1package config
 2
 3import (
 4	"log"
 5	"strings"
 6
 7	gm "github.com/charmbracelet/wish/git"
 8	"github.com/gliderlabs/ssh"
 9)
10
11func (cfg *Config) Push(repo string, pk ssh.PublicKey) {
12	err := cfg.reload()
13	if err != nil {
14		log.Printf("error reloading after push: %s", err)
15	}
16	cfg.Cfg.Stats.Push(repo)
17}
18
19func (cfg *Config) Fetch(repo string, pk ssh.PublicKey) {
20	cfg.Cfg.Stats.Fetch(repo)
21}
22
23func (cfg *Config) AuthRepo(repo string, pk ssh.PublicKey) gm.AccessLevel {
24	return cfg.accessForKey(repo, pk)
25}
26
27func (cfg *Config) PasswordHandler(ctx ssh.Context, password string) bool {
28	return (cfg.AnonAccess != "no-access") && cfg.AllowKeyless
29}
30
31func (cfg *Config) PublicKeyHandler(ctx ssh.Context, pk ssh.PublicKey) bool {
32	return cfg.accessForKey("", pk) != gm.NoAccess
33}
34
35func (cfg *Config) accessForKey(repo string, pk ssh.PublicKey) gm.AccessLevel {
36	private := cfg.isPrivate(repo)
37	if repo == "config" {
38		private = true
39	}
40	for _, u := range cfg.Users {
41		for _, k := range u.PublicKeys {
42			apk, _, _, _, err := ssh.ParseAuthorizedKey([]byte(strings.TrimSpace(k)))
43			if err != nil {
44				log.Printf("error: malformed authorized key: '%s'", k)
45				return gm.NoAccess
46			}
47			if ssh.KeysEqual(pk, apk) {
48				if u.Admin {
49					return gm.AdminAccess
50				}
51				for _, r := range u.CollabRepos {
52					if repo == r {
53						return gm.ReadWriteAccess
54					}
55				}
56				if !private {
57					return gm.ReadOnlyAccess
58				}
59			}
60		}
61	}
62	if private && (cfg.AnonAccess != "read-write") {
63		return gm.NoAccess
64	}
65	switch cfg.AnonAccess {
66	case "no-access":
67		return gm.NoAccess
68	case "read-only":
69		return gm.ReadOnlyAccess
70	case "read-write":
71		return gm.ReadWriteAccess
72	default:
73		return gm.NoAccess
74	}
75}