Import auth keys from env vars

charmbracelet · Aug 13, 2021 · 6d7752b · 6d7752b
1 parent 3246781
commit 6d7752b
Show file tree

Hide file tree

Showing 3 changed files with 20 additions and 10 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -11,6 +11,7 @@ VOLUME /smoothie
 
 # Environment variables
 ENV SMOOTHIE_KEY_PATH "/smoothie/ssh/smoothie_server_ed25519"
+ENV SMOOTHIE_REPO_KEYS ""
 ENV SMOOTHIE_REPO_KEYS_PATH "/smoothie/ssh/smoothie_git_authorized_keys"
 ENV SMOOTHIE_REPO_PATH "/smoothie/repos"
 

diff --git a/main.go b/main.go
@@ -15,7 +15,8 @@ import (
 type Config struct {
 	Port         int    `env:"SMOOTHIE_PORT" default:"23231"`
 	KeyPath      string `env:"SMOOTHIE_KEY_PATH" default:".ssh/smoothie_server_ed25519"`
-	RepoAuthPath string `env:"SMOOTHIE_REPO_KEYS_PATH" default:".ssh/smoothie_git_authorized_keys"`
+	RepoAuth     string `env:"SMOOTHIE_REPO_KEYS" default:""`
+	RepoAuthFile string `env:"SMOOTHIE_REPO_KEYS_PATH" default:".ssh/smoothie_git_authorized_keys"`
 	RepoPath     string `env:"SMOOTHIE_REPO_PATH" default:".repos"`
 }
 
@@ -29,7 +30,7 @@ func main() {
 		cfg.Port,
 		cfg.KeyPath,
 		bm.Middleware(tui.SessionHandler(cfg.RepoPath, time.Second*5)),
-		gm.Middleware(cfg.RepoPath, cfg.RepoAuthPath),
+		gm.Middleware(cfg.RepoPath, cfg.RepoAuth, cfg.RepoAuthFile),
 		lm.Middleware(),
 	)
 	if err != nil {

diff --git a/server/middleware/git/git.go b/server/middleware/git/git.go
@@ -8,23 +8,31 @@ import (
 	"os"
 	"os/exec"
 	"smoothie/server/middleware"
+	"strings"
 
 	"github.com/gliderlabs/ssh"
 )
 
-func Middleware(repoDir string, authorizedKeysPath string) middleware.Middleware {
+func Middleware(repoDir, authorizedKeys, authorizedKeysFile string) middleware.Middleware {
 	authedKeys := make([]ssh.PublicKey, 0)
-	hasAuth, err := fileExists(authorizedKeysPath)
+	hasAuth, err := fileExists(authorizedKeysFile)
 	if err != nil {
 		log.Fatal(err)
 	}
-	if hasAuth {
-		f, err := os.Open(authorizedKeysPath)
-		if err != nil {
-			log.Fatal(err)
+	if hasAuth || authorizedKeys != "" {
+		var scanner *bufio.Scanner
+		if authorizedKeys == "" {
+			log.Printf("Importing authorized keys from file: %s", authorizedKeysFile)
+			f, err := os.Open(authorizedKeysFile)
+			if err != nil {
+				log.Fatal(err)
+			}
+			defer f.Close()
+			scanner = bufio.NewScanner(f)
+		} else {
+			log.Printf("Importing authorized keys from environment")
+			scanner = bufio.NewScanner(strings.NewReader(authorizedKeys))
 		}
-		defer f.Close()
-		scanner := bufio.NewScanner(f)
 		for scanner.Scan() {
 			pt := scanner.Text()
 			log.Printf("Adding authorized key: %s", pt)