_8));
+ connectInfo.getOutputStream().flush();
+ }catch (IOException e){
+ LOG.error("Error sending message to host");
+ throw new RuntimeIOException(e);
+ }
+ }
+
+ private void transToClient(String message){
+ LOG.info("sending to client: "+ message);
Review comment:
Should these commands be logged?
##########
File path: gateway-server/pom.xml
##########
@@ -409,6 +409,19 @@
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
</dependency>
+ <dependency>
+ <groupId>de.thetaphi</groupId>
+ <artifactId>forbiddenapis</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>com.jcraft</groupId>
+ <artifactId>jsch</artifactId>
+ <version>0.1.54</version>
Review comment:
No versions should be listed here at all. Versions should only be specified in the top level pom. Also there is formatting issues here.
##########
File path: gateway-applications/src/main/resources/applications/webshell/app/styles/xterm.css
##########
@@ -0,0 +1,2261 @@
+/**
Review comment:
This should be minified at minimum - even better if we aren't copying full binary files from elsewhere.
The link in the source (https://github.com/chjj/term.js) is outdated and the new fork is https://github.com/xtermjs/xterm.js
There doesn't look to be any details as to what version this actually is?
I also think there needs to be an edit to the `LICENSE` file since this is under a different license?
##########
File path: gateway-applications/src/main/resources/applications/webshell/app/js/xterm.js
##########
@@ -0,0 +1,5165 @@
+/**
Review comment:
This should be minified at minimum - even better if we aren't copying full binary files from elsewhere.
The link in the source (https://github.com/chjj/term.js) is outdated and the new fork is https://github.com/xtermjs/xterm.js
There doesn't look to be any details as to what version this actually is?
I also think there needs to be an edit to the `LICENSE` file since this is under a different license?
##########
File path: pom.xml
##########
@@ -441,6 +441,7 @@
<exclude>**/.project/**</exclude>
<exclude>**/.settings/**</exclude>
<exclude>**/.classpath/**</exclude>
+ <exclude>**/.idea/**</exclude>
Review comment:
.idea/** is already here so not sure why this was added?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscribe@knox.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org