Unprotected access for websocket consoles.

Ref https://github.com/GNS3/gns3-gui/issues/2883#issuecomment-580677552
2024-11-16 16:54:51 +02:00 · 2020-01-31 18:30:26 +08:00 · 2020-01-31 18:30:26 +08:00 · 3484a7dd3d
commit 3484a7dd3d
parent c313475f68
2 changed files with 4 additions and 2 deletions
--- a/gns3server/handlers/api/controller/node_handler.py
+++ b/gns3server/handlers/api/controller/node_handler.py
@ -469,6 +469,7 @@ class NodeHandler:
        })
    async def ws_console(request, response):

+        print("HERE!")
        project = await Controller.instance().get_loaded_project(request.match_info["project_id"])
        node = project.get_node(request.match_info["node_id"])
        compute = node.compute
--- a/gns3server/web/route.py
+++ b/gns3server/web/route.py
@ -106,7 +106,8 @@ class Route(object):
        :returns: Response if you need to auth the user otherwise None
        """

-        if not server_config.getboolean("auth", False):
+        # FIXME: ugly exception to not require authentication for websocket consoles
+        if not server_config.getboolean("auth", False) or request.path.endswith("console/ws"):
            return None

        user = server_config.get("user", "").strip()
@ -257,7 +258,7 @@ class Route(object):
                """

                #FIXME: ugly exceptions for capture and websocket console
-                if "node_id" in request.match_info and not "pcap" in request.path and not "ws" in request.path:
+                if "node_id" in request.match_info and not "pcap" in request.path and not request.path.endswith("console/ws"):
                    node_id = request.match_info.get("node_id")

                    if "compute" in request.path: