veryroundbird.house
1// This program must be configured to run as the sshd AuthorizedKeysCommand.
2// The format looks something like this:
3// Match User git
4// AuthorizedKeysCommand /keyfetch -internal-api http://localhost:5444 -repoguard-path /home/git/repoguard
5// AuthorizedKeysCommandUser nobody
6//
7// The command and its parent directories must be owned by root and set to 0755. Hence, the ideal location for this is
8// somewhere already owned by root so you don't have to mess with directory perms.
9
10package main
11
12import (
13 "encoding/json"
14 "flag"
15 "fmt"
16 "io"
17 "log"
18 "net/http"
19)
20
21func main() {
22 endpoint := flag.String("internal-api", "http://localhost:5444", "Internal API endpoint")
23 repoguardPath := flag.String("repoguard-path", "/home/git/repoguard", "Path to the repoguard binary")
24 gitDir := flag.String("git-dir", "/home/git", "Path to the git directory")
25 logPath := flag.String("log-path", "/home/git/log", "Path to log file")
26 flag.Parse()
27
28 resp, err := http.Get(*endpoint + "/keys")
29 if err != nil {
30 log.Fatalf("error fetching keys: %v", err)
31 }
32 defer resp.Body.Close()
33
34 body, err := io.ReadAll(resp.Body)
35 if err != nil {
36 log.Fatalf("error reading response body: %v", err)
37 }
38
39 var data []map[string]interface{}
40 err = json.Unmarshal(body, &data)
41 if err != nil {
42 log.Fatalf("error unmarshalling response body: %v", err)
43 }
44
45 fmt.Print(formatKeyData(*repoguardPath, *gitDir, *logPath, *endpoint, data))
46}