grim/hgkeeper
Clone
Summary
Browse
Changes
Graph
Remove the explicit write access of admins to the hgkeeper repo.
23 months ago, Gary Kramlich
5389b17b4002
Remove the explicit write access of admins to the hgkeeper repo.
Fixes HGKEEPER-21
package
http
import
(
"fmt"
"net/http"
"strings"
log
"github.com/sirupsen/logrus"
"keep.imfreedom.org/grim/hgkeeper/access"
)
func
authorizedKeysHandler
(
externalHostname
,
externalPort
string
)
http
.
Handler
{
return
http
.
HandlerFunc
(
func
(
w
http
.
ResponseWriter
,
r
*
http
.
Request
)
{
fp
:=
r
.
URL
.
Query
().
Get
(
"fp"
)
if
fp
==
""
{
w
.
WriteHeader
(
http
.
StatusBadRequest
)
fmt
.
Fprintf
(
w
,
"missing fp parameter"
)
return
}
pubkey
,
err
:=
access
.
PubkeyFromFingerprint
(
fp
)
if
err
!=
nil
{
w
.
WriteHeader
(
http
.
StatusNotFound
)
fmt
.
Fprintf
(
w
,
"failed to find fingerprint %q"
,
fp
)
log
.
Errorf
(
"failed to find fingerprint for %s: %v"
,
fp
,
err
)
return
}
options
:=
[]
string
{
fmt
.
Sprintf
(
"command=\"ssh -T %s -p %s $SSH_ORIGINAL_COMMAND\""
,
externalHostname
,
externalPort
,
),
"restrict"
,
"agent-forwarding"
,
}
w
.
WriteHeader
(
http
.
StatusOK
)
fmt
.
Fprintf
(
w
,
fmt
.
Sprintf
(
"%s %s"
,
strings
.
Join
(
options
,
","
),
pubkey
))
})
}