aboutsummaryrefslogtreecommitdiffstats
path: root/cmd/keys.go
blob: b8467825293f17c86a1349d16406eae65d13973c (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
// Copyright 2018 The Gitea Authors. All rights reserved.
// SPDX-License-Identifier: MIT

package cmd

import (
	"errors"
	"fmt"
	"strings"

	"code.gitea.io/gitea/modules/log"
	"code.gitea.io/gitea/modules/private"

	"github.com/urfave/cli/v2"
)

// CmdKeys represents the available keys sub-command
var CmdKeys = &cli.Command{
	Name:   "keys",
	Usage:  "This command queries the Gitea database to get the authorized command for a given ssh key fingerprint",
	Before: PrepareConsoleLoggerLevel(log.FATAL),
	Action: runKeys,
	Flags: []cli.Flag{
		&cli.StringFlag{
			Name:    "expected",
			Aliases: []string{"e"},
			Value:   "git",
			Usage:   "Expected user for whom provide key commands",
		},
		&cli.StringFlag{
			Name:    "username",
			Aliases: []string{"u"},
			Value:   "",
			Usage:   "Username trying to log in by SSH",
		},
		&cli.StringFlag{
			Name:    "type",
			Aliases: []string{"t"},
			Value:   "",
			Usage:   "Type of the SSH key provided to the SSH Server (requires content to be provided too)",
		},
		&cli.StringFlag{
			Name:    "content",
			Aliases: []string{"k"},
			Value:   "",
			Usage:   "Base64 encoded content of the SSH key provided to the SSH Server (requires type to be provided too)",
		},
	},
}

func runKeys(c *cli.Context) error {
	if !c.IsSet("username") {
		return errors.New("No username provided")
	}
	// Check username matches the expected username
	if strings.TrimSpace(c.String("username")) != strings.TrimSpace(c.String("expected")) {
		return nil
	}

	content := ""

	if c.IsSet("type") && c.IsSet("content") {
		content = fmt.Sprintf("%s %s", strings.TrimSpace(c.String("type")), strings.TrimSpace(c.String("content")))
	}

	if content == "" {
		return errors.New("No key type and content provided")
	}

	ctx, cancel := installSignals()
	defer cancel()

	setup(ctx, false)

	authorizedString, extra := private.AuthorizedPublicKeyByContent(ctx, content)
	// do not use handleCliResponseExtra or cli.NewExitError, if it exists immediately, it breaks some tests like Test_CmdKeys
	if extra.Error != nil {
		return extra.Error
	}
	_, _ = fmt.Fprintln(c.App.Writer, strings.TrimSpace(authorizedString))
	return nil
}