summaryrefslogtreecommitdiffstats
path: root/cmd/keys.go
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--cmd/keys.go83
1 files changed, 83 insertions, 0 deletions
diff --git a/cmd/keys.go b/cmd/keys.go
new file mode 100644
index 0000000..81425a5
--- /dev/null
+++ b/cmd/keys.go
@@ -0,0 +1,83 @@
+// Copyright 2018 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package cmd
+
+import (
+ "errors"
+ "fmt"
+ "strings"
+
+ "code.gitea.io/gitea/modules/log"
+ "code.gitea.io/gitea/modules/private"
+
+ "github.com/urfave/cli/v2"
+)
+
+// CmdKeys represents the available keys sub-command
+var CmdKeys = &cli.Command{
+ Name: "keys",
+ Usage: "(internal) Should only be called by SSH server",
+ Description: "Queries the Forgejo database to get the authorized command for a given ssh key fingerprint",
+ Before: PrepareConsoleLoggerLevel(log.FATAL),
+ Action: runKeys,
+ Flags: []cli.Flag{
+ &cli.StringFlag{
+ Name: "expected",
+ Aliases: []string{"e"},
+ Value: "git",
+ Usage: "Expected user for whom provide key commands",
+ },
+ &cli.StringFlag{
+ Name: "username",
+ Aliases: []string{"u"},
+ Value: "",
+ Usage: "Username trying to log in by SSH",
+ },
+ &cli.StringFlag{
+ Name: "type",
+ Aliases: []string{"t"},
+ Value: "",
+ Usage: "Type of the SSH key provided to the SSH Server (requires content to be provided too)",
+ },
+ &cli.StringFlag{
+ Name: "content",
+ Aliases: []string{"k"},
+ Value: "",
+ Usage: "Base64 encoded content of the SSH key provided to the SSH Server (requires type to be provided too)",
+ },
+ },
+}
+
+func runKeys(c *cli.Context) error {
+ if !c.IsSet("username") {
+ return errors.New("No username provided")
+ }
+ // Check username matches the expected username
+ if strings.TrimSpace(c.String("username")) != strings.TrimSpace(c.String("expected")) {
+ return nil
+ }
+
+ content := ""
+
+ if c.IsSet("type") && c.IsSet("content") {
+ content = fmt.Sprintf("%s %s", strings.TrimSpace(c.String("type")), strings.TrimSpace(c.String("content")))
+ }
+
+ if content == "" {
+ return errors.New("No key type and content provided")
+ }
+
+ ctx, cancel := installSignals()
+ defer cancel()
+
+ setup(ctx, c.Bool("debug"))
+
+ authorizedString, extra := private.AuthorizedPublicKeyByContent(ctx, content)
+ // do not use handleCliResponseExtra or cli.NewExitError, if it exists immediately, it breaks some tests like Test_CmdKeys
+ if extra.Error != nil {
+ return extra.Error
+ }
+ _, _ = fmt.Fprintln(c.App.Writer, strings.TrimSpace(authorizedString.Text))
+ return nil
+}