Skip to content

Commit

Permalink
Support for the NICE DCV authenticated proxy
Browse files Browse the repository at this point in the history
  • Loading branch information
sidoruka committed Jul 31, 2023
1 parent fe4156a commit 48e0217
Show file tree
Hide file tree
Showing 4 changed files with 16 additions and 4 deletions.
7 changes: 5 additions & 2 deletions deploy/docker/cp-edge/validate_proxy_auth.lua
Original file line number Diff line number Diff line change
Expand Up @@ -178,6 +178,9 @@ local function get_basic_token()
local user = user_pass[1]
local pass = user_pass[2]

-- Remove any whitespace/newline from the token (some clients tend to add trailing newline)
pass = string.gsub(pass, '%s+', '')

if (is_empty(user) or is_empty(pass)) then
ngx.log(ngx.WARN, "Basic HTTP Authorization header is set and decoded, but user or pass is missing: " .. authorization)
return nil
Expand All @@ -188,10 +191,10 @@ end
local token = get_basic_token()

if is_empty(token) then
ngx.status = ngx.HTTP_UNAUTHORIZED
ngx.log(ngx.WARN, "[SECURITY] Request " .. ngx.var.request ..
" is rejected; Status: Authentication failed; Message: Token is not provided")
ngx.exit(ngx.HTTP_UNAUTHORIZED)
ngx.header["Proxy-Authenticate"] = "Basic realm=\"Cloud Pipeline EDGE\""
ngx.exit(407)
end

local cert_path = os.getenv("JWT_PUB_KEY")
Expand Down
4 changes: 3 additions & 1 deletion workflows/pipe-common/resources/linux/template.dcv
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,8 @@ format=1.0
proxytype=HTTP
proxyhost={CP_PROXY}
proxyport={CP_PROXY_PORT}
proxyuser={CP_PROXY_USER}
proxypassword={CP_PROXY_TOKEN}
host={CP_HOST}
port={CP_HOST_PORT}
sessionid=session
sessionid={CP_USERNAME}-session
2 changes: 2 additions & 0 deletions workflows/pipe-common/resources/windows/template.dcv
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,8 @@ format=1.0
proxytype=HTTP
proxyhost={CP_PROXY}
proxyport={CP_PROXY_PORT}
proxyuser={CP_PROXY_USER}
proxypassword={CP_PROXY_TOKEN}
host={CP_HOST}
port={CP_HOST_PORT}
sessionid=console
Expand Down
7 changes: 6 additions & 1 deletion workflows/pipe-common/scripts/serve_desktop.py
Original file line number Diff line number Diff line change
Expand Up @@ -48,6 +48,7 @@ class Config:
template_path = None
connection_name = None
personal = None
api_token = ''


app = Flask(__name__)
Expand All @@ -66,7 +67,9 @@ def get_desktop_file():
CP_HOST=Config.local_ip,
CP_HOST_PORT=Config.local_port,
CP_USERNAME=user_name,
CP_PASSWORD=Config.user_pass)
CP_PASSWORD=Config.user_pass,
CP_PROXY_USER=user_name,
CP_PROXY_TOKEN=Config.api_token)
elif template_type == NXS:
template_data = template_data.format(CP_PROXY=proxy_host,
CP_PROXY_PORT=proxy_port,
Expand Down Expand Up @@ -156,6 +159,7 @@ def start(serving_port, desktop_port, template_path):
user_pass = _extract_parameter('OWNER_PASSWORD', default=user_name)
if not user_pass:
raise RuntimeError('Cannot get OWNER_PASSWORD from environment')
api_token = _extract_parameter('API_TOKEN')
personal = _extract_boolean_parameter('CP_CAP_DESKTOP_NM_USER_CONNECTION_FILES', default='true')

logging.basicConfig(level=logging_level, format=logging_format)
Expand Down Expand Up @@ -187,6 +191,7 @@ def start(serving_port, desktop_port, template_path):
Config.template_path = template_path
Config.connection_name = connection_name
Config.personal = personal
Config.api_token = api_token

logger.info('Starting web server on {} port...'.format(serving_port))
app.run(port=serving_port, host='0.0.0.0')
Expand Down

0 comments on commit 48e0217

Please sign in to comment.