klarose
commented
2 years ago I have been working on something like this myself. I have a branch with my changes -- somewhat outstanding. The main thing I've found to be problematic is the xsrf token. It's missing, and you don't really want to scrape it, as well as the other csrf checks.
This branch has a whole series of changes in it: https://github.com/klarose/webssh/tree/add-plugins
The main thing I've done in it is allow consumers to plugin a different backend connectivity mechanism (websocket in my case). I've also broken up the startup so you can control how it is run a bit in your own binary.
I added the --allow-cross-origin argument because I have a dynamic set of origins accessing my application, and it's too cumbersome to update the allow list in webssh (I'd have to restart or add some form of API integration), or to do the same with some form of reverse proxy so that it's all hosted together. It's important to note, though, that in my case access to the server is tightly controlled through a detailed auth subsystem in front of it.
The main flow of the API is to basically post the same details the form would normally submit, followed by opening a websocket to the server's /ws endpoint with the returned id as the query parameter. The websocket output stream has a bit of a protocol to understand (e.g. data vs commands like resize). I think I'd also like to make that stream have a similar protocol on receive/rewrite the form logic entirely to allow for keyboard-interface auth/challenges, but we'll see if I ever get there.
We need to open a web ssh in a browser tab by calling API along with the destination host details from the laravel application.
We dont need the default html form that is associated with the webssh