private/nexus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
a7fe12b8e87aa73e9828ab3b5894c5a1e53986c5
nexus/tools/pi_control/terminal_entry.sh
Lars Gebhardt-Kusche a7fe12b8e8 module picontrol
2026-03-06 22:38:07 +01:00

81 lines
3.5 KiB
Bash
Raw Blame History

#!/usr/bin/env bash
set -euo pipefail
TOKEN="${1:-}"
ENC_COMMAND="${2:-}"
if [[ -z "${TOKEN}" ]]; then
echo "Missing token."
exit 1
fi
API_BASE="${PI_CONTROL_API_URL:-http://gui_nexus}"
API_BASE="${API_BASE%/}"
INFO_URL="${API_BASE}/module/pi_control/terminal_info?token=${TOKEN}"
AUTH_HEADER=()
if [[ -n "${STAGING_AUTH_USER:-}" && -n "${STAGING_AUTH_PASS:-}" ]]; then
BASIC="$(printf "%s:%s" "${STAGING_AUTH_USER}" "${STAGING_AUTH_PASS}" | base64)"
AUTH_HEADER=(-H "Authorization: Basic ${BASIC}")
fi
if [[ -n "${PI_CONTROL_SHARED_SECRET:-}" ]]; then
AUTH_HEADER+=(-H "X-Terminal-Secret: ${PI_CONTROL_SHARED_SECRET}")
fi
JSON="$(curl -sS "${AUTH_HEADER[@]}" "${INFO_URL}")"
OK="$(echo "${JSON}" | jq -r '.ok')"
if [[ "${OK}" != "true" ]]; then
echo "Invalid or expired token."
exit 1
fi
HOST="$(echo "${JSON}" | jq -r '.host.host')"
PORT="$(echo "${JSON}" | jq -r '.host.port')"
USER="$(echo "${JSON}" | jq -r '.host.username')"
AUTH_TYPE="$(echo "${JSON}" | jq -r '.host.auth_type')"
KEY_PATH="$(echo "${JSON}" | jq -r '.host.key_path')"
PASSWORD="$(echo "${JSON}" | jq -r '.host.password')"
COMMAND="$(echo "${JSON}" | jq -r '.command // ""')"
if [[ -z "${COMMAND}" && -n "${ENC_COMMAND}" ]]; then
COMMAND="$(printf '%s' "${ENC_COMMAND}" | base64 -d 2>/dev/null || true)"
fi
if [[ -z "${HOST}" || -z "${USER}" ]]; then
echo "Host data incomplete."
exit 1
fi
SSH_OPTS=()
if [[ "${PI_CONTROL_STRICT_HOSTKEY:-}" == "1" ]]; then
SSH_OPTS=(-o StrictHostKeyChecking=accept-new -o UserKnownHostsFile=/root/.ssh/known_hosts)
else
SSH_OPTS=(-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null)
fi
SSH_TARGET="${USER}@${HOST}"
if [[ -n "${COMMAND}" ]]; then
COMMAND_B64="$(printf '%s' "${COMMAND}" | base64)"
REMOTE_CMD='CMD_B64="$1"; CMD="$(printf "%s" "${CMD_B64}" | base64 -d)"; eval "${CMD}"; exec /bin/bash -il'
if [[ "${AUTH_TYPE}" == "key" && -n "${KEY_PATH}" ]]; then
exec ssh "${SSH_OPTS[@]}" -i "${KEY_PATH}" -p "${PORT:-22}" -tt "${SSH_TARGET}" -- /bin/bash -lc "${REMOTE_CMD}" -- "${COMMAND_B64}" || \
exec ssh "${SSH_OPTS[@]}" -i "${KEY_PATH}" -p "${PORT:-22}" -tt "${SSH_TARGET}" -- /bin/sh -lc "${REMOTE_CMD}" -- "${COMMAND_B64}"
elif [[ "${AUTH_TYPE}" == "pass" && -n "${PASSWORD}" ]]; then
exec sshpass -p "${PASSWORD}" ssh "${SSH_OPTS[@]}" -p "${PORT:-22}" -tt "${SSH_TARGET}" -- /bin/bash -lc "${REMOTE_CMD}" -- "${COMMAND_B64}" || \
exec sshpass -p "${PASSWORD}" ssh "${SSH_OPTS[@]}" -p "${PORT:-22}" -tt "${SSH_TARGET}" -- /bin/sh -lc "${REMOTE_CMD}" -- "${COMMAND_B64}"
else
exec ssh "${SSH_OPTS[@]}" -p "${PORT:-22}" -tt "${SSH_TARGET}" -- /bin/bash -lc "${REMOTE_CMD}" -- "${COMMAND_B64}" || \
exec ssh "${SSH_OPTS[@]}" -p "${PORT:-22}" -tt "${SSH_TARGET}" -- /bin/sh -lc "${REMOTE_CMD}" -- "${COMMAND_B64}"
fi
else
if [[ "${AUTH_TYPE}" == "key" && -n "${KEY_PATH}" ]]; then
exec ssh "${SSH_OPTS[@]}" -i "${KEY_PATH}" -p "${PORT:-22}" -tt "${SSH_TARGET}" -- /bin/bash -il || \
exec ssh "${SSH_OPTS[@]}" -i "${KEY_PATH}" -p "${PORT:-22}" -tt "${SSH_TARGET}" -- /bin/sh -il
elif [[ "${AUTH_TYPE}" == "pass" && -n "${PASSWORD}" ]]; then
exec sshpass -p "${PASSWORD}" ssh "${SSH_OPTS[@]}" -p "${PORT:-22}" -tt "${SSH_TARGET}" -- /bin/bash -il || \
exec sshpass -p "${PASSWORD}" ssh "${SSH_OPTS[@]}" -p "${PORT:-22}" -tt "${SSH_TARGET}" -- /bin/sh -il
else
exec ssh "${SSH_OPTS[@]}" -p "${PORT:-22}" -tt "${SSH_TARGET}" -- /bin/bash -il || \
exec ssh "${SSH_OPTS[@]}" -p "${PORT:-22}" -tt "${SSH_TARGET}" -- /bin/sh -il
fi
fi
Reference in New Issue View Git Blame Copy Permalink