v1.2.1 partial: noVNC overhaul beginnings; etc.

2026-04-02 02:28:18 +00:00 · 2023-06-19 10:47:13 +10:00
parent 1edc89a1e3
commit cb263ce100
20 changed files with 66 additions and 13 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,19 +1,22 @@
 # Changelog
 All notable changes to Proxmox VE for WHMCS will be documented in this file.

-## [1.2.1b] - 2023-06-18
+## [1.2.1b] - 2023-06-20

 ### Added
 - Link from Health tab of Admin GUI to WHMCS Marketplace re: reviews
+- Images for all supported Operating Systems & Kernel types (some fixed)
+- Ground-work for noVNC overhaul, to support PVE Auth & VNC Tunnel tickets

 ### Changed
 - Stop VM/CT (Client Area) renamed to Hard Stop, compared to Shut Down
+- Modify the PHP API2 class, adding getTicket() so we can dual-auth (VNC)

 ### Fixed
 - noVNC render method updated to stop out-of-order data flow problem
 - noVNC back-end vncproxy and vncwebsocket methods updated re: spec
 - Client Area actions (Power Off/On, etc) fixed for LXC (QEMU OK)
- Error with both VNC methods. We are likely to remove TigerVNC
+- Error with both VNC methods. We are going to remove TigerVNC

 ## [1.2.0b] - 2023-06-18

--- a/README.md
+++ b/README.md
@@ -15,12 +15,35 @@ https://marketplace.whmcs.com/product/6935-proxmox-ve-for-whmcs
 - (WHMCS) Service ID >100
 - (PHP) v8.x.x stable
 - (Proxmox) VE v7/8
+- (Proxmox) 2 users

 **SID >100:** The WHMCS Service ID requirement is critical, as Proxmox reserves VMIDs <100.

 _If you don't have enough services (any status) in WHMCS, create services until you reach SID 101._

-**PROXMOX 8.x:** As this major release is in beta (as of June 2023), support is experimental.
+### 🥽 VNC CONSOLE TUNNELING:
+
+noVNC (HTML5) is supported via this WHMCS Module, and TigerVNC (Java) is being removed.
+
+To access VNC via WHMCS Client Area, you need to follow the PVE User Requirement below.
+
+**WIP NOTE:** noVNC is being overhauled to deliver on the dual-ticket PVE requirements.
+
+At the moment, the vnc_secret field in the DB (mod_pvewhmcs tables) can't be set via GUI.
+
+Currently, the noVNC functionality is not operational. We are avoiding using iframe instead.
+
+### 👥 PROXMOX USER REQUIREMENT:
+
+You must have a root (etc) account to Create/Access services. Configured via WHMCS Config > Servers.
+
+Additionally, to improve security, for VNC you must have a Restricted User. "" via Module Config.
+
+For the VNC User in Proxmox you need to:
+1. Create User Group "VNC" via PVE > Datacenter / Permissions / Group
+2. Create new User > Datacenter / Permissions / Users - select Group: "VNC", Realm: pve
+3. Create new Role -> Datacenter / Permissions / Roles - select Name: "VNC", Privileges: VM.Console (only)
+3. Add permission to access VNC -> Datacenter / Node / VM / Permissions / Add Group Permissions - select Group: "VNC", Role: "VNC"

 ### 🤬 ABUSE - ZERO TOLERANCE:

--- a/modules/addons/pvewhmcs/db.sql
+++ b/modules/addons/pvewhmcs/db.sql
@@ -1,6 +1,7 @@
 CREATE TABLE IF NOT EXISTS `mod_pvewhmcs` (
  `id` int(10) unsigned NOT NULL AUTO_INCREMENT,
-  `config` text,
+  `config` varchar(255),
+  `vnc_secret` varchar(255),
  PRIMARY KEY (`id`)
 );
 INSERT INTO `mod_pvewhmcs` (`id`, `config`) VALUES	(1, NULL);
--- a/modules/addons/pvewhmcs/proxmox.php
+++ b/modules/addons/pvewhmcs/proxmox.php
@@ -133,6 +133,15 @@ class PVE2_API {
 		setrawcookie("PVEAuthCookie", $this->login_ticket['ticket'], 0, "/");
 	}

+	# Gets the PVE Access Ticket
+	public function getTicket() {
+		if ($this->login_ticket['ticket']) {
+			return $this->login_ticket;
+		} else {
+			return false;
+		}
+	}
+
 	/*
 	 * bool check_login_ticket ()
 	 * Checks if the login ticket is valid still, returns false if not.
--- a/modules/servers/pvewhmcs/img/os/centos.png
+++ b/modules/servers/pvewhmcs/img/os/centos.png
--- a/modules/servers/pvewhmcs/img/os/debian.png
+++ b/modules/servers/pvewhmcs/img/os/debian.png
--- a/modules/servers/pvewhmcs/img/os/other.png
+++ b/modules/servers/pvewhmcs/img/os/other.png
--- a/modules/servers/pvewhmcs/img/os/solaris.png
+++ b/modules/servers/pvewhmcs/img/os/solaris.png
--- a/modules/servers/pvewhmcs/img/os/ubuntu.png
+++ b/modules/servers/pvewhmcs/img/os/ubuntu.png
--- a/modules/servers/pvewhmcs/img/os/w2k.png
+++ b/modules/servers/pvewhmcs/img/os/w2k.png
--- a/modules/servers/pvewhmcs/img/os/w2k3.png
+++ b/modules/servers/pvewhmcs/img/os/w2k3.png
--- a/modules/servers/pvewhmcs/img/os/w2k8.png
+++ b/modules/servers/pvewhmcs/img/os/w2k8.png
--- a/modules/servers/pvewhmcs/img/os/win10.png
+++ b/modules/servers/pvewhmcs/img/os/win10.png
--- a/modules/servers/pvewhmcs/img/os/win11.png
+++ b/modules/servers/pvewhmcs/img/os/win11.png
--- a/modules/servers/pvewhmcs/img/os/win7.png
+++ b/modules/servers/pvewhmcs/img/os/win7.png
--- a/modules/servers/pvewhmcs/img/os/win8.png
+++ b/modules/servers/pvewhmcs/img/os/win8.png
--- a/modules/servers/pvewhmcs/img/os/wvista.png
+++ b/modules/servers/pvewhmcs/img/os/wvista.png
--- a/modules/servers/pvewhmcs/img/os/wxp.png
+++ b/modules/servers/pvewhmcs/img/os/wxp.png
--- a/modules/servers/pvewhmcs/novnc_router.php
+++ b/modules/servers/pvewhmcs/novnc_router.php
@@ -0,0 +1,18 @@
+<?php
+if (isset($_GET['pveticket']) && isset($_GET['host']) && isset($_GET['path']) && isset($_GET['csrf_token'])) {
+	$pveticket = $_GET['pveticket'];
+	$host = $_GET['host'];
+	$path = $_GET['path'];
+    $csrf_token = $_GET['csrf_token'];
+    $combined_cookie = $csrf_token . ':' . $pveticket;
+
+	setrawcookie('PVEAuthCookie', $combined_cookie, 0, '/', $host);
+
+	$redirect_url = '/modules/servers/pvewhmcs/novnc/vnc.html?host=' . $host . '&port=8006&path=' . urlencode($path);
+
+	header('Location: ' . $redirect_url);
+	exit;
+} else {
+	echo 'Error: Missing information. Please try again.';
+}
+?>
--- a/modules/servers/pvewhmcs/pvewhmcs.php
+++ b/modules/servers/pvewhmcs/pvewhmcs.php
@@ -712,9 +712,9 @@ function pvewhmcs_vmStat($params) {

 function pvewhmcs_noVNC($params) {
 	$serverip = $params["serverip"];
-	$serverusername = $params["serverusername"];
-	$serverpassword = $params["serverpassword"];
-	$proxmox=new PVE2_API($serverip, $serverusername, "pam", $serverpassword);
+	$serverusername = 'vnc';
+	$serverpassword = Capsule::table('mod_pvewhmcs')->where('id', '1')->value('vnc_secret');
+	$proxmox=new PVE2_API($serverip, $serverusername, "pve", $serverpassword);
 	if ($proxmox->login()) {
 		# Get first node name.
 		$nodes = $proxmox->get_node_list();
@@ -723,17 +723,16 @@ function pvewhmcs_noVNC($params) {
 		$guest=Capsule::table('mod_pvewhmcs_vms')->where('id','=',$params['serviceid'])->get()[0] ;
 		$vm_vncproxy=$proxmox->post('/nodes/'.$first_node.'/'.$guest->vtype.'/'.$params['serviceid'] .'/vncproxy', array( 'websocket' => '1' )) ;

-		$path = 'api2/json/nodes/'.$first_node.'/vncwebsocket?port=' . $vm_vncproxy['port'] . '&vncticket=' . urlencode($vm_vncproxy['ticket']);
+		$pveticket = $proxmox->getTicket();
+		$csrf_token = $pveticket['CSRFPreventionToken'];

+		$path = 'api2/json/nodes/' . $first_node . '/' . $guest->vtype . '/' . $params['serviceid'] . '/vncwebsocket?port=' . $vm_vncproxy['port'] . '&vncticket=' . urlencode($vm_vncproxy['ticket']);

-		$url='./modules/servers/pvewhmcs/novnc/novnc_pve.php?host='.$serverip.'&port=8006&ticket='.$vm_vncproxy['ticket'].'&path='.urlencode($path) ;
+		$url='/modules/servers/pvewhmcs/novnc_router.php?host='.$serverip.'&pveticket='.urlencode($pveticket['ticket']).'&csrf_token='.urlencode($csrf_token).'&path='.urlencode($path) ;
 		$vncreply='<center><strong>Console (noVNC) prepared for usage. <a href="'.$url.'" target="_blanK">Click here</a> to open the noVNC window.</strong></center>' ;

-		// echo '<script>window.open("'.$url.'")</script>';
-
 		return $vncreply;

-		//echo '<script>window.open("./modules/servers/pvewhmcs/noVNC/vnc.php?node=pve&console=lxc&vmid=136&port='.$vm_vncwebsocket['port'].'&ticket='.$vm_vncproxy['ticket'].'")</script>';
 	} else {
 		$vncreply='Failed to prepare noVNC. Please contact Technical Support.';
 		return $vncreply;
@@ -906,4 +905,4 @@ function time2format($s) {
 	}
 	return $str;
 }
-?>
+?>