Import auth keys from env vars

Ayman Bagabas created 4 years ago

Change summary

Dockerfile                   |  1 +
main.go                      |  5 +++--
server/middleware/git/git.go | 24 ++++++++++++++++--------
3 files changed, 20 insertions(+), 10 deletions(-)

Detailed changes

Dockerfile 🔗

@@ -11,6 +11,7 @@ VOLUME /smoothie
 
 # Environment variables
 ENV SMOOTHIE_KEY_PATH "/smoothie/ssh/smoothie_server_ed25519"
+ENV SMOOTHIE_REPO_KEYS ""
 ENV SMOOTHIE_REPO_KEYS_PATH "/smoothie/ssh/smoothie_git_authorized_keys"
 ENV SMOOTHIE_REPO_PATH "/smoothie/repos"

main.go 🔗

@@ -15,7 +15,8 @@ import (
 type Config struct {
 	Port         int    `env:"SMOOTHIE_PORT" default:"23231"`
 	KeyPath      string `env:"SMOOTHIE_KEY_PATH" default:".ssh/smoothie_server_ed25519"`
-	RepoAuthPath string `env:"SMOOTHIE_REPO_KEYS_PATH" default:".ssh/smoothie_git_authorized_keys"`
+	RepoAuth     string `env:"SMOOTHIE_REPO_KEYS" default:""`
+	RepoAuthFile string `env:"SMOOTHIE_REPO_KEYS_PATH" default:".ssh/smoothie_git_authorized_keys"`
 	RepoPath     string `env:"SMOOTHIE_REPO_PATH" default:".repos"`
 }
 
@@ -29,7 +30,7 @@ func main() {
 		cfg.Port,
 		cfg.KeyPath,
 		bm.Middleware(tui.SessionHandler(cfg.RepoPath, time.Second*5)),
-		gm.Middleware(cfg.RepoPath, cfg.RepoAuthPath),
+		gm.Middleware(cfg.RepoPath, cfg.RepoAuth, cfg.RepoAuthFile),
 		lm.Middleware(),
 	)
 	if err != nil {

server/middleware/git/git.go 🔗

@@ -8,23 +8,31 @@ import (
 	"os"
 	"os/exec"
 	"smoothie/server/middleware"
+	"strings"
 
 	"github.com/gliderlabs/ssh"
 )
 
-func Middleware(repoDir string, authorizedKeysPath string) middleware.Middleware {
+func Middleware(repoDir, authorizedKeys, authorizedKeysFile string) middleware.Middleware {
 	authedKeys := make([]ssh.PublicKey, 0)
-	hasAuth, err := fileExists(authorizedKeysPath)
+	hasAuth, err := fileExists(authorizedKeysFile)
 	if err != nil {
 		log.Fatal(err)
 	}
-	if hasAuth {
-		f, err := os.Open(authorizedKeysPath)
-		if err != nil {
-			log.Fatal(err)
+	if hasAuth || authorizedKeys != "" {
+		var scanner *bufio.Scanner
+		if authorizedKeys == "" {
+			log.Printf("Importing authorized keys from file: %s", authorizedKeysFile)
+			f, err := os.Open(authorizedKeysFile)
+			if err != nil {
+				log.Fatal(err)
+			}
+			defer f.Close()
+			scanner = bufio.NewScanner(f)
+		} else {
+			log.Printf("Importing authorized keys from environment")
+			scanner = bufio.NewScanner(strings.NewReader(authorizedKeys))
 		}
-		defer f.Close()
-		scanner := bufio.NewScanner(f)
 		for scanner.Scan() {
 			pt := scanner.Text()
 			log.Printf("Adding authorized key: %s", pt)