diff options
| -rw-r--r-- | .gitignore | 1 | ||||
| -rw-r--r-- | config/config.exs | 3 | ||||
| -rw-r--r-- | docs/config.md | 21 | ||||
| -rw-r--r-- | lib/pleroma/bbs/authenticator.ex | 16 | ||||
| -rw-r--r-- | lib/pleroma/bbs/handler.ex | 151 | ||||
| -rw-r--r-- | mix.exs | 5 | ||||
| -rw-r--r-- | mix.lock | 1 | ||||
| -rw-r--r-- | test/bbs/handler_test.exs | 80 |
8 files changed, 276 insertions, 2 deletions
diff --git a/.gitignore b/.gitignore index a1e79e4be..082c7491b 100644 --- a/.gitignore +++ b/.gitignore @@ -10,6 +10,7 @@ /test/tmp/ /doc /instance +/priv/ssh_keys # Prevent committing custom emojis /priv/static/emoji/custom/* diff --git a/config/config.exs b/config/config.exs index 1a9738cff..5824efb1c 100644 --- a/config/config.exs +++ b/config/config.exs @@ -443,6 +443,9 @@ config :pleroma, :ldap, base: System.get_env("LDAP_BASE") || "dc=example,dc=com", uid: System.get_env("LDAP_UID") || "cn" +config :esshd, + enabled: false + oauth_consumer_strategies = String.split(System.get_env("OAUTH_CONSUMER_STRATEGIES") || "") ueberauth_providers = diff --git a/docs/config.md b/docs/config.md index ad55d44a7..57d383db5 100644 --- a/docs/config.md +++ b/docs/config.md @@ -444,8 +444,29 @@ Pleroma account will be created with the same name as the LDAP user name. * `base`: LDAP base, e.g. "dc=example,dc=com" * `uid`: LDAP attribute name to authenticate the user, e.g. when "cn", the filter will be "cn=username,base" +## BBS / SSH access + +To enable simple command line interface accessible over ssh, add a setting like this to your configuration file: + +```exs +app_dir = File.cwd! +priv_dir = Path.join([app_dir, "priv/ssh_keys"]) + +config :esshd, + enabled: true, + priv_dir: priv_dir, + handler: "Pleroma.BBS.Handler", + port: 10_022, + password_authenticator: "Pleroma.BBS.Authenticator" +``` + +Feel free to adjust the priv_dir and port number. Then you will have to create the key for the keys (in the example `priv/ssh_keys`) and create the host keys with `ssh-keygen -N "" -b 2048 -t rsa -f ssh_host_rsa_key`. After restarting, you should be able to connect to your Pleroma instance with `ssh username@server -p $PORT` + ## :auth +* `Pleroma.Web.Auth.PleromaAuthenticator`: default database authenticator +* `Pleroma.Web.Auth.LDAPAuthenticator`: LDAP authentication + Authentication / authorization settings. * `auth_template`: authentication form template. By default it's `show.html` which corresponds to `lib/pleroma/web/templates/o_auth/o_auth/show.html.eex`. diff --git a/lib/pleroma/bbs/authenticator.ex b/lib/pleroma/bbs/authenticator.ex new file mode 100644 index 000000000..a2c153720 --- /dev/null +++ b/lib/pleroma/bbs/authenticator.ex @@ -0,0 +1,16 @@ +defmodule Pleroma.BBS.Authenticator do + use Sshd.PasswordAuthenticator + alias Comeonin.Pbkdf2 + alias Pleroma.User + + def authenticate(username, password) do + username = to_string(username) + password = to_string(password) + + with %User{} = user <- User.get_by_nickname(username) do + Pbkdf2.checkpw(password, user.password_hash) + else + _e -> false + end + end +end diff --git a/lib/pleroma/bbs/handler.ex b/lib/pleroma/bbs/handler.ex new file mode 100644 index 000000000..1ebba77d2 --- /dev/null +++ b/lib/pleroma/bbs/handler.ex @@ -0,0 +1,151 @@ +defmodule Pleroma.BBS.Handler do + @moduledoc """ + An example implementation of `Sshd.ShellHandler`, implementing a very simple + Read-Eval-Loop, that does nothing. + """ + use Sshd.ShellHandler + alias Pleroma.Web.CommonAPI + alias Pleroma.Web.ActivityPub.ActivityPub + alias Pleroma.Activity + + def on_shell(username, _pubkey, _ip, _port) do + :ok = IO.puts("Welcome to #{Pleroma.Config.get([:instance, :name])}!") + user = Pleroma.User.get_by_nickname(to_string(username)) + Logger.debug("#{inspect(user)}") + loop(run_state(user: user)) + end + + def on_connect(username, ip, port, method) do + Logger.debug(fn -> + """ + Incoming SSH shell #{inspect(self())} requested for #{username} from #{inspect(ip)}:#{ + inspect(port) + } using #{inspect(method)} + """ + end) + end + + def on_disconnect(username, ip, port) do + Logger.debug(fn -> + "Disconnecting SSH shell for #{username} from #{inspect(ip)}:#{inspect(port)}" + end) + end + + defp loop(state) do + self_pid = self() + counter = state.counter + prefix = state.prefix + user = state.user + + input = spawn(fn -> io_get(self_pid, prefix, counter, user.nickname) end) + wait_input(state, input) + end + + def puts_activity(activity) do + status = Pleroma.Web.MastodonAPI.StatusView.render("status.json", %{activity: activity}) + IO.puts("-- #{status.id} by #{status.account.display_name} (#{status.account.acct})") + IO.puts(HtmlSanitizeEx.strip_tags(status.content)) + IO.puts("") + end + + def handle_command(state, "help") do + IO.puts("Available commands:") + IO.puts("help - This help") + IO.puts("home - Show the home timeline") + IO.puts("p <text> - Post the given text") + IO.puts("r <id> <text> - Reply to the post with the given id") + IO.puts("quit - Quit") + + state + end + + def handle_command(%{user: user} = state, "r " <> text) do + text = String.trim(text) + [activity_id, rest] = String.split(text, " ", parts: 2) + + with %Activity{} <- Activity.get_by_id(activity_id), + {:ok, _activity} <- + CommonAPI.post(user, %{"status" => rest, "in_reply_to_status_id" => activity_id}) do + IO.puts("Replied!") + else + _e -> IO.puts("Could not reply...") + end + + state + end + + def handle_command(%{user: user} = state, "p " <> text) do + text = String.trim(text) + + with {:ok, _activity} <- CommonAPI.post(user, %{"status" => text}) do + IO.puts("Posted!") + else + _e -> IO.puts("Could not post...") + end + + state + end + + def handle_command(state, "home") do + user = state.user + + params = + %{} + |> Map.put("type", ["Create"]) + |> Map.put("blocking_user", user) + |> Map.put("muting_user", user) + |> Map.put("user", user) + + activities = + [user.ap_id | user.following] + |> ActivityPub.fetch_activities(params) + |> ActivityPub.contain_timeline(user) + + Enum.each(activities, fn activity -> + puts_activity(activity) + end) + + state + end + + def handle_command(state, command) do + IO.puts("Unknown command '#{command}'") + state + end + + defp wait_input(state, input) do + receive do + {:input, ^input, "quit\n"} -> + IO.puts("Exiting...") + + {:input, ^input, code} when is_binary(code) -> + code = String.trim(code) + + state = handle_command(state, code) + + loop(%{state | counter: state.counter + 1}) + + {:error, :interrupted} -> + IO.puts("Caught Ctrl+C...") + loop(%{state | counter: state.counter + 1}) + + {:input, ^input, msg} -> + :ok = Logger.warn("received unknown message: #{inspect(msg)}") + loop(%{state | counter: state.counter + 1}) + end + end + + defp run_state(opts) do + %{prefix: "pleroma", counter: 1, user: opts[:user]} + end + + defp io_get(pid, prefix, counter, username) do + prompt = prompt(prefix, counter, username) + send(pid, {:input, self(), IO.gets(:stdio, prompt)}) + end + + defp prompt(prefix, counter, username) do + prompt = "#{username}@#{prefix}:#{counter}>" + prompt <> " " + end +end @@ -41,7 +41,7 @@ defmodule Pleroma.Mixfile do def application do [ mod: {Pleroma.Application, []}, - extra_applications: [:logger, :runtime_tools, :comeonin, :quack], + extra_applications: [:logger, :runtime_tools, :comeonin, :esshd, :quack], included_applications: [:ex_syslogger] ] end @@ -112,7 +112,8 @@ defmodule Pleroma.Mixfile do {:prometheus_process_collector, "~> 1.4"}, {:recon, github: "ferd/recon", tag: "2.4.0"}, {:quack, "~> 0.1.1"}, - {:benchee, "~> 1.0"} + {:benchee, "~> 1.0"}, + {:esshd, "~> 0.1.0"} ] ++ oauth_deps end @@ -22,6 +22,7 @@ "earmark": {:hex, :earmark, "1.3.2", "b840562ea3d67795ffbb5bd88940b1bed0ed9fa32834915125ea7d02e35888a5", [:mix], [], "hexpm"}, "ecto": {:hex, :ecto, "3.0.7", "44dda84ac6b17bbbdeb8ac5dfef08b7da253b37a453c34ab1a98de7f7e5fec7f", [:mix], [{:decimal, "~> 1.6", [hex: :decimal, repo: "hexpm", optional: false]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: true]}, {:poison, "~> 2.2 or ~> 3.0", [hex: :poison, repo: "hexpm", optional: true]}], "hexpm"}, "ecto_sql": {:hex, :ecto_sql, "3.0.5", "7e44172b4f7aca4469f38d7f6a3da394dbf43a1bcf0ca975e958cb957becd74e", [:mix], [{:db_connection, "~> 2.0", [hex: :db_connection, repo: "hexpm", optional: false]}, {:ecto, "~> 3.0.6", [hex: :ecto, repo: "hexpm", optional: false]}, {:mariaex, "~> 0.9.1", [hex: :mariaex, repo: "hexpm", optional: true]}, {:postgrex, "~> 0.14.0", [hex: :postgrex, repo: "hexpm", optional: true]}, {:telemetry, "~> 0.3.0", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm"}, + "esshd": {:hex, :esshd, "0.1.0", "6f93a2062adb43637edad0ea7357db2702a4b80dd9683482fe00f5134e97f4c1", [:mix], [], "hexpm"}, "eternal": {:hex, :eternal, "1.2.0", "e2a6b6ce3b8c248f7dc31451aefca57e3bdf0e48d73ae5043229380a67614c41", [:mix], [], "hexpm"}, "ex_aws": {:hex, :ex_aws, "2.1.0", "b92651527d6c09c479f9013caa9c7331f19cba38a650590d82ebf2c6c16a1d8a", [:mix], [{:configparser_ex, "~> 2.0", [hex: :configparser_ex, repo: "hexpm", optional: true]}, {:hackney, "1.6.3 or 1.6.5 or 1.7.1 or 1.8.6 or ~> 1.9", [hex: :hackney, repo: "hexpm", optional: true]}, {:jsx, "~> 2.8", [hex: :jsx, repo: "hexpm", optional: true]}, {:poison, ">= 1.2.0", [hex: :poison, repo: "hexpm", optional: true]}, {:sweet_xml, "~> 0.6", [hex: :sweet_xml, repo: "hexpm", optional: true]}, {:xml_builder, "~> 0.1.0", [hex: :xml_builder, repo: "hexpm", optional: true]}], "hexpm"}, "ex_aws_s3": {:hex, :ex_aws_s3, "2.0.1", "9e09366e77f25d3d88c5393824e613344631be8db0d1839faca49686e99b6704", [:mix], [{:ex_aws, "~> 2.0", [hex: :ex_aws, repo: "hexpm", optional: false]}, {:sweet_xml, ">= 0.0.0", [hex: :sweet_xml, repo: "hexpm", optional: true]}], "hexpm"}, diff --git a/test/bbs/handler_test.exs b/test/bbs/handler_test.exs new file mode 100644 index 000000000..a22c6d64d --- /dev/null +++ b/test/bbs/handler_test.exs @@ -0,0 +1,80 @@ +defmodule Pleroma.BBS.HandlerTest do + use Pleroma.DataCase + alias Pleroma.BBS.Handler + alias Pleroma.Web.CommonAPI + alias Pleroma.User + alias Pleroma.Repo + alias Pleroma.Activity + + import ExUnit.CaptureIO + import Pleroma.Factory + import Ecto.Query + + test "getting the home timeline" do + user = insert(:user) + followed = insert(:user) + + {:ok, user} = User.follow(user, followed) + + {:ok, _first} = CommonAPI.post(user, %{"status" => "hey"}) + {:ok, _second} = CommonAPI.post(followed, %{"status" => "hello"}) + + output = + capture_io(fn -> + Handler.handle_command(%{user: user}, "home") + end) + + assert output =~ user.nickname + assert output =~ followed.nickname + + assert output =~ "hey" + assert output =~ "hello" + end + + test "posting" do + user = insert(:user) + + output = + capture_io(fn -> + Handler.handle_command(%{user: user}, "p this is a test post") + end) + + assert output =~ "Posted" + + activity = + Repo.one( + from(a in Activity, + where: fragment("?->>'type' = ?", a.data, "Create") + ) + ) + + assert activity.actor == user.ap_id + assert activity.data["object"]["content"] == "this is a test post" + end + + test "replying" do + user = insert(:user) + another_user = insert(:user) + + {:ok, activity} = CommonAPI.post(another_user, %{"status" => "this is a test post"}) + + output = + capture_io(fn -> + Handler.handle_command(%{user: user}, "r #{activity.id} this is a reply") + end) + + assert output =~ "Replied" + + reply = + Repo.one( + from(a in Activity, + where: fragment("?->>'type' = ?", a.data, "Create"), + where: a.actor == ^user.ap_id + ) + ) + + assert reply.actor == user.ap_id + assert reply.data["object"]["content"] == "this is a reply" + assert reply.data["object"]["inReplyTo"] == activity.data["object"]["id"] + end +end |