feat: add flag to use qr code

go.mod

@@ -26,6 +26,7 @@ require (
 	github.com/patrickmn/go-cache v2.1.0+incompatible
 	github.com/rancher/remotedialer v0.2.6-0.20220107175045-b2d660c628d5
 	github.com/sirupsen/logrus v1.8.1
+	github.com/skip2/go-qrcode v0.0.0-20200617195104-da1b6568686e
 	github.com/stretchr/testify v1.7.0
 	golang.org/x/crypto v0.0.0-20210817164053-32db794688a5
 	golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8

go.sum

@@ -425,6 +425,8 @@ github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6Mwd
 github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88=
 github.com/sirupsen/logrus v1.8.1 h1:dJKuHgqk1NNQlqoA6BTlM1Wf9DOH3NBjQyu0h9+AZZE=
 github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
+github.com/skip2/go-qrcode v0.0.0-20200617195104-da1b6568686e h1:MRM5ITcdelLK2j1vwZ3Je0FKVCfqOLp5zO6trqMLYs0=
+github.com/skip2/go-qrcode v0.0.0-20200617195104-da1b6568686e/go.mod h1:XV66xRDqSt+GTGFMVlhk3ULuV0y9ZmzeVGR4mloJI3M=
 github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc=
 github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA=
 github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM=

internal/client/client.go

@@ -12,21 +12,22 @@ import (
 	"github.com/jsiebens/brink/internal/util"
 	"github.com/rancher/remotedialer"
 	"github.com/sirupsen/logrus"
+	"github.com/skip2/go-qrcode"
 	"io/ioutil"
 	"net/http"
 	"time"
 )
 
-func Authenticate(ctx context.Context, proxy string, caFile string, insecureSkipVerify bool) error {
-	clt, err := createClient(proxy, caFile, insecureSkipVerify)
+func Authenticate(ctx context.Context, proxy string, caFile string, insecureSkipVerify bool, showQR bool) error {
+	clt, err := createClient(proxy, caFile, insecureSkipVerify, showQR)
 	if err != nil {
 		return err
 	}
 	return clt.authenticate(ctx)
 }
 
-func StartClient(ctx context.Context, proxy string, listenPort uint64, target string, caFile string, insecureSkipVerify bool, onConnect OnConnect) error {
-	clt, err := createClient(proxy, caFile, insecureSkipVerify)
+func StartClient(ctx context.Context, proxy string, listenPort uint64, target string, caFile string, insecureSkipVerify bool, showQR bool, onConnect OnConnect) error {
+	clt, err := createClient(proxy, caFile, insecureSkipVerify, showQR)
 	if err != nil {
 		return err
 	}
@@ -41,7 +42,7 @@ func StartClient(ctx context.Context, proxy string, listenPort uint64, target st
 	return clt.start(ctx)
 }
 
-func createClient(proxy, caFile string, insecureSkipVerify bool) (*Client, error) {
+func createClient(proxy, caFile string, insecureSkipVerify bool, showQR bool) (*Client, error) {
 	var caCertPool *x509.CertPool
 
 	targetBaseUrl, err := util.NormalizeHttpUrl(proxy)
@@ -94,6 +95,7 @@ func createClient(proxy, caFile string, insecureSkipVerify bool) (*Client, error
 	c := &Client{
 		httpClient: resty.NewWithClient(client),
 		dialer:     websocketDialer,
+		showQR:     showQR,
 	}
 
 	return c, nil
@@ -104,6 +106,7 @@ type Client struct {
 	dialer     *websocket.Dialer
 	forwarder  *Forwarder
 	target     string
+	showQR     bool
 }
 
 func (c *Client) authenticate(ctx context.Context) error {
@@ -117,16 +120,7 @@ func (c *Client) authenticate(ctx context.Context) error {
 	var authToken string
 
 	if sn.AuthUrl != "" {
-		err = util.OpenURL(sn.AuthUrl)
-		if err != nil {
-			fmt.Println()
-			fmt.Println("To authenticate, visit:")
-			fmt.Println()
-			fmt.Printf("  %s", sn.AuthUrl)
-			fmt.Println()
-			fmt.Println()
-		}
-
+		c.openOrShowAuthUrl(sn)
 		authToken, _, err = c.pollSessionToken(ctx, sn.SessionId)
 		if err != nil {
 			return err
@@ -164,16 +158,7 @@ func (c *Client) start(ctx context.Context) error {
 	var authToken string
 
 	if sn.AuthUrl != "" {
-		err = util.OpenURL(sn.AuthUrl)
-		if err != nil {
-			fmt.Println()
-			fmt.Println("To authenticate, visit:")
-			fmt.Println()
-			fmt.Printf("  %s", sn.AuthUrl)
-			fmt.Println()
-			fmt.Println()
-		}
-
+		c.openOrShowAuthUrl(sn)
 		authToken, sessionToken, err = c.pollSessionToken(ctx, sn.SessionId)
 		if err != nil {
 			return err
@@ -315,6 +300,28 @@ func (c *Client) connectToProxy(rootCtx context.Context, proxyURL string, header
 	}
 }
 
+func (c *Client) openOrShowAuthUrl(sn *api.SessionTokenResponse) {
+	if c.showQR || util.OpenURL(sn.AuthUrl) != nil {
+		fmt.Println()
+		fmt.Println("To authenticate, visit:")
+		fmt.Println()
+		fmt.Printf("  %s", sn.AuthUrl)
+		fmt.Println()
+
+		if c.showQR {
+			fmt.Println()
+			code, err := qrcode.New(sn.AuthUrl, qrcode.Medium)
+			if err != nil {
+				fmt.Printf("  QR code error: %v", err)
+			} else {
+				fmt.Println(code.ToString(false))
+			}
+		}
+
+		fmt.Println()
+	}
+}
+
 func (c *Client) declineAll(network, address string) bool {
 	logrus.WithField("network", network).WithField("addr", address).Info("Connection declined")
 	return false

internal/cmd/authenticate.go

@@ -38,7 +38,7 @@ func loginCommand() *coral.Command {
 			return fmt.Errorf("required flag --proxy-addr is missing")
 		}
 
-		return client.Authenticate(cmd.Context(), proxyAddr, caFile, tlsSkipVerify)
+		return client.Authenticate(cmd.Context(), proxyAddr, caFile, tlsSkipVerify, showQR)
 	}
 
 	return command

internal/cmd/client.go

@@ -18,12 +18,14 @@ var (
 	proxyAddrFlag string
 	tlsSkipVerify bool
 	caFile        string
+	showQR        bool
 )
 
 func registerProxyFlags(command *coral.Command) {
 	command.Flags().StringVarP(&proxyAddrFlag, "proxy-addr", "r", "", fmt.Sprintf("Addr of the Brink proxy. This can also be specified via the environment variable %s.", BrinkProxyAddr))
 	command.Flags().BoolVar(&tlsSkipVerify, "tls-skip-verify", false, "Disable verification of TLS certificates, highly discouraged as it decreases the security of data transmissions.")
 	command.Flags().StringVar(&caFile, "ca-file", "", "Path on the local disk to a single PEM-encoded CA certificate to verify the proxy or server SSL certificate.")
+	command.Flags().BoolVar(&showQR, "qr", false, "Show QR code for login URLs")
 }
 
 func connectCommand() *coral.Command {
@@ -70,20 +72,20 @@ func connectCommand() *coral.Command {
 		}
 
 		if listenOnStdin {
-			return client.StartClient(cancelCtx, proxyAddr, 0, targetAddr, caFile, tlsSkipVerify, client.StartNC)
+			return client.StartClient(cancelCtx, proxyAddr, 0, targetAddr, caFile, tlsSkipVerify, showQR, client.StartNC)
 		}
 
 		if execCommand != "" {
 			onConnect, result := execOnConnect(execCommand, noArgs, args, cancelFunc)
 
-			if err := client.StartClient(cancelCtx, proxyAddr, 0, targetAddr, caFile, tlsSkipVerify, onConnect); err != nil {
+			if err := client.StartClient(cancelCtx, proxyAddr, 0, targetAddr, caFile, tlsSkipVerify, showQR, onConnect); err != nil {
 				return err
 			}
 
 			return <-result
 		}
 
-		return client.StartClient(cancelCtx, proxyAddr, listenPort, targetAddr, caFile, tlsSkipVerify, client.PrintListenerInfo)
+		return client.StartClient(cancelCtx, proxyAddr, listenPort, targetAddr, caFile, tlsSkipVerify, showQR, client.PrintListenerInfo)
 	}
 
 	return command
@@ -135,7 +137,7 @@ func sshCommand() *coral.Command {
 
 		onConnect, result := execOnConnect("ssh", buildArgs, args, cancelFunc)
 
-		if err := client.StartClient(cancelCtx, proxyAddr, 0, targetAddr, caFile, tlsSkipVerify, onConnect); err != nil {
+		if err := client.StartClient(cancelCtx, proxyAddr, 0, targetAddr, caFile, tlsSkipVerify, showQR, onConnect); err != nil {
 			return err
 		}
 

internal/util/util.go

@@ -67,7 +67,7 @@ func isValidUrl(toTest string) (bool, *url.URL) {
 }
 
 func GenerateSessionId() string {
-	id := new([24]byte)
+	id := new([6]byte)
 	_, err := io.ReadFull(rand.Reader, id[:])
 	if err != nil {
 		panic(err)