dmikusa/README.md

## README.md

      
    Raw
  

              README.md
            
          
    To test this:

Run npm install or yarn install
Run node index.js && ssh -p 2222 cf:$(cf app app-name --guid)/0@ssh.system.domain.com, where app-name is your app name and ssh.system.domain.com is the DNS name of your SSH end point.
When prompted for a password, enter the code listed after Access Code is.

You should now be SSH'd into the given application & instance id.
NOTE: better error handling should be done, but has been omitted to keep this example brief.

  
## index.js
const rp = require('request-promise-native')
const url = require('url')
// require('request-debug')(rp)

// Point this to your API
const API = 'api.system.domain.com'

// fetch the API information, from which we can grab the authorization endpoint
rp({
  uri: 'https://' + API + '/v2/info',
  json: true
}).then(function (data) {
  return data.authorization_endpoint
}).then(function (loginApi) {
  // get an auth token, which we need to get an auth code
  //  this requires your user & password
  rp({
    uri: loginApi + '/oauth/token',
    method: 'POST',
    json: true,
    form: {
      'grant_type': 'password',
      // insert your user name & password below
      'username': 'your-user-name',
      'password': 'your-password'
    },
    headers: {
      // this uses `cf` as the client and `` as the client secret
      //  most CF installations have this client configured as it's what
      //  the cf cli uses
      'Authorization': 'Basic ' + new Buffer('cf:').toString('base64')
    }
  }).then(function (data) {
    return [loginApi, data.access_token]
  }).then(function (data) {
    var loginApi = data[0]
    var accessToken = data[1]
    // request an auth code
    //  we use the ssh-proxy client id as most CF envs will have this client
    //  we set response type to code, so we get the auth code
    //  we also add the bearer token as an authorization header, this is the
    //   auth token we received from the previous HTTP request
    //  we don't want to redirect as the Location header will contain our
    //   newly minted auth code
    rp({
      uri: loginApi + '/oauth/authorize',
      method: 'GET',
      json: true,
      qs: {
        client_id: 'ssh-proxy',
        grant_type: 'authorization_code',
        response_type: 'code'
      },
      headers: {
        'Authorization': 'Bearer ' + accessToken
      },
      followRedirect: false
    }).then(function (data) {
      console.log('Sorry, didn\'t get the expected response.')
    }).catch(function (err) {
      if (err.statusCode === 302) {
        var data = url.parse(err.response.headers.location, true)
        // just printing the auth code, but you can do whatever you want with it
        console.log('Access Code is ' + data.query.code)
      }
    })
  })
})

## package.json
{
  "name": "NodeUaaCfSSHToken",
  "version": "1.0.0",
  "description": "Get a CF SSH Token using UAA",
  "main": "index.js",
  "author": "Daniel Mikusa",
  "license": "Apache-2.0",
  "dependencies": {
    "request": "^2.81.0",
    "request-debug": "^0.2.0",
    "request-promise-native": "^1.0.4"
  }
}
	const rp = require('request-promise-native')
	const url = require('url')
	// require('request-debug')(rp)

	// Point this to your API
	const API = 'api.system.domain.com'

	// fetch the API information, from which we can grab the authorization endpoint
	rp({
	uri: 'https://' + API + '/v2/info',
	json: true
	}).then(function (data) {
	return data.authorization_endpoint
	}).then(function (loginApi) {
	// get an auth token, which we need to get an auth code
	// this requires your user & password
	rp({
	uri: loginApi + '/oauth/token',
	method: 'POST',
	json: true,
	form: {
	'grant_type': 'password',
	// insert your user name & password below
	'username': 'your-user-name',
	'password': 'your-password'
	},
	headers: {
	// this uses `cf` as the client and `` as the client secret
	// most CF installations have this client configured as it's what
	// the cf cli uses
	'Authorization': 'Basic ' + new Buffer('cf:').toString('base64')
	}
	}).then(function (data) {
	return [loginApi, data.access_token]
	}).then(function (data) {
	var loginApi = data[0]
	var accessToken = data[1]
	// request an auth code
	// we use the ssh-proxy client id as most CF envs will have this client
	// we set response type to code, so we get the auth code
	// we also add the bearer token as an authorization header, this is the
	// auth token we received from the previous HTTP request
	// we don't want to redirect as the Location header will contain our
	// newly minted auth code
	rp({
	uri: loginApi + '/oauth/authorize',
	method: 'GET',
	json: true,
	qs: {
	client_id: 'ssh-proxy',
	grant_type: 'authorization_code',
	response_type: 'code'
	},
	headers: {
	'Authorization': 'Bearer ' + accessToken
	},
	followRedirect: false
	}).then(function (data) {
	console.log('Sorry, didn\'t get the expected response.')
	}).catch(function (err) {
	if (err.statusCode === 302) {
	var data = url.parse(err.response.headers.location, true)
	// just printing the auth code, but you can do whatever you want with it
	console.log('Access Code is ' + data.query.code)
	}
	})
	})
	})
	{
	"name": "NodeUaaCfSSHToken",
	"version": "1.0.0",
	"description": "Get a CF SSH Token using UAA",
	"main": "index.js",
	"author": "Daniel Mikusa",
	"license": "Apache-2.0",
	"dependencies": {
	"request": "^2.81.0",
	"request-debug": "^0.2.0",
	"request-promise-native": "^1.0.4"
	}
	}