1package config
 2
 3import (
 4	"log"
 5
 6	gm "github.com/charmbracelet/wish/git"
 7	"github.com/gliderlabs/ssh"
 8)
 9
10func (cfg *Config) Push(repo string, pk ssh.PublicKey) {
11	log.Printf("git push: %s", repo)
12	err := cfg.reload()
13	if err != nil {
14		log.Printf("error reloading after push: %s", err)
15	}
16	if cfg.Stats != nil {
17		cfg.Stats.Push()
18	}
19}
20
21func (cfg *Config) Fetch(repo string, pk ssh.PublicKey) {
22	log.Printf("git fetch: %s", repo)
23	if cfg.Stats != nil {
24		cfg.Stats.Fetch()
25	}
26}
27
28func (cfg *Config) AuthRepo(repo string, pk ssh.PublicKey) gm.AccessLevel {
29	return cfg.accessForKey(repo, pk)
30}
31
32func (cfg *Config) PasswordHandler(ctx ssh.Context, password string) bool {
33	return (cfg.AnonAccess != "no-access") && cfg.AllowKeyless
34}
35
36func (cfg *Config) PublicKeyHandler(ctx ssh.Context, pk ssh.PublicKey) bool {
37	return cfg.accessForKey("", pk) == gm.NoAccess
38}
39
40func (cfg *Config) accessForKey(repo string, pk ssh.PublicKey) gm.AccessLevel {
41	private := cfg.isPrivate(repo)
42	if repo == "config" {
43		private = true
44	}
45	for _, u := range cfg.Users {
46		apk, _, _, _, err := ssh.ParseAuthorizedKey([]byte(u.PublicKey))
47		if err != nil {
48			log.Printf("error: malformed authorized key: '%s'", u.PublicKey)
49			return gm.NoAccess
50		}
51		if ssh.KeysEqual(pk, apk) {
52			if u.Admin {
53				return gm.AdminAccess
54			}
55			for _, r := range u.CollabRepos {
56				if repo == r {
57					return gm.ReadWriteAccess
58				}
59			}
60			if !private {
61				return gm.ReadOnlyAccess
62			}
63		}
64	}
65	if private && (cfg.AnonAccess != "read-write") {
66		return gm.NoAccess
67	}
68	switch cfg.AnonAccess {
69	case "no-access":
70		return gm.NoAccess
71	case "read-only":
72		return gm.ReadOnlyAccess
73	case "read-write":
74		return gm.ReadWriteAccess
75	default:
76		return gm.NoAccess
77	}
78}