44 lines
1.2 kB
1
// This program must be configured to run as the sshd AuthorizedKeysCommand.
2
// The format looks something like this:
3
// Match User git
4
// AuthorizedKeysCommand /keyfetch -internal-api http://localhost:5444 -repoguard-path /home/git/repoguard
5
// AuthorizedKeysCommandUser nobody
6
//
7
// The command and its parent directories must be owned by root and set to 0755. Hence, the ideal location for this is
8
// somewhere already owned by root so you don't have to mess with directory perms.
9
10
package main
11
12
import (
13
"encoding/json"
14
"flag"
15
"fmt"
16
"io"
17
"log"
18
"net/http"
19
)
20
21
func main() {
22
endpoint := flag.String("internal-api", "http://localhost:5444", "Internal API endpoint")
23
repoguardPath := flag.String("repoguard-path", "/home/git/repoguard", "Path to the repoguard binary")
24
flag.Parse()
25
26
resp, err := http.Get(*endpoint + "/keys")
27
if err != nil {
28
log.Fatalf("error fetching keys: %v", err)
29
}
30
defer resp.Body.Close()
31
32
body, err := io.ReadAll(resp.Body)
33
if err != nil {
34
log.Fatalf("error reading response body: %v", err)
35
}
36
37
var data []map[string]interface{}
38
err = json.Unmarshal(body, &data)
39
if err != nil {
40
log.Fatalf("error unmarshalling response body: %v", err)
41
}
42
43
fmt.Print(formatKeyData(*repoguardPath, data))
44
}
45