Unprotected access for websocket consoles.

Ref https://github.com/GNS3/gns3-gui/issues/2883#issuecomment-580677552

gns3server/handlers/api/controller/node_handler.py

@@ -469,6 +469,7 @@ class NodeHandler:
         })
     async def ws_console(request, response):
 
+        print("HERE!")
         project = await Controller.instance().get_loaded_project(request.match_info["project_id"])
         node = project.get_node(request.match_info["node_id"])
         compute = node.compute

gns3server/web/route.py

@@ -106,7 +106,8 @@ class Route(object):
         :returns: Response if you need to auth the user otherwise None
         """
 
-        if not server_config.getboolean("auth", False):
+        # FIXME: ugly exception to not require authentication for websocket consoles
+        if not server_config.getboolean("auth", False) or request.path.endswith("console/ws"):
             return None
 
         user = server_config.get("user", "").strip()
@@ -257,7 +258,7 @@ class Route(object):
                 """
 
                 #FIXME: ugly exceptions for capture and websocket console
-                if "node_id" in request.match_info and not "pcap" in request.path and not "ws" in request.path:
+                if "node_id" in request.match_info and not "pcap" in request.path and not request.path.endswith("console/ws"):
                     node_id = request.match_info.get("node_id")
 
                     if "compute" in request.path: