1package config
 2
 3import (
 4	"log"
 5
 6	gm "github.com/charmbracelet/wish/git"
 7	"github.com/gliderlabs/ssh"
 8)
 9
10func (cfg *Config) Push(repo string, pk ssh.PublicKey) {
11	log.Printf("git push: %s", repo)
12	err := cfg.reload()
13	if err != nil {
14		log.Printf("error reloading after push: %s", err)
15	}
16}
17
18func (cfg *Config) Fetch(repo string, pk ssh.PublicKey) {
19	log.Printf("git fetch: %s", repo)
20}
21
22func (cfg *Config) AuthRepo(repo string, pk ssh.PublicKey) gm.AccessLevel {
23	return cfg.accessForKey(repo, pk)
24}
25
26func (cfg *Config) PasswordHandler(ctx ssh.Context, password string) bool {
27	return (cfg.AnonAccess != "no-access") && cfg.AllowNoKeys
28}
29
30func (cfg *Config) PublicKeyHandler(ctx ssh.Context, pk ssh.PublicKey) bool {
31	if cfg.accessForKey("", pk) == gm.NoAccess {
32		return false
33	}
34	return true
35}
36
37func (cfg *Config) accessForKey(repo string, pk ssh.PublicKey) gm.AccessLevel {
38	private := cfg.isPrivate(repo)
39	if repo == "config" {
40		private = true
41	}
42	for _, u := range cfg.Users {
43		apk, _, _, _, err := ssh.ParseAuthorizedKey([]byte(u.PublicKey))
44		if err != nil {
45			log.Printf("error: malformed authorized key: '%s'", u.PublicKey)
46			return gm.NoAccess
47		}
48		if ssh.KeysEqual(pk, apk) {
49			if u.Admin {
50				return gm.AdminAccess
51			}
52			for _, r := range u.CollabRepos {
53				if repo == r {
54					return gm.ReadWriteAccess
55				}
56			}
57			if !private {
58				return gm.ReadOnlyAccess
59			}
60		}
61	}
62	if private && (cfg.AnonAccess != "read-write") {
63		return gm.NoAccess
64	}
65	switch cfg.AnonAccess {
66	case "no-access":
67		return gm.NoAccess
68	case "read-only":
69		return gm.ReadOnlyAccess
70	case "read-write":
71		return gm.ReadWriteAccess
72	default:
73		return gm.NoAccess
74	}
75}