Merge branch 'master' into GEN-370_pod_list_management

DCUSnSLab · Sep 25, 2024 · 91d7ffe · 91d7ffe
2 parents 4f0407d + 1553c48
commit 91d7ffe
Show file tree

Hide file tree

Showing 4 changed files with 47 additions and 7 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -15,6 +15,8 @@ RUN pip install --upgrade pip
 
 RUN pip install --editable .
 
+RUN pip install pycryptodome
+
 RUN apk add vim
 
 WORKDIR /dcusshk8s/kubessh
@@ -31,4 +33,4 @@ RUN chmod +x /usr/local/bin/kubectl # buildkit
 ENV PYTHONPATH=/dcusshk8s/
 
 # CMD ["python3", "./kubessh/app.py --KubeSSH.config_file=kubessh_dummy_config.py"]
-# CMD ["python3", "./:kubessh/app.py"]
+# CMD ["python3", "./:kubessh/app.py"]
diff --git a/Jenkinsfile b/Jenkinsfile
@@ -21,9 +21,10 @@ node {
 
     //docker image를 push하는 stage, 필자는 dockerhub에 이미지를 올렸으나 보통 private image repo를 별도 구축해서 사용하는것이 좋음
     stage('Push image') {
+        def BUILD_NUMBER_1 = BUILD_NUMBER.toInteger() + 3
         docker.withRegistry("https://harbor.cu.ac.kr", "harbor") {
             app.push("latest")
-            app.push("${env.BUILD_NUMBER}")
+            app.push("${BUILD_NUMBER_1}")
         }
     }
 
@@ -35,4 +36,4 @@ node {
     stage('Complete') {
         sh "echo 'The end'"
     }
-  }
+  }
diff --git a/kubessh/authentication/dummy.py b/kubessh/authentication/dummy.py
@@ -1,6 +1,10 @@
 from kubessh.authentication import Authenticator
 import requests
 import json
+from Crypto.PublicKey import RSA
+from Crypto.Cipher import PKCS1_v1_5
+import base64
+
 
 class DummyAuthenticator(Authenticator):
     """
@@ -11,17 +15,48 @@ class DummyAuthenticator(Authenticator):
     def password_auth_supported(self):
         return True
 
+    def get_public_key(self):
+        try:
+            #response = requests.get('http://203.250.33.87:31320/api/get_public_key')
+            response = requests.get('http://203.250.33.85/api/get_public_key')
+            if response.status_code == 200:
+                return response.json()['data']['public_key']
+            else:
+                self.log.error(f"Failed to get public key: {response.status_code}")
+                return None
+        except Exception as e:
+            self.log.error(f"Error fetching public key: {str(e)}")
+            return None
+
+    def encrypt_password(self, public_key_str, password):
+        try:
+            public_key = RSA.import_key(public_key_str)
+            cipher = PKCS1_v1_5.new(public_key)
+            encrypted_password = cipher.encrypt(password.encode())
+            return base64.b64encode(encrypted_password).decode('utf-8')
+        except Exception as e:
+            self.log.error(f"Error encrypting password: {str(e)}")
+            return None
+
     def validate_password(self, username, password):
         self.log.info(f"Login attempted by {username}")
+
+        public_key = self.get_public_key()
+        if not public_key:
+            return False
+
+        encrypted_password = self.encrypt_password(public_key, password)
+        if not encrypted_password:
+            return False
 
+        #url = 'http://203.250.33.87:31320/api/login'
         url = 'http://203.250.33.85/api/login'
-#        url = 'http://203.250.33.99/api/login'
         data = {
             'username': username,
-            'password': password
+            'password': encrypted_password
         }
 
-        response = requests.post(url, data=data)
+        response = requests.post(url, json=data)
         print("HTTP response status code :", response.status_code)
 
         if response.status_code == 200:
@@ -32,4 +67,5 @@ def validate_password(self, username, password):
             if response_data['error'] == None:
                 return True
 
+        #print("Response text:\n", response.text)
         return False
diff --git a/requirements.txt b/requirements.txt
@@ -3,4 +3,5 @@ asyncssh
 ptyprocess
 escapism
 traitlets
-ruamel.yaml
+pycryptodome
+ruamel.yaml