github/webssh
1
0
Fork 0
mirror of https://github.com/huashengdun/webssh.git synced 2026-02-19 14:09:50 +00:00
Code Issues Packages Projects Releases Wiki Activity
476 Commits 4 Branches 44 Tags
v1.6.1
Commit Graph

476 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Sheng
04bd859f15 Bump version to 1.6.1 v1.6.1 2022-11-21 17:12:05 +08:00
Sheng
50fc9908eb Added test_worker_closed 2022-11-21 16:48:49 +08:00
Sheng
9238c01c35 Updated test_failed_weak_ref 2022-11-21 16:39:13 +08:00
Sheng
2a46b52eac Close websocket if there is no corresponding ssh connection 2022-11-21 14:52:38 +08:00
Sheng
9a7cfe767c Use uuid4 to generate id for Python3.5 Python3.4 Python2.7 2022-11-21 14:32:41 +08:00
Shengdun Hua
a3cb94b45e Merge pull request #306 from klarose/handle-closed-worker 
do not process message for closed workers
 2022-11-21 14:01:21 +08:00
Shengdun Hua
7b18eac7a6 Merge pull request #305 from klarose/more-secure-worker-id 
use secrets to generate worker id
 2022-11-21 11:26:38 +08:00
Kyle Larose
f0e2ddb821 do not process message for closed workers 
WsockHandler stores a weak reference to the ssh backend worker. The
worker closes itself if the backend connection closes (e.g. the user
exists the ssh session). That happens in parallel to the websocket
handler processing messages, so it is possible for a message to arrive
when the worker no longer has any strong references, leading to an
exception being thrown.

Handle this case by treating the None worker the same way we do invalid
messages: by simply returning.
 2022-11-18 08:55:03 -05:00
Kyle Larose
1b62f379ed use secrets to generate worker id 
The worker ID right now is typically based off the address of an object
in memory. This could be guessed. While the worker is tied to a
specific IP, there is a chance an off-path attacker could be hosted
behind the same IP as the caller. They could possibly guess the worker
id of an unclaimed session by observing the sequence of IDs presented to
themselves, leading to them gaining access to an already authenticated
SSH session.

Use the python secrets module to generate a cryptographically secure
token to use as the worker ID. This shoud be much harder to guess.
 2022-11-17 15:26:05 -05:00
Sheng
ee24eb7f65 Fixed a bug of getting custom font url 2022-10-30 14:37:11 +08:00
Shengdun Hua
4aec063197 Merge pull request #284 from kensonman/alpine 
Change the Docker base image from python:3-slim to python:3-alpine.
 2022-05-29 10:58:57 +08:00
Kenson Man
309d912985 Change the Docker base image from python:3-slim to python:3-alpine. 
The final image will be ~79.6MB instead of 163MB. It has 48% smaller.
 2022-05-27 12:47:19 +01:00
Sheng
a9d959ffb7 Bump to version 1.6.0 v1.6.0 2022-05-02 20:07:32 +08:00
Sheng
97e6d25556 Support Python 3.9 2022-05-02 19:58:38 +08:00
Shengdun Hua
685e1a7df1 Merge pull request #275 from rlucia/master 
65535/tcp is a valid port number
 2022-03-11 21:40:27 +08:00
Rocco Lucia
3c0b0fb332 65535/tcp is a valid port number 2022-03-09 18:25:09 +01:00
Sheng
86c98dacc4 Use decodeURIComponent instead of decodeURI 2022-02-23 05:14:31 +08:00
Sheng
11bd7fea47 Moved some codes into else block 2022-02-20 21:37:16 +08:00
Shengdun Hua
cd3c747747 Merge pull request #270 from Zotil/encoding_timeout 
timeout on exec_command
 2022-02-20 21:18:18 +08:00
Carlos Martínez
c89fcc1da9 fix line length 2022-02-13 11:04:13 -03:00
Carlos Martínez
00a4a77243 timeout on exec_command 2022-02-13 10:45:06 -03:00
Shengdun Hua
d74196eb00 Merge pull request #237 from fakeyw/dev_set_font_color 
Add url param to change font color
 2021-09-04 06:10:09 +08:00
fakeyw
3192cb006c README add set_font_color example 2021-09-03 17:48:41 +08:00
fakeyw
e25751c132 found the way to change font color 2021-09-03 16:31:07 +08:00
Sheng
ddbb2c3fb1 Ignore invalid font size 2021-08-25 19:18:28 +08:00
Shengdun Hua
de828cbabf Merge pull request #234 from yc5/patch-1 
update readme images with relative links
 2021-08-24 21:07:45 +08:00
yc5
0d14b8d4ae update readme images with relative links 2021-08-24 19:54:36 +08:00
Shengdun Hua
e63f2674a3 Merge pull request #233 from joshua5201/master 
Add fontsize url parameter
 2021-08-23 20:55:07 +08:00
Tsung-en Hsiao
e4657761c9 Add fontsize url parameter 2021-08-23 07:01:03 +00:00
Shengdun Hua
2f0d5809ae Merge pull request #209 from svengo/patch-1 
Update Dockerfile
 2021-03-11 23:01:31 +08:00
Sven Gottwald
8238a49554 Update Dockerfile 
For security reasons, run the Docker container as an unprivileged user
 2021-03-10 15:11:20 +01:00
Sheng
7b8f473ba6 Changed the type of two options into float 2020-10-07 20:36:43 +08:00
Sheng
d54f5b547a Use options.delay instead of DELAY 2020-10-07 20:29:13 +08:00
Sheng
063b0ee5cf Bump version to 1.5.3 v1.5.3 2020-10-02 13:55:56 +08:00
Sheng
def4c9e653 Updated travis.yml 2020-10-02 11:51:44 +08:00
Sheng
11cc534e48 Use pytest 4.6+ 2020-10-02 11:44:16 +08:00
Sheng
760c74a2f7 Use selector event loop for Python 3.8+ on windows 2020-10-02 11:29:48 +08:00
Sheng
19d816f991 Check if channel is closed first when error occurs on reading or writing 2020-09-16 21:01:53 +08:00
Shengdun Hua
596e12d864 Merge pull request #181 from Pofilo/upgrade_paramiko 
upgrade paramiko to 2.7.2
 2020-09-15 21:46:49 +08:00
pofilo
2f53ee5551 upgrade paramiko to 2.7.2 2020-09-15 14:24:35 +02:00
Sheng
51d527fe75 Fixed typo 2020-04-12 21:25:21 +08:00
Sheng
884ac27d5c Bump version to 1.5.2 v1.5.2 2020-03-22 17:24:28 +08:00
Sheng
1fb2fe1e87 Added support for python 3.8 2020-03-22 17:23:29 +08:00
Sheng
396013e14f Added python 3.8 2020-03-22 17:16:31 +08:00
Sheng
d291199186 Updated requirements.txt 2020-03-22 17:11:02 +08:00
Sheng
815783d6b0 Use warning instead of warn 2020-03-22 17:02:04 +08:00
Sheng
5f4978a994 Set utf-8 as the default encoding if we cannot detect it 2020-03-22 14:40:49 +08:00
Sheng
795875807b Added two options for user configuration 2020-02-23 11:11:41 +08:00
Sheng
32d7236630 To generate more friendly error message 2020-02-14 07:59:14 +08:00
Shengdun Hua
0afc045f77 Merge pull request #127 from Chunters/help-update 
additional help description
 2020-02-14 07:50:01 +08:00