warp-tech/warpgate: Smart SSH, HTTPS and MySQL bastion that needs no client-side software

mirror of https://github.com/warp-tech/warpgate.git synced 2024-11-15 04:21:59 +08:00

Smart SSH, HTTPS and MySQL bastion that needs no client-side software

bastion bastion-host https https-proxy infrastructure mysql mysql-proxy proxy rust ssh ssh-server starred-repo starred-warp-tech-repo

Find a file

dependabot[bot] bb285ccc60 Bump the version-bumps group across 1 directory with 4 updates (#1073 ) Bumps the version-bumps group with 4 updates in the /warpgate-web directory: [eslint-plugin-svelte](https://github.com/sveltejs/eslint-plugin-svelte), [svelte-check](https://github.com/sveltejs/language-tools), [svelte-preprocess](https://github.com/sveltejs/svelte-preprocess) and [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite). Updates `eslint-plugin-svelte` from 2.44.0 to 2.44.1 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/sveltejs/eslint-plugin-svelte/releases">eslint-plugin-svelte's releases</a>.</em></p> <blockquote> <h2>eslint-plugin-svelte@2.44.1</h2> <h3>Patch Changes</h3> <ul> <li><a href="https://redirect.github.com/sveltejs/eslint-plugin-svelte/pull/864">#864</a> <a href="`580e48ae0e`"><code>580e48a</code></a> Thanks <a href="https://github.com/mikededo"><code>@mikededo</code></a>! - fix(svelte/indent): ensure proper snippet indent</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="`29545a20e0`"><code>29545a2</code></a> chore: release eslint-plugin-svelte (<a href="https://redirect.github.com/sveltejs/eslint-plugin-svelte/issues/865">#865</a>)</li> <li><a href="`580e48ae0e`"><code>580e48a</code></a> fix(svelte/indent): ensure proper snippet indent (<a href="https://redirect.github.com/sveltejs/eslint-plugin-svelte/issues/864">#864</a>)</li> <li><a href="`c840776773`"><code>c840776</code></a> chore(deps): update dependency esbuild to ^0.24.0</li> <li><a href="`d2a5ff70f3`"><code>d2a5ff7</code></a> chore(deps): update dependency svelte to v5.0.0-next.249</li> <li><a href="`14359b4214`"><code>14359b4</code></a> chore(deps): update dependency svelte to v5.0.0-next.247</li> <li><a href="`b5a9aadc00`"><code>b5a9aad</code></a> chore(deps): update dependency svelte to v5.0.0-next.246</li> <li><a href="`e8e05b6f86`"><code>e8e05b6</code></a> chore(deps): update dependency typescript to ~5.6.0</li> <li>See full diff in <a href="https://github.com/sveltejs/eslint-plugin-svelte/compare/eslint-plugin-svelte@2.44.0...eslint-plugin-svelte@2.44.1">compare view</a></li> </ul> </details> <br /> Updates `svelte-check` from 4.0.2 to 4.0.3 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/sveltejs/language-tools/releases">svelte-check's releases</a>.</em></p> <blockquote> <h2>svelte-check-4.0.3</h2> <ul> <li>breaking(svelte5): only generate function component shape in runes mode. This means you may need to do <code>typeof Component</code> instead of <code>Component</code> in type situations (<a href="https://redirect.github.com/sveltejs/language-tools/issues/2517">#2517</a>)</li> <li>fix: revert additional two-way-binding checks as they were causing bugs (<a href="https://redirect.github.com/sveltejs/language-tools/issues/2508">#2508</a>)</li> <li>fix: include files indirectly belonging to a project into correct project (<a href="https://redirect.github.com/sveltejs/language-tools/issues/2488">#2488</a>)</li> <li>fix: check project files update more aggressively before assigning service (<a href="https://redirect.github.com/sveltejs/language-tools/issues/2518">#2518</a>)</li> <li>chore: upgrade to chokidar 4 (<a href="https://redirect.github.com/sveltejs/language-tools/issues/2502">#2502</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="`fc2144b82a`"><code>fc2144b</code></a> chore: upgrade to chokidar 4 (<a href="https://redirect.github.com/sveltejs/language-tools/issues/2502">#2502</a>)</li> <li><a href="`7c76ec5606`"><code>7c76ec5</code></a> fix: check project files update more aggressively before assigning service (#...</li> <li><a href="`837b61fa57`"><code>837b61f</code></a> breaking(svelte5): only generate function component shape in runes mode (<a href="https://redirect.github.com/sveltejs/language-tools/issues/2517">#2517</a>)</li> <li><a href="`35af691b80`"><code>35af691</code></a> perf: auto import cache for svelte-kit language service proxy (<a href="https://redirect.github.com/sveltejs/language-tools/issues/2513">#2513</a>)</li> <li><a href="`81019d91c3`"><code>81019d9</code></a> fix: revert additional two-way-binding checks (<a href="https://redirect.github.com/sveltejs/language-tools/issues/2508">#2508</a>)</li> <li><a href="`e74f1d712b`"><code>e74f1d7</code></a> chore: revert accidental commit</li> <li><a href="`e132b5667a`"><code>e132b56</code></a> fix: make no Svelte files found a warning (<a href="https://redirect.github.com/sveltejs/language-tools/issues/2507">#2507</a>)</li> <li><a href="`94a7352d96`"><code>94a7352</code></a> fix: include files indirectly belonging to a project into correct project (<a href="https://redirect.github.com/sveltejs/language-tools/issues/2">#2</a>...</li> <li><a href="`73125a6fd6`"><code>73125a6</code></a> fix: silence type error in old d.ts files</li> <li>See full diff in <a href="https://github.com/sveltejs/language-tools/compare/svelte-check-4.0.2...svelte-check-4.0.3">compare view</a></li> </ul> </details> <br /> Updates `svelte-preprocess` from 6.0.2 to 6.0.3 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/sveltejs/svelte-preprocess/blob/main/CHANGELOG.md">svelte-preprocess's changelog</a>.</em></p> <blockquote> <h2><a href="https://github.com/sveltejs/svelte-preprocess/compare/v6.0.2...v6.0.3">6.0.3</a> (2024-09-26)</h2> <h3>Bug Fixes</h3> <ul> <li>add pug mixins to support svelte-5 syntax (<a href="https://redirect.github.com/sveltejs/svelte-preprocess/issues/654">#654</a>) (<a href="`9d49f3d1e1`">9d49f3d</a>)</li> <li>ignore sass deprecation warning (<a href="https://redirect.github.com/sveltejs/svelte-preprocess/issues/657">#657</a>) (<a href="`9b5432540b`">9b54325</a>), closes <a href="https://redirect.github.com/sveltejs/svelte-preprocess/issues/656">#656</a></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="`c522b8e119`"><code>c522b8e</code></a> chore(release): 6.0.3</li> <li><a href="`455e6e9580`"><code>455e6e9</code></a> chore: cleanup fix</li> <li><a href="`9b5432540b`"><code>9b54325</code></a> fix: ignore sass deprecation warning (<a href="https://redirect.github.com/sveltejs/svelte-preprocess/issues/657">#657</a>)</li> <li><a href="`9d49f3d1e1`"><code>9d49f3d</code></a> fix: add pug mixins to support svelte-5 syntax (<a href="https://redirect.github.com/sveltejs/svelte-preprocess/issues/654">#654</a>)</li> <li><a href="`359b1f6434`"><code>359b1f6</code></a> docs: update broken documentation example (<a href="https://redirect.github.com/sveltejs/svelte-preprocess/issues/650">#650</a>)</li> <li>See full diff in <a href="https://github.com/sveltejs/svelte-preprocess/compare/v6.0.2...v6.0.3">compare view</a></li> </ul> </details> <br /> Updates `vite` from 5.4.7 to 5.4.8 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/vitejs/vite/blob/v5.4.8/packages/vite/CHANGELOG.md">vite's changelog</a>.</em></p> <blockquote> <h2><!-- raw HTML omitted -->5.4.8 (2024-09-25)<!-- raw HTML omitted --></h2> <ul> <li>fix(css): backport <a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/18113">#18113</a>, fix missing source file warning with sass modern api custom importer (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/18">#18</a> (<a href="`7d47fc1c74`">7d47fc1</a>), closes <a href="https://redirect.github.com/vitejs/vite/issues/18183">#18183</a></li> <li>fix(css): backport <a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/18128">#18128</a>, ensure sass compiler initialized only once (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/18184">#18184</a>) (<a href="`8464d976b1`">8464d97</a>), closes <a href="https://redirect.github.com/vitejs/vite/issues/18128">#18128</a> <a href="https://redirect.github.com/vitejs/vite/issues/18184">#18184</a></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="`0474550c9f`"><code>0474550</code></a> release: v5.4.8</li> <li><a href="`8464d976b1`"><code>8464d97</code></a> fix(css): backport <a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/18128">#18128</a>, ensure sass compiler initialized only once (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/18184">#18184</a>)</li> <li><a href="`7d47fc1c74`"><code>7d47fc1</code></a> fix(css): backport <a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/18113">#18113</a>, fix missing source file warning with sass modern a...</li> <li>See full diff in <a href="https://github.com/vitejs/vite/commits/v5.4.8/packages/vite">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>		2024-09-28 00:22:53 +02:00
.cargo	Validate a TOTP code before saving it (#1055 )	2024-09-11 09:30:02 +02:00
.github	Group dependabot version bump prs if they are minor or patch bumps (#1049 )	2024-09-05 16:53:45 +02:00
docker	bumped rust in docker image	2024-07-16 12:44:23 +02:00
docs	added readme banner	2022-08-08 16:03:35 +02:00
oidc-test	OIDC RP-initiated logout (SSO single logout) support (#992 )	2024-09-10 23:16:42 +02:00
tests	word	2024-03-23 21:54:21 +01:00
warpgate	lint	2024-09-27 18:15:09 +02:00
warpgate-admin	bumped rustls & related pkgs (#1066 )	2024-09-18 11:28:39 +02:00
warpgate-common	bumped rustls & related pkgs (#1066 )	2024-09-18 11:28:39 +02:00
warpgate-core	bumped rustls & related pkgs (#1066 )	2024-09-18 11:28:39 +02:00
warpgate-database-protocols	bumped rustls & related pkgs (#1066 )	2024-09-18 11:28:39 +02:00
warpgate-db-entities	bumped rustls & related pkgs (#1066 )	2024-09-18 11:28:39 +02:00
warpgate-db-migrations	bumped rustls & related pkgs (#1066 )	2024-09-18 11:28:39 +02:00
warpgate-protocol-http	lint	2024-09-27 18:18:15 +02:00
warpgate-protocol-mysql	bumped rustls & related pkgs (#1066 )	2024-09-18 11:28:39 +02:00
warpgate-protocol-ssh	fixed #1053 - prevent repeated consumption of the ticket uses within the same SSH session	2024-09-27 18:12:48 +02:00
warpgate-sso	bumped rustls & related pkgs (#1066 )	2024-09-18 11:28:39 +02:00
warpgate-web	Bump the version-bumps group across 1 directory with 4 updates (#1073 )	2024-09-28 00:22:53 +02:00
.all-contributorsrc	Add @SheaSmith as a contributor	2024-03-23 21:59:52 +01:00
.bumpversion.cfg	Bump version: 0.10.1 → 0.10.2	2024-08-14 22:59:52 +02:00
.dockerignore	Updated Dockerfile & setup	2022-07-05 21:32:05 +02:00
.env	import	2022-04-10 22:58:58 +02:00
.flake8	added e2e tests	2022-08-14 12:36:49 +02:00
.gitignore	Validate a TOTP code before saving it (#1055 )	2024-09-11 09:30:02 +02:00
Cargo.lock	bumped rustls & related pkgs (#1066 )	2024-09-18 11:28:39 +02:00
Cargo.toml	bumped rust	2024-01-23 12:05:59 +01:00
clippy.toml	added cranky and removed all .unwrap() usages	2022-07-23 21:31:35 +02:00
Cranky.toml	deny clippy::indexing_slicing	2022-07-23 21:53:21 +02:00
Cross.toml	build updates	2022-11-22 00:52:43 +01:00
deny.toml	Revert "use workspace-level dependencies"	2022-07-06 09:24:06 +02:00
justfile	Validate a TOTP code before saving it (#1055 )	2024-09-11 09:30:02 +02:00
LICENSE	Update LICENSE	2022-04-14 11:14:56 +02:00
README.md	Update README.md	2024-09-04 17:03:37 +02:00
rust-toolchain	bump rust some more	2024-07-16 10:40:27 +02:00
rustfmt.toml	sorted imports	2022-07-15 20:27:33 +02:00
sonar-project.properties	added e2e tests	2022-08-14 12:36:49 +02:00

README.md

Warpgate is a smart SSH, HTTPS and MySQL bastion host for Linux that doesn't need special client apps.

Set it up in your DMZ, add user accounts and easily assign them to specific hosts and URLs within the network.
Warpgate will record every session for you to view (live) and replay later through a built-in admin web UI.
Not a jump host - forwards your connections straight to the target instead.
Native 2FA and SSO support (TOTP & OpenID Connect)
Single binary with no dependencies.
Written in 100% safe Rust.

Getting started & downloads

See the Getting started wiki page (or Getting started on Docker).
Release / beta binaries
Nightly builds

Project Status

The project is currently in alpha stage and is gathering community feedback. See the official roadmap for the upcoming features.

In particular, we're working on:

Requesting admin approvals for sessions
Support for tunneling PostgreSQL connections,
and much more.

How it works

Warpgate is a service that you deploy on the bastion/DMZ host, which will accept SSH, HTTPS and MySQL connections and provide an (optional) web admin UI.

Run warpgate setup to interactively generate a config file, including port bindings. See Getting started for details.

It receives connections with specifically formatted credentials, authenticates the user locally, connects to the target itself, and then connects both parties together while (optionally) recording the session.

When connecting through HTTPS, Warpgate presents a selection of available targets, and will then proxy all traffic in a session to the selected target. You can switch between targets at any time.

You manage the target and user lists and assign them to each other through the admin UI, and the session history is stored in an SQLite database (default: in /var/lib/warpgate).

You can also use the admin web interface to view the live session list, review session recordings, logs and more.

Contributing / building from source

You'll need Rust, NodeJS and Yarn
Clone the repo
Just is used to run tasks - install it: cargo install just
Install the admin UI deps: just yarn
Build the frontend: just yarn build
Build Warpgate: cargo build (optionally --release)

The binary is in target/{debug|release}.

Tech stack

Rust 🦀
- HTTP: poem-web
- Database: SQLite via sea-orm + sqlx
- SSH: russh
Typescript
- Svelte
- Bootstrap

Backend API

Warpgate admin and user facing APIs use autogenerated OpenAPI schemas and SDKs. To update the SDKs after changing the query/response structures, run just openapi-all.

Contributors ✨

Thanks goes to these wonderful people (emoji key):

_Eugeny
💻

_{Spencer Heywood}
💻

_{Andreas Piening}
💻

_Niklas
💻

_Nooblord
💻

_{Shea Smith}
💻

This project follows the all-contributors specification. Contributions of any kind welcome!