I'm creating a proxy for Proxmox's terminals here https://github.com/ConvoyPanel/coterm for my project called Convoy at https://convoypanel.com
Convoy is a server management platform for hosting companies to lease out computing resources. Some hosts may want to hide the origin IP address of their Proxmox node, so that where Coterm comes in.
I have successfully created a proxy for noVNC, but I'm struggling to proxy Xterm.js.
This is my code for proxying Xterm.js traffic: https://github.com/ConvoyPanel/coterm/blob/develop/src-rust/src/util/terminals/xtermjs.rs
This is Proxmox's frontend code for working with Xterm.js: https://github.com/proxmox/pve-xtermjs/blob/master/xterm.js/src/main.js
The issue I'm facing is authenticating my Xterm.js session. Proxmox authenticates Xterm.js sessions twice for some reason (go figure), and I'm stuck at trying to authenticate at the second time.
The first authentication is the initial GET request to the "/nodes/{node}/qemu/{vmid}/vncwebsocket" endpoint. Where I pass in the credentials. I know it's working because if I change the
to something like "hello world" I get HTTP 401 error. After I completed the first authentication successfully, the GET request gets upgraded to a websocket connection.
Now this is where the issue begins, the second authentication process begins in the websocket connection. The first packet sent must contain the credentials like in the picture below (which is a screenshot from Proxmox's implementation of Xterm.js)
and I've sent it here. I know that it was at least sent because the "sent credentials" message gets emitted in the console. HOWEVER, Proxmox is dead silent. I don't get any response in return. I don't even get an OK message like in the screenshot below of Proxmox's implementation.
I have tried sending the credentials as both text and binary, but it doesn't make a difference.
I also checked that there's no encoding needed before sending the credentials in the websocket, and only URL encoding is needed for making the initial GET request.
Here is the console output for my application:
I hope somebody can help me out with figuring out the authentication process of Xterm.js. Thanks!
Convoy is a server management platform for hosting companies to lease out computing resources. Some hosts may want to hide the origin IP address of their Proxmox node, so that where Coterm comes in.
I have successfully created a proxy for noVNC, but I'm struggling to proxy Xterm.js.
This is my code for proxying Xterm.js traffic: https://github.com/ConvoyPanel/coterm/blob/develop/src-rust/src/util/terminals/xtermjs.rs
This is Proxmox's frontend code for working with Xterm.js: https://github.com/proxmox/pve-xtermjs/blob/master/xterm.js/src/main.js
The issue I'm facing is authenticating my Xterm.js session. Proxmox authenticates Xterm.js sessions twice for some reason (go figure), and I'm stuck at trying to authenticate at the second time.
The first authentication is the initial GET request to the "/nodes/{node}/qemu/{vmid}/vncwebsocket" endpoint. Where I pass in the credentials. I know it's working because if I change the
Code:
ticket = encode(&credentials.ticket)Now this is where the issue begins, the second authentication process begins in the websocket connection. The first packet sent must contain the credentials like in the picture below (which is a screenshot from Proxmox's implementation of Xterm.js)
and I've sent it here. I know that it was at least sent because the "sent credentials" message gets emitted in the console. HOWEVER, Proxmox is dead silent. I don't get any response in return. I don't even get an OK message like in the screenshot below of Proxmox's implementation.
I have tried sending the credentials as both text and binary, but it doesn't make a difference.
I also checked that there's no encoding needed before sending the credentials in the websocket, and only URL encoding is needed for making the initial GET request.
Here is the console output for my application:
I hope somebody can help me out with figuring out the authentication process of Xterm.js. Thanks!
).
