···
securejoin "github.com/cyphar/filepath-securejoin"
"github.com/urfave/cli/v3"
"tangled.org/core/idresolver"
func Command() *cli.Command {
···
func Run(ctx context.Context, cmd *cli.Command) error {
-
l := log.FromContext(ctx)
incomingUser := cmd.String("user")
gitDir := cmd.String("git-dir")
logPath := cmd.String("log-path")
endpoint := cmd.String("internal-api")
motdFile := cmd.String("motd-file")
logFile, err := os.OpenFile(logPath, os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0644)
-
l.Error("failed to open log file", "error", err)
-
fileHandler := slog.NewJSONHandler(logFile, &slog.HandlerOptions{Level: slog.LevelInfo})
-
l = slog.New(fileHandler)
if connInfo := os.Getenv("SSH_CONNECTION"); connInfo != "" {
parts := strings.Fields(connInfo)
···
-
l.Error("access denied: no user specified")
fmt.Fprintln(os.Stderr, "access denied: no user specified")
sshCommand := os.Getenv("SSH_ORIGINAL_COMMAND")
-
l.Info("connection attempt",
-
l.Info("access denied: no interactive shells", "user", incomingUser)
fmt.Fprintf(os.Stderr, "Hi @%s! You've successfully authenticated.\n", incomingUser)
cmdParts := strings.Fields(sshCommand)
-
l.Error("invalid command format", "command", sshCommand)
fmt.Fprintln(os.Stderr, "invalid command format")
···
// any of the above with a leading slash (/)
components := strings.Split(strings.TrimPrefix(strings.Trim(cmdParts[1], "'"), "/"), "/")
-
l.Info("command components", "components", components)
if len(components) != 2 {
-
l.Error("invalid repo format", "components", components)
fmt.Fprintln(os.Stderr, "invalid repo format, needs <user>/<repo> or /<user>/<repo>")
didOrHandle := components[0]
-
identity := resolveIdentity(ctx, l, didOrHandle)
did := identity.DID.String()
repoName := components[1]
qualifiedRepoName, _ := securejoin.SecureJoin(did, repoName)
···
"git-upload-archive": true,
if !validCommands[gitCommand] {
-
l.Error("access denied: invalid git command", "command", gitCommand)
fmt.Fprintln(os.Stderr, "access denied: invalid git command")
return fmt.Errorf("access denied: invalid git command")
if gitCommand != "git-upload-pack" {
-
if !isPushPermitted(l, incomingUser, qualifiedRepoName, endpoint) {
-
l.Error("access denied: user not allowed",
"reponame", qualifiedRepoName)
fmt.Fprintln(os.Stderr, "access denied: user not allowed")
···
fullPath, _ := securejoin.SecureJoin(gitDir, qualifiedRepoName)
-
l.Info("processing command",
···
if reader, err := os.Open(motdFile); err != nil {
if !errors.Is(err, os.ErrNotExist) {
-
l.Error("failed to read motd file", "error", err)
motdReader = strings.NewReader("Welcome to this knot!\n")
···
if err := gitCmd.Run(); err != nil {
-
l.Error("command failed", "error", err)
fmt.Fprintf(os.Stderr, "command failed: %v\n", err)
return fmt.Errorf("command failed: %v", err)
-
l.Info("command completed",
···
-
func resolveIdentity(ctx context.Context, l *slog.Logger, didOrHandle string) *identity.Identity {
resolver := idresolver.DefaultResolver()
ident, err := resolver.ResolveIdent(ctx, didOrHandle)
-
l.Error("Error resolving handle", "error", err, "handle", didOrHandle)
fmt.Fprintf(os.Stderr, "error resolving handle: %v\n", err)
if ident.Handle.IsInvalidHandle() {
-
l.Error("Error resolving handle", "invalid handle", didOrHandle)
fmt.Fprintf(os.Stderr, "error resolving handle: invalid handle\n")
-
func isPushPermitted(l *slog.Logger, user, qualifiedRepoName, endpoint string) bool {
u, _ := url.Parse(endpoint + "/push-allowed")
···
req, err := http.Get(u.String())
-
l.Error("Error verifying permissions", "error", err)
fmt.Fprintf(os.Stderr, "error verifying permissions: %v\n", err)
-
l.Info("Checking push permission",
···
securejoin "github.com/cyphar/filepath-securejoin"
"github.com/urfave/cli/v3"
"tangled.org/core/idresolver"
func Command() *cli.Command {
···
func Run(ctx context.Context, cmd *cli.Command) error {
incomingUser := cmd.String("user")
gitDir := cmd.String("git-dir")
logPath := cmd.String("log-path")
endpoint := cmd.String("internal-api")
motdFile := cmd.String("motd-file")
logFile, err := os.OpenFile(logPath, os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0644)
+
fileHandler := slog.NewJSONHandler(stream, &slog.HandlerOptions{Level: slog.LevelInfo})
+
slog.SetDefault(slog.New(fileHandler))
if connInfo := os.Getenv("SSH_CONNECTION"); connInfo != "" {
parts := strings.Fields(connInfo)
···
+
slog.Error("access denied: no user specified")
fmt.Fprintln(os.Stderr, "access denied: no user specified")
sshCommand := os.Getenv("SSH_ORIGINAL_COMMAND")
+
slog.Info("connection attempt",
+
slog.Info("access denied: no interactive shells", "user", incomingUser)
fmt.Fprintf(os.Stderr, "Hi @%s! You've successfully authenticated.\n", incomingUser)
cmdParts := strings.Fields(sshCommand)
+
slog.Error("invalid command format", "command", sshCommand)
fmt.Fprintln(os.Stderr, "invalid command format")
···
// any of the above with a leading slash (/)
components := strings.Split(strings.TrimPrefix(strings.Trim(cmdParts[1], "'"), "/"), "/")
+
slog.Info("command components", "components", components)
if len(components) != 2 {
+
slog.Error("invalid repo format", "components", components)
fmt.Fprintln(os.Stderr, "invalid repo format, needs <user>/<repo> or /<user>/<repo>")
didOrHandle := components[0]
+
identity := resolveIdentity(ctx, didOrHandle)
did := identity.DID.String()
repoName := components[1]
qualifiedRepoName, _ := securejoin.SecureJoin(did, repoName)
···
"git-upload-archive": true,
if !validCommands[gitCommand] {
+
slog.Error("access denied: invalid git command", "command", gitCommand)
fmt.Fprintln(os.Stderr, "access denied: invalid git command")
return fmt.Errorf("access denied: invalid git command")
if gitCommand != "git-upload-pack" {
+
if !isPushPermitted(incomingUser, qualifiedRepoName, endpoint) {
+
slog.Error("access denied: user not allowed",
"reponame", qualifiedRepoName)
fmt.Fprintln(os.Stderr, "access denied: user not allowed")
···
fullPath, _ := securejoin.SecureJoin(gitDir, qualifiedRepoName)
+
slog.Info("processing command",
···
if reader, err := os.Open(motdFile); err != nil {
if !errors.Is(err, os.ErrNotExist) {
+
slog.Error("failed to read motd file", "error", err)
motdReader = strings.NewReader("Welcome to this knot!\n")
···
if err := gitCmd.Run(); err != nil {
+
slog.Error("command failed", "error", err)
fmt.Fprintf(os.Stderr, "command failed: %v\n", err)
return fmt.Errorf("command failed: %v", err)
+
slog.Info("command completed",
···
+
func resolveIdentity(ctx context.Context, didOrHandle string) *identity.Identity {
resolver := idresolver.DefaultResolver()
ident, err := resolver.ResolveIdent(ctx, didOrHandle)
+
slog.Error("Error resolving handle", "error", err, "handle", didOrHandle)
fmt.Fprintf(os.Stderr, "error resolving handle: %v\n", err)
if ident.Handle.IsInvalidHandle() {
+
slog.Error("Error resolving handle", "invalid handle", didOrHandle)
fmt.Fprintf(os.Stderr, "error resolving handle: invalid handle\n")
+
func isPushPermitted(user, qualifiedRepoName, endpoint string) bool {
u, _ := url.Parse(endpoint + "/push-allowed")
···
req, err := http.Get(u.String())
+
slog.Error("Error verifying permissions", "error", err)
fmt.Fprintf(os.Stderr, "error verifying permissions: %v\n", err)
+
slog.Info("checking push permission",
oppi.li