luci-mod-system: reimplement SSH key mgmt as client side view

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-09-15 20:00:36 +02:00 · 2019-09-15 20:00:36 +02:00 · a31d1d10e0
commit a31d1d10e0
parent 3e1cf14ad1
4 changed files with 98 additions and 122 deletions
--- a/modules/luci-base/root/usr/share/rpcd/acl.d/luci-base.json
+++ b/modules/luci-base/root/usr/share/rpcd/acl.d/luci-base.json
@ -24,6 +24,7 @@
 				"/": [ "list" ],
 				"/*": [ "list" ],
 				"/etc/crontabs/root": [ "read" ],
 				"/etc/dropbear/authorized_keys": [ "read" ],
 				"/etc/rc.local": [ "read" ],
 				"/proc/sys/kernel/hostname": [ "read" ]
 			},
@ -42,6 +43,7 @@
 			"cgi-io": [ "upload", "/etc/luci-uploads/*" ],
 			"file": {
 				"/etc/crontabs/root": [ "write" ],
 				"/etc/dropbear/authorized_keys": [ "write" ],
 				"/etc/luci-uploads/*": [ "write" ],
 				"/etc/rc.local": [ "write" ]
 			},
--- a/modules/luci-mod-system/htdocs/luci-static/resources/view/system/sshkeys.js
+++ b/modules/luci-mod-system/htdocs/luci-static/resources/view/system/sshkeys.js
@ -1,4 +1,7 @@
-SSHPubkeyDecoder.prototype = {
+'use strict';
 'require rpc';
 var SSHPubkeyDecoder = L.Class.singleton({
 	lengthDecode: function(s, off)
 	{
 		var l = (s.charCodeAt(off++) << 24) |
@ -85,19 +88,29 @@ SSHPubkeyDecoder.prototype = {
 			return null;
 		}
 	}
-};
+});
-function SSHPubkeyDecoder() {}
+var callFileRead = rpc.declare({
 	object: 'file',
 	method: 'read',
 	params: [ 'path' ],
 	expect: { data: '' }
 });
 var callFileWrite = rpc.declare({
 	object: 'file',
 	method: 'write',
 	params: [ 'path', 'data' ]
 });
 function renderKeys(keys) {
-	var list = document.querySelector('.cbi-dynlist[name="sshkeys"]'),
+	var list = document.querySelector('.cbi-dynlist[name="sshkeys"]');
 	    decoder = new SSHPubkeyDecoder();
 	while (!matchesElem(list.firstElementChild, '.add-item'))
 		list.removeChild(list.firstElementChild);
 	keys.forEach(function(key) {
-		var pubkey = decoder.decode(key);
+		var pubkey = SSHPubkeyDecoder.decode(key);
 		if (pubkey)
 			list.insertBefore(E('div', {
 				class: 'item',
@ -117,19 +130,16 @@ function renderKeys(keys) {
 }
 function saveKeys(keys) {
-	L.showModal(_('Add key'), E('div', { class: 'spinning' }, _('Saving keys…')));
+	return callFileWrite('/etc/dropbear/authorized_keys', keys.join('\n') + '\n')
-	L.post('admin/system/admin/sshkeys/json', { keys: JSON.stringify(keys) }, function(xhr, keys) {
+		.then(renderKeys.bind(this, keys))
-		renderKeys(keys);
+		.then(L.ui.hideModal);
 		L.hideModal();
 	});
 }
 function addKey(ev) {
-	var decoder = new SSHPubkeyDecoder(),
+	var list = findParent(ev.target, '.cbi-dynlist'),
 	    list = findParent(ev.target, '.cbi-dynlist'),
 	    input = list.querySelector('input[type="text"]'),
 	    key = input.value.trim(),
-	    pubkey = decoder.decode(key),
+	    pubkey = SSHPubkeyDecoder.decode(key),
 	    keys = [];
 	if (!key.length)
@ -140,21 +150,26 @@ function addKey(ev) {
 	});
 	if (keys.indexOf(key) !== -1) {
-		L.showModal(_('Add key'), [
+		L.ui.showModal(_('Add key'), [
 			E('div', { class: 'alert-message warning' }, _('The given SSH public key has already been added.')),
 			E('div', { class: 'right' }, E('div', { class: 'btn', click: L.hideModal }, _('Close')))
 		]);
 	}
 	else if (!pubkey) {
-		L.showModal(_('Add key'), [
+		L.ui.showModal(_('Add key'), [
 			E('div', { class: 'alert-message warning' }, _('The given SSH public key is invalid. Please supply proper public RSA or ECDSA keys.')),
 			E('div', { class: 'right' }, E('div', { class: 'btn', click: L.hideModal }, _('Close')))
 		]);
 	}
 	else {
 		keys.push(key);
 		saveKeys(keys);
 		input.value = '';
 		return saveKeys(keys).then(function() {
 			var added = list.querySelector('[data-key="%s"]'.format(key));
 			if (added)
 				added.classList.add('flash');
 		});
 	}
 }
@ -175,7 +190,7 @@ function removeKey(ev) {
 		E('div', { class: 'right' }, [
 			E('div', { class: 'btn', click: L.hideModal }, _('Cancel')),
 			' ',
-			E('div', { class: 'btn danger', click: function(ev) { saveKeys(keys) } }, _('Delete key')),
+			E('div', { class: 'btn danger', click: L.ui.createHandlerFn(this, saveKeys, keys) }, _('Delete key')),
 		])
 	]);
 }
@ -205,11 +220,67 @@ function dropKey(ev) {
 	ev.preventDefault();
 }
-window.addEventListener('dragover', function(ev) { ev.preventDefault() });
+function handleWindowDragDropIgnore(ev) {
-window.addEventListener('drop', function(ev) { ev.preventDefault() });
+	ev.preventDefault()
 }
-requestAnimationFrame(function() {
+return L.view.extend({
-	L.get('admin/system/admin/sshkeys/json', null, function(xhr, keys) {
+	load: function() {
-		renderKeys(keys);
+		return callFileRead('/etc/dropbear/authorized_keys').then(function(data) {
 			return (data || '').split(/\n/).map(function(line) {
 				return line.trim();
 			}).filter(function(line) {
 				return line.match(/^ssh-/) != null;
 			});
 		});
 	},
 	render: function(keys) {
 		var list = E('div', { 'class': 'cbi-dynlist', 'dragover': dragKey, 'drop': dropKey }, [
 			E('div', { 'class': 'add-item' }, [
 				E('input', {
 					'class': 'cbi-input-text',
 					'type': 'text',
 					'placeholder': _('Paste or drag SSH key file…') ,
 					'keydown': function(ev) { if (ev.keyCode === 13) addKey(ev) }
 				}),
 				E('button', {
 					'class': 'cbi-button',
 					'click': L.ui.createHandlerFn(this, addKey)
 				}, _('Add key'))
 			])
 		]);
 		keys.forEach(L.bind(function(key) {
 			var pubkey = SSHPubkeyDecoder.decode(key);
 			if (pubkey)
 				list.insertBefore(E('div', {
 					class: 'item',
 					click: L.ui.createHandlerFn(this, removeKey),
 					'data-key': key
 				}, [
 					E('strong', pubkey.comment || _('Unnamed key')), E('br'),
 					E('small', [
 						'%s, %s'.format(pubkey.type, pubkey.curve || _('%d Bit').format(pubkey.bits)),
 						E('br'), E('code', pubkey.fprint)
 					])
 				]), list.lastElementChild);
 		}, this));
 		if (list.firstElementChild === list.lastElementChild)
 			list.insertBefore(E('p', _('No public keys present yet.')), list.lastElementChild);
 		window.addEventListener('dragover', handleWindowDragDropIgnore);
 		window.addEventListener('drop', handleWindowDragDropIgnore);
 		return E('div', {}, [
 			E('h2', _('SSH-Keys')),
 			E('div', { 'class': 'cbi-section-descr' }, _('Public keys allow for the passwordless SSH logins with a higher security compared to the use of plain passwords. In order to upload a new key to the device, paste an OpenSSH compatible public key line or drag a <code>.pub</code> file into the input field.')),
 			E('div', { 'class': 'cbi-section-node' }, list)
 		]);
 	},
 	handleSaveApply: null,
 	handleSave: null,
 	handleReset: null
 });
--- a/modules/luci-mod-system/luasrc/controller/admin/system.lua
+++ b/modules/luci-mod-system/luasrc/controller/admin/system.lua
@ -17,8 +17,7 @@ function index()
 	if fs.access("/etc/config/dropbear") then
 		entry({"admin", "system", "admin", "dropbear"}, cbi("admin_system/dropbear"), _("SSH Access"), 2)
-		entry({"admin", "system", "admin", "sshkeys"}, template("admin_system/sshkeys"), _("SSH-Keys"), 3)
+		entry({"admin", "system", "admin", "sshkeys"}, view("system/sshkeys"), _("SSH-Keys"), 3)
 		entry({"admin", "system", "admin", "sshkeys", "json"}, post_on({ keys = true }, "action_sshkeys"))
 	end
 	entry({"admin", "system", "startup"}, view("system/startup"), _("Startup"), 45)
@ -293,56 +292,6 @@ function action_password()
 	luci.http.write_json({ code = luci.sys.user.setpasswd("root", password) })
 end
 function action_sshkeys()
 	local keys = luci.http.formvalue("keys")
 	if keys then
 		keys = luci.jsonc.parse(keys)
 		if not keys or type(keys) ~= "table" then
 			luci.http.status(400, "Bad Request")
 			return
 		end
 		local fd, err = io.open("/etc/dropbear/authorized_keys", "w")
 		if not fd then
 			luci.http.status(503, err)
 			return
 		end
 		local _, k
 		for _, k in ipairs(keys) do
 			if type(k) == "string" and k:match("^%w+%-") then
 				fd:write(k)
 				fd:write("\n")
 			end
 		end
 		fd:close()
 	end
 	local fd, err = io.open("/etc/dropbear/authorized_keys", "r")
 	if not fd then
 		luci.http.status(503, err)
 		return
 	end
 	local rv = {}
 	while true do
 		local ln = fd:read("*l")
 		if not ln then
 			break
 		elseif ln:match("^[%w%-]+%s+[A-Za-z0-9+/=]+$") or
 		       ln:match("^[%w%-]+%s+[A-Za-z0-9+/=]+%s")
 		then
 			rv[#rv+1] = ln
 		end
 	end
 	fd:close()
 	luci.http.prepare_content("application/json")
 	luci.http.write_json(rv)
 end
 function action_reboot()
 	luci.sys.reboot()
 end
--- a/modules/luci-mod-system/luasrc/view/admin_system/sshkeys.htm
+++ b/modules/luci-mod-system/luasrc/view/admin_system/sshkeys.htm
@ -1,46 +0,0 @@
 <%+header%>
 <style type="text/css">
 	.cbi-dynlist {
 		max-width: 100%;
 	}
 	.cbi-dynlist .item > small {
 		display: block;
 		direction: rtl;
 		overflow: hidden;
 		text-align: left;
 	}
 	.cbi-dynlist .item > small > code {
 		direction: ltr;
 		white-space: nowrap;
 		unicode-bidi: bidi-override;
 	}
 	@media screen and (-ms-high-contrast: active), (-ms-high-contrast: none) {
 		.cbi-dynlist .item > small { direction: ltr }
 	}
 </style>
 <div class="cbi-map">
 	<h2><%:SSH-Keys%></h2>
 	<div class="cbi-section-descr">
 		<%_Public keys allow for the passwordless SSH logins with a higher security compared to the use of plain passwords. In order to upload a new key to the device, paste an OpenSSH compatible public key line or drag a <code>.pub</code> file into the input field.%>
 	</div>
 	<div class="cbi-section-node">
 		<div class="cbi-dynlist" name="sshkeys">
 			<p class="spinning"><%:Loading SSH keys…%></p>
 			<div class="add-item" ondragover="dragKey(event)" ondrop="dropKey(event)">
 				<input class="cbi-input-text" type="text" placeholder="<%:Paste or drag SSH key file…%>" onkeydown="if (event.keyCode === 13) addKey(event)" />
 				<button class="cbi-button" onclick="addKey(event)"><%:Add key%></button>
 			</div>
 		</div>
 	</div>
 </div>
 <script type="application/javascript" src="<%=resource%>/view/system/sshkeys.js"></script>
 <%+footer%>