src/support.js

'use strict';

exports = module.exports = {
    getRemoteSupport,
    enableRemoteSupport,

    _sshInfo: sshInfo
};

const assert = require('assert'),
    BoxError = require('./boxerror.js'),
    constants = require('./constants.js'),
    eventlog = require('./eventlog.js'),
    path = require('path'),
    paths = require('./paths.js'),
    safe = require('safetydance'),
    shell = require('./shell.js');

// the logic here is also used in the cloudron-support tool
const AUTHORIZED_KEYS_CMD = path.join(__dirname, 'scripts/remotesupport.sh');

function sshInfo() {
    let filePath, user;

    if (constants.TEST) {
        filePath = path.join(paths.baseDir(), 'authorized_keys');
        user = process.getuid();
    } else {
        filePath = `/home/${constants.SUPPORT_USERNAME}/.ssh/authorized_keys`;
        user = constants.SUPPORT_USERNAME;
    }

    return { filePath, user };
}

async function getRemoteSupport() {
    const [error, stdoutResult] = await safe(shell.promises.sudo('support', [ AUTHORIZED_KEYS_CMD, 'is-enabled', sshInfo().filePath ], {}));
    if (error) throw new BoxError(BoxError.FS_ERROR, error);

    return stdoutResult.trim() === 'true';
}

async function enableRemoteSupport(enable, auditSource) {
    assert.strictEqual(typeof enable, 'boolean');
    assert.strictEqual(typeof auditSource, 'object');

    const si = sshInfo();
    const [error] = await safe(shell.promises.sudo('support', [ AUTHORIZED_KEYS_CMD, enable ? 'enable' : 'disable', si.filePath, si.user ], {}));
    if (error) throw new BoxError(BoxError.FS_ERROR, error);

    await eventlog.add(eventlog.ACTION_SUPPORT_SSH, auditSource, { enable });
}
rework code to enable/disable remote support we had a generic ssh key management api. this was causing issues because the ssh format is more complicated than what we had implemented. currently, the only use case we have is to add our ssh key. Fixes #600 2018-12-19 11:47:15 -08:00			`'use strict';`

			`exports = module.exports = {`
lint 2021-05-01 11:21:09 -07:00			`getRemoteSupport,`
tests: more common'ification 2021-08-12 16:27:31 -07:00			`enableRemoteSupport,`

			`_sshInfo: sshInfo`
rework code to enable/disable remote support we had a generic ssh key management api. this was causing issues because the ssh format is more complicated than what we had implemented. currently, the only use case we have is to add our ssh key. Fixes #600 2018-12-19 11:47:15 -08:00			`};`

tests: more common'ification 2021-08-12 16:27:31 -07:00			`const assert = require('assert'),`
Move SupportError to BoxError 2019-10-22 11:08:19 -07:00			`BoxError = require('./boxerror.js'),`
move use of TEST and CLOUDRON to constants 2019-07-26 10:10:14 -07:00			`constants = require('./constants.js'),`
eventlog: support ticket and ssh 2019-12-16 14:06:55 -08:00			`eventlog = require('./eventlog.js'),`
rework code to enable/disable remote support we had a generic ssh key management api. this was causing issues because the ssh format is more complicated than what we had implemented. currently, the only use case we have is to add our ssh key. Fixes #600 2018-12-19 11:47:15 -08:00			`path = require('path'),`
Move config.baseDir to paths 2019-07-26 10:04:54 -07:00			`paths = require('./paths.js'),`
Fix provider usage * do not send to appstore anymore * do not set in getStatus/getConfig * provider is not needed when registering cloudron 2020-06-25 11:07:49 -07:00			`safe = require('safetydance'),`
eventlog: support ticket and ssh 2019-12-16 14:06:55 -08:00			`shell = require('./shell.js');`
rework code to enable/disable remote support we had a generic ssh key management api. this was causing issues because the ssh format is more complicated than what we had implemented. currently, the only use case we have is to add our ssh key. Fixes #600 2018-12-19 11:47:15 -08:00
cloudron-support: add ssh keys like support.js 2019-05-21 09:44:58 -07:00			`// the logic here is also used in the cloudron-support tool`
make sysinfo provider a setting 2019-10-29 15:46:33 -07:00			`const AUTHORIZED_KEYS_CMD = path.join(__dirname, 'scripts/remotesupport.sh');`

			`function sshInfo() {`
			`let filePath, user;`

			`if (constants.TEST) {`
			`filePath = path.join(paths.baseDir(), 'authorized_keys');`
			`user = process.getuid();`
			`} else {`
create a separate support user This creates a separate user named 'cloudron-support' using which we can provide remote support. The hyphen username convention follows the systemd sytem username convention. With a separate user, we don't need to ask users to keep changing PermitRootLogin (and remind them to change it back). Using a sudo user has various advantages: * https://askubuntu.com/questions/687249/why-does-ubuntu-have-a-disabled-root-account * https://wiki.debian.org/sudo * https://askubuntu.com/questions/16178/why-is-it-bad-to-log-in-as-root The yellowtent user is also locked down further - no password and no shell login. 2022-03-30 14:27:39 -07:00			filePath = `/home/${constants.SUPPORT_USERNAME}/.ssh/authorized_keys`;
			`user = constants.SUPPORT_USERNAME;`
make sysinfo provider a setting 2019-10-29 15:46:33 -07:00			`}`

			`return { filePath, user };`
			`}`
rework code to enable/disable remote support we had a generic ssh key management api. this was causing issues because the ssh format is more complicated than what we had implemented. currently, the only use case we have is to add our ssh key. Fixes #600 2018-12-19 11:47:15 -08:00
appstore and support: async'ify 2021-08-18 15:54:53 -07:00			`async function getRemoteSupport() {`
			`const [error, stdoutResult] = await safe(shell.promises.sudo('support', [ AUTHORIZED_KEYS_CMD, 'is-enabled', sshInfo().filePath ], {}));`
			`if (error) throw new BoxError(BoxError.FS_ERROR, error);`
rework code to enable/disable remote support we had a generic ssh key management api. this was causing issues because the ssh format is more complicated than what we had implemented. currently, the only use case we have is to add our ssh key. Fixes #600 2018-12-19 11:47:15 -08:00
appstore and support: async'ify 2021-08-18 15:54:53 -07:00			`return stdoutResult.trim() === 'true';`
rework code to enable/disable remote support we had a generic ssh key management api. this was causing issues because the ssh format is more complicated than what we had implemented. currently, the only use case we have is to add our ssh key. Fixes #600 2018-12-19 11:47:15 -08:00			`}`

appstore and support: async'ify 2021-08-18 15:54:53 -07:00			`async function enableRemoteSupport(enable, auditSource) {`
eventlog: support ticket and ssh 2019-12-16 14:06:55 -08:00			`assert.strictEqual(typeof enable, 'boolean');`
			`assert.strictEqual(typeof auditSource, 'object');`
rework code to enable/disable remote support we had a generic ssh key management api. this was causing issues because the ssh format is more complicated than what we had implemented. currently, the only use case we have is to add our ssh key. Fixes #600 2018-12-19 11:47:15 -08:00
tests: more common'ification 2021-08-12 16:27:31 -07:00			`const si = sshInfo();`
appstore and support: async'ify 2021-08-18 15:54:53 -07:00			`const [error] = await safe(shell.promises.sudo('support', [ AUTHORIZED_KEYS_CMD, enable ? 'enable' : 'disable', si.filePath, si.user ], {}));`
			`if (error) throw new BoxError(BoxError.FS_ERROR, error);`
eventlog: support ticket and ssh 2019-12-16 14:06:55 -08:00
appstore and support: async'ify 2021-08-18 15:54:53 -07:00			`await eventlog.add(eventlog.ACTION_SUPPORT_SSH, auditSource, { enable });`
rework code to enable/disable remote support we had a generic ssh key management api. this was causing issues because the ssh format is more complicated than what we had implemented. currently, the only use case we have is to add our ssh key. Fixes #600 2018-12-19 11:47:15 -08:00			`}`