Use credential for auth_token

Iwasaki Yudai
Commit ff927770 authored Sep 01, 2015 by Iwasaki Yudai
Showing with 6 additions and 7 deletions
README.md
app/app.go
--- a/README.md
+++ b/README.md
@@ -93,7 +93,7 @@ See the [`.gotty`](https://github.com/yudai/gotty/blob/master/.gotty) file in th
 By default, GoTTY doesn't allow clients to send any keystrokes or commands except terminal window resizing. When you want to permit clients to write input to the TTY, add the `-w` option. However, accepting input from remote clients is dangerous for most commands. When you need interaction with the TTY for some reasons, consider starting GoTTY with tmux or GNU Screen and run your command on it (see "Sharing with Multiple Clients" section for detail).
-To restrict client access, you can use the `-c` option to enable the basic authentication. With this option, clients need to input the specified username and password to connect to the GoTTY server. The `-r` option is a little bit casualer way to restrict access. With this option, GoTTY generates a random URL so that only people who know the URL can get access to the server.
+To restrict client access, you can use the `-c` option to enable the basic authentication. With this option, clients need to input the specified username and password to connect to the GoTTY server. The `-r` option is a little bit casualer way to restrict access. With this option, GoTTY generates a random URL so that only people who know the URL can get access to the server. Note that the credentical will be transmitted between the server and clients in plain text.
 All traffic between the server and clients are NOT encrypted by default. When you send secret information through GoTTY, we strongly recommend you use the `-t` option which enables TLS/SSL on the session. By default, GoTTY loads the crt and key files placed at `~/.gotty.crt` and `~/.gotty.key`. You can overwrite these file paths with the `--tls-crt` and `--tls-key` options. When you need to generate a self-signed certification file, you can use the `openssl` command.

--- a/app/app.go
+++ b/app/app.go
@@ -29,9 +29,8 @@ type App struct {
 	command []string
 	options *Options
-	upgrader  *websocket.Upgrader
+	upgrader *websocket.Upgrader
-	server    *manners.GracefulServer
+	server   *manners.GracefulServer
-	authToken string
 	titleTemplate *template.Template
 }
@@ -89,7 +88,6 @@ func New(command []string, options *Options) (*App, error) {
 			WriteBufferSize: 1024,
 			Subprotocols:    []string{"gotty"},
 		},
-		authToken: generateRandomString(20),
 		titleTemplate: titleTemplate,
 	}, nil
@@ -253,8 +251,9 @@ func (app *App) handleWS(w http.ResponseWriter, r *http.Request) {
 	}
 	_, initMessage, err := conn.ReadMessage()
-	if err != nil || string(initMessage) != app.authToken {
+	if err != nil || string(initMessage) != app.options.Credential {
 		log.Print("Failed to authenticate websocket connection")
+		conn.Close()
 		return
 	}
@@ -282,7 +281,7 @@ func (app *App) handleCustomIndex(w http.ResponseWriter, r *http.Request) {
 }
 func (app *App) handleAuthToken(w http.ResponseWriter, r *http.Request) {
-	w.Write([]byte("var gotty_auth_token = '" + app.authToken + "';"))
+	w.Write([]byte("var gotty_auth_token = '" + app.options.Credential + "';"))
 }
 func (app *App) Exit() (firstCall bool) {