Compare commits

...

11 Commits

Author SHA1 Message Date
Kevan Ahlquist 199efb400c Merge branch 'master' into dist 2016-04-02 21:54:40 -05:00
Kevan Ahlquist 7e1d5338cf Merge pull request #201 from crosbymichael/csrf
Add CSRF Protection
2016-04-02 21:05:13 -05:00
Kevan Ahlquist a67206dd8d Version bump, 0.10.1-beta 2016-04-02 21:04:51 -05:00
Kevan Ahlquist 5f3d856535 Persist csrf authKey in container to allow restarts without breaking existing cookies. 2016-04-02 16:55:06 -05:00
Kevan Ahlquist 0244bc7317 Fix csrf, send tokens back in header, pass token instead of cookie back to server. 2016-04-02 14:39:30 -05:00
Kevan Ahlquist 7267516363 Don't re-generate token on every startup for now. 2016-04-01 11:10:30 -05:00
Kevan Ahlquist 15d133324d add gorilla/csrf
#199
2016-03-31 23:54:12 -05:00
Kevan Ahlquist 5bf922325a Sanitize text that gets sent to Gritter for notifications,
#198
2016-03-31 20:06:46 -05:00
Kevan Ahlquist 6d8f99d7b0 Merge branch 'master' into dist 2016-03-25 09:51:41 -05:00
Kevan Ahlquist b2b814a65b Merge pull request #196 from pmig/crosbymichael/dockerui#194
crosbymichael/dockerui#194 fix toggleAll function by only iterating over filtered objects
2016-03-25 09:40:24 -05:00
Philip Miglinci d2bc18b575 crosbymichael/dockerui#194 fix toggleAll function by only iterating over filtered objects
Signed-off-by: Philip Miglinci <p.miglinci@gmail.com>
2016-03-25 15:29:39 +01:00
18 changed files with 91 additions and 41 deletions
+10 -2
View File
@@ -25,6 +25,10 @@ angular.module('dockerui', [
'volumes'])
.config(['$routeProvider', '$httpProvider', function ($routeProvider, $httpProvider) {
'use strict';
$httpProvider.defaults.xsrfCookieName = 'csrfToken';
$httpProvider.defaults.xsrfHeaderName = 'X-CSRF-Token';
$routeProvider.when('/', {
templateUrl: 'app/components/dashboard/dashboard.html',
controller: 'DashboardController'
@@ -75,10 +79,14 @@ angular.module('dockerui', [
if (typeof(response.data) === 'string' && response.data.startsWith('Conflict.')) {
$.gritter.add({
title: 'Error',
text: response.data,
text: $('<div>').text(response.data).html(),
time: 10000
});
}
var csrfToken = response.headers('X-Csrf-Token');
if (csrfToken) {
document.cookie = 'csrfToken=' + csrfToken;
}
return response;
}
};
@@ -88,4 +96,4 @@ angular.module('dockerui', [
// You need to set this to the api endpoint without the port i.e. http://192.168.1.9
.constant('DOCKER_ENDPOINT', 'dockerapi')
.constant('DOCKER_PORT', '') // Docker port, leave as an empty string if no port is requred. If you have a port, prefix it with a ':' i.e. :4243
.constant('UI_VERSION', 'v0.10.0-beta');
.constant('UI_VERSION', 'v0.10.1-beta');
+1 -1
View File
@@ -64,7 +64,7 @@
</tr>
</thead>
<tbody>
<tr ng-repeat="container in containers | filter:filter | orderBy:sortType:sortReverse">
<tr ng-repeat="container in (filteredContainers = ( containers | filter:filter | orderBy:sortType:sortReverse))">
<td><input type="checkbox" ng-model="container.Checked" /></td>
<td><a href="#/containers/{{ container.Id }}/">{{ container|containername}}</a></td>
<td><a href="#/images/{{ container.Image }}/">{{ container.Image }}</a></td>
@@ -6,7 +6,7 @@ angular.module('containers', [])
$scope.toggle = false;
$scope.displayAll = Settings.displayAll;
$scope.order = function(sortType) {
$scope.order = function (sortType) {
$scope.sortReverse = ($scope.sortType === sortType) ? !$scope.sortReverse : false;
$scope.sortType = sortType;
};
@@ -76,7 +76,7 @@ angular.module('containers', [])
};
$scope.toggleSelectAll = function () {
angular.forEach($scope.containers, function (i) {
angular.forEach($scope.filteredContainers, function (i) {
i.Checked = $scope.toggle;
});
};
+1 -1
View File
@@ -53,7 +53,7 @@
</tr>
</thead>
<tbody>
<tr ng-repeat="image in images | filter:filter | orderBy:sortType:sortReverse">
<tr ng-repeat="image in (filteredImages = (images | filter:filter | orderBy:sortType:sortReverse))">
<td><input type="checkbox" ng-model="image.Checked" /></td>
<td><a href="#/images/{{ image.Id }}/?tag={{ image|repotag }}">{{ image.Id|truncate:20}}</a></td>
<td>{{ image|repotag }}</td>
+1 -1
View File
@@ -42,7 +42,7 @@ angular.module('images', [])
};
$scope.toggleSelectAll = function () {
angular.forEach($scope.images, function (i) {
angular.forEach($scope.filteredImages, function (i) {
i.Checked = $scope.toggle;
});
};
+1 -1
View File
@@ -72,7 +72,7 @@
</tr>
</thead>
<tbody>
<tr ng-repeat="network in networks | filter:filter | orderBy:sortType:sortReverse">
<tr ng-repeat="network in ( filteredNetworks = (networks | filter:filter | orderBy:sortType:sortReverse))">
<td><input type="checkbox" ng-model="network.Checked"/></td>
<td><a href="#/networks/{{ network.Id }}/">{{ network.Name|truncate:20}}</a></td>
<td>{{ network.Id }}</td>
@@ -52,7 +52,7 @@ angular.module('networks', []).config(['$routeProvider', function ($routeProvide
};
$scope.toggleSelectAll = function () {
angular.forEach($scope.networks, function (i) {
angular.forEach($scope.filteredNetworks, function (i) {
i.Checked = $scope.toggle;
});
};
+1 -1
View File
@@ -44,7 +44,7 @@
</tr>
</thead>
<tbody>
<tr ng-repeat="volume in volumes | filter:filter | orderBy:sortType:sortReverse">
<tr ng-repeat="volume in (filteredVolumes = (volumes | filter:filter | orderBy:sortType:sortReverse))">
<td><input type="checkbox" ng-model="volume.Checked"/></td>
<td>{{ volume.Name|truncate:20 }}</td>
<td>{{ volume.Driver }}</td>
+1 -1
View File
@@ -45,7 +45,7 @@ angular.module('volumes', []).config(['$routeProvider', function ($routeProvider
};
$scope.toggleSelectAll = function () {
angular.forEach($scope.volumes, function (i) {
angular.forEach($scope.filteredVolumes, function (i) {
i.Checked = $scope.toggle;
});
};
+6 -6
View File
@@ -1,4 +1,4 @@
angular.module('dockerui.services', ['ngResource'])
angular.module('dockerui.services', ['ngResource', 'ngSanitize'])
.factory('Container', ['$resource', 'Settings', function ContainerFactory($resource, Settings) {
'use strict';
// Resource for interacting with the docker containers
@@ -171,13 +171,13 @@ angular.module('dockerui.services', ['ngResource'])
}
};
})
.factory('Messages', ['$rootScope', function MessagesFactory($rootScope) {
.factory('Messages', ['$rootScope', '$sanitize', function MessagesFactory($rootScope, $sanitize) {
'use strict';
return {
send: function (title, text) {
$.gritter.add({
title: title,
text: text,
title: $sanitize(title),
text: $sanitize(text),
time: 2000,
before_open: function () {
if ($('.gritter-item-wrapper').length === 3) {
@@ -188,8 +188,8 @@ angular.module('dockerui.services', ['ngResource'])
},
error: function (title, text) {
$.gritter.add({
title: title,
text: text,
title: $sanitize(title),
text: $sanitize(text),
time: 10000,
before_open: function () {
if ($('.gritter-item-wrapper').length === 4) {
+2 -1
View File
@@ -1,6 +1,6 @@
{
"name": "dockerui",
"version": "0.10.0-beta",
"version": "0.10.1-beta",
"homepage": "https://github.com/crosbymichael/dockerui",
"authors": [
"Michael Crosby <crosbymichael@gmail.com>",
@@ -23,6 +23,7 @@
"dependencies": {
"Chart.js": "1.0.2",
"angular": "1.3.15",
"angular-sanitize": "1.3.15",
"angular-bootstrap": "0.12.0",
"angular-mocks": "1.3.15",
"angular-oboe": "*",
+23 -15
View File
File diff suppressed because one or more lines are too long
BIN
View File
Binary file not shown.
+5 -5
View File
File diff suppressed because one or more lines are too long
+1 -1
View File
@@ -1 +1 @@
9d2349d7d4fd3b7a22f87e2b54cd7fb2cfd6d537 dockerui
965f7ce53139cf9e75e5b8a8206a4af5791eb8f8 dockerui
+33 -1
View File
@@ -10,12 +10,18 @@ import (
"net/url"
"os"
"strings"
"github.com/gorilla/csrf"
"io/ioutil"
"fmt"
"github.com/gorilla/securecookie"
)
var (
endpoint = flag.String("e", "/var/run/docker.sock", "Dockerd endpoint")
addr = flag.String("p", ":9000", "Address and port to serve dockerui")
assets = flag.String("a", ".", "Path to the assets")
authKey []byte
authKeyFile = "authKey.dat"
)
type UnixHandler struct {
@@ -85,9 +91,35 @@ func createHandler(dir string, e string) http.Handler {
h = createUnixHandler(e)
}
// Use existing csrf authKey if present or generate a new one.
dat, err := ioutil.ReadFile(authKeyFile)
if err != nil {
fmt.Println(err)
authKey = securecookie.GenerateRandomKey(32)
err := ioutil.WriteFile(authKeyFile, authKey, 0644)
if err != nil {
fmt.Println("unable to persist auth key", err)
}
} else {
authKey = dat
}
CSRF := csrf.Protect(
authKey,
csrf.HttpOnly(false),
csrf.Secure(false),
)
mux.Handle("/dockerapi/", http.StripPrefix("/dockerapi", h))
mux.Handle("/", fileHandler)
return mux
return CSRF(csrfWrapper(mux))
}
func csrfWrapper(h http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
w.Header().Set("X-CSRF-Token", csrf.Token(r))
h.ServeHTTP(w, r)
})
}
func main() {
+1
View File
@@ -153,6 +153,7 @@ module.exports = function (grunt) {
},
angular: {
src: ['bower_components/angular/angular.js',
'bower_components/angular-sanitize/angular-sanitize.js',
'bower_components/angular-route/angular-route.js',
'bower_components/angular-resource/angular-resource.js',
'bower_components/angular-bootstrap/ui-bootstrap-tpls.js',
+1 -1
View File
@@ -2,7 +2,7 @@
"author": "Michael Crosby & Kevan Ahlquist",
"name": "dockerui",
"homepage": "https://github.com/crosbymichael/dockerui",
"version": "0.10.0-beta",
"version": "0.10.1-beta",
"repository": {
"type": "git",
"url": "git@github.com:crosbymichael/dockerui.git"