Merge branch 'warp-tech:main' into main

.bumpversion.cfg

@@ -1,5 +1,5 @@
 [bumpversion]
-current_version = 0.8.0
+current_version = 0.8.1
 commit = True
 tag = True
 

docker/Dockerfile

@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:1.3-labs
-FROM rust:1.64.0-bullseye AS build
+FROM rust:1.72.1-bullseye AS build
 
 ENV DEBIAN_FRONTEND noninteractive
 

warpgate-admin/Cargo.toml

@@ -2,7 +2,7 @@
 edition = "2021"
 license = "Apache-2.0"
 name = "warpgate-admin"
-version = "0.8.0"
+version = "0.8.1"
 
 [dependencies]
 anyhow = { version = "1.0", features = ["std"] }

warpgate-common/Cargo.toml

@@ -2,7 +2,7 @@
 edition = "2021"
 license = "Apache-2.0"
 name = "warpgate-common"
-version = "0.8.0"
+version = "0.8.1"
 
 [dependencies]
 anyhow = "1.0"

warpgate-core/Cargo.toml

@@ -2,7 +2,7 @@
 edition = "2021"
 license = "Apache-2.0"
 name = "warpgate-core"
-version = "0.8.0"
+version = "0.8.1"
 
 [dependencies]
 warpgate-common = { version = "*", path = "../warpgate-common" }

warpgate-database-protocols/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "warpgate-database-protocols"
-version = "0.8.0"
+version = "0.8.1"
 description = "Core of SQLx, the rust SQL toolkit. Just the database protocol parts."
 license = "MIT OR Apache-2.0"
 edition = "2021"

warpgate-db-entities/Cargo.toml

@@ -2,7 +2,7 @@
 edition = "2021"
 license = "Apache-2.0"
 name = "warpgate-db-entities"
-version = "0.8.0"
+version = "0.8.1"
 
 [dependencies]
 chrono = { version = "0.4", default_features = false, features = ["serde"] }

warpgate-db-migrations/Cargo.toml

@@ -3,7 +3,7 @@ edition = "2021"
 license = "Apache-2.0"
 name = "warpgate-db-migrations"
 publish = false
-version = "0.8.0"
+version = "0.8.1"
 
 [lib]
 

warpgate-protocol-http/Cargo.toml

@@ -2,7 +2,7 @@
 edition = "2021"
 license = "Apache-2.0"
 name = "warpgate-protocol-http"
-version = "0.8.0"
+version = "0.8.1"
 
 [dependencies]
 anyhow = "1.0"
@@ -39,3 +39,4 @@ warpgate-sso = { version = "*", path = "../warpgate-sso" }
 percent-encoding = "2.1"
 uuid = { version = "1.2", features = ["v4"] }
 regex = "1.6"
+url = "2.4.1"

warpgate-protocol-http/src/proxy.rs

@@ -14,6 +14,7 @@ use poem::web::websocket::{Message, WebSocket};
 use poem::{Body, IntoResponse, Request, Response};
 use tokio_tungstenite::{connect_async_with_config, tungstenite};
 use tracing::*;
+use url::Url;
 use warpgate_common::{try_block, TargetHTTPOptions, TlsMode, WarpgateError};
 use warpgate_web::lookup_built_file;
 
@@ -149,12 +150,18 @@ fn rewrite_request<B: SomeRequestBuilder>(mut req: B, options: &TargetHTTPOption
     Ok(req)
 }
 
-fn rewrite_response(resp: &mut Response, options: &TargetHTTPOptions) -> Result<()> {
+fn rewrite_response(
+    resp: &mut Response,
+    options: &TargetHTTPOptions,
+    source_uri: &Uri,
+) -> Result<()> {
     let target_uri = Uri::try_from(options.url.clone())?;
     let headers = resp.headers_mut();
 
     if let Some(value) = headers.get_mut(http::header::LOCATION) {
-        let redirect_uri = Uri::try_from(value.as_bytes())?;
+        let location = Url::parse(&source_uri.to_string())?.join(value.to_str()?)?;
+        let redirect_uri = Uri::try_from(location.to_string())?;
+
         if redirect_uri.authority() == target_uri.authority() {
             let old_value = value.clone();
             *value = Uri::builder()
@@ -285,7 +292,7 @@ pub async fn proxy_normal_request(
 
     log_request_result(req.method(), req.original_uri(), &status);
 
-    rewrite_response(&mut response, options)?;
+    rewrite_response(&mut response, options, &uri)?;
     Ok(response)
 }
 
@@ -470,6 +477,6 @@ async fn proxy_ws_inner(
         .into_response();
 
     copy_client_response(&client_response, &mut response);
-    rewrite_response(&mut response, options)?;
+    rewrite_response(&mut response, options, &uri)?;
     Ok(response)
 }

warpgate-protocol-mysql/Cargo.toml

@@ -2,7 +2,7 @@
 edition = "2021"
 license = "Apache-2.0"
 name = "warpgate-protocol-mysql"
-version = "0.8.0"
+version = "0.8.1"
 
 [dependencies]
 warpgate-common = { version = "*", path = "../warpgate-common" }

warpgate-protocol-ssh/Cargo.toml

@@ -2,7 +2,7 @@
 edition = "2021"
 license = "Apache-2.0"
 name = "warpgate-protocol-ssh"
-version = "0.8.0"
+version = "0.8.1"
 
 [dependencies]
 ansi_term = "0.12"
@@ -12,7 +12,7 @@ bimap = "0.6"
 bytes = "1.3"
 dialoguer = "0.10"
 futures = "0.3"
-russh = { version = "0.38.0", features = ["vendored-openssl"] }
+russh = { version = "0.39.0", features = ["vendored-openssl"] }
 # russh = { version = "0.35.0-beta.6", features = ["vendored-openssl"], path = "../../russh/russh"}
 russh-keys = { version = "0.38.0", features = ["vendored-openssl"] }
 # russh-keys = { version = "0.23.0-beta.1", features = ["vendored-openssl"], path = "../../russh/russh-keys" }

warpgate-protocol-ssh/src/server/russh_handler.rs

@@ -29,6 +29,7 @@ pub enum ServerHandlerEvent {
     PtyRequest(ServerChannelId, PtyRequest, oneshot::Sender<()>),
     ShellRequest(ServerChannelId, oneshot::Sender<bool>),
     AuthPublicKey(Secret<String>, PublicKey, oneshot::Sender<Auth>),
+    AuthPublicKeyOffer(Secret<String>, PublicKey, oneshot::Sender<bool>),
     AuthPassword(Secret<String>, Secret<String>, oneshot::Sender<Auth>),
     AuthKeyboardInteractive(
         Secret<String>,
@@ -178,6 +179,33 @@ impl russh::server::Handler for ServerHandler {
         Ok((self, session))
     }
 
+    async fn auth_publickey_offered(
+        self,
+        user: &str,
+        key: &russh_keys::key::PublicKey,
+    ) -> Result<(Self, Auth), Self::Error> {
+        let user = Secret::new(user.to_string());
+        let (tx, rx) = oneshot::channel();
+
+        self.send_event(ServerHandlerEvent::AuthPublicKeyOffer(
+            user,
+            key.clone(),
+            tx,
+        ))?;
+
+        let result = rx.await.unwrap_or(false);
+        Ok((
+            self,
+            if result {
+                Auth::Accept
+            } else {
+                Auth::Reject {
+                    proceed_with_methods: None,
+                }
+            },
+        ))
+    }
+
     async fn auth_publickey(
         self,
         user: &str,