core/bild.db

This is a binary file and will not be displayed.

+3 -1

core/src/db.rs

··· 17 17 CREATE TABLE IF NOT EXISTS keys ( 18 18 id INTEGER PRIMARY KEY AUTOINCREMENT, 19 19 did TEXT NOT NULL, 20 20 + handle TEXT NOT NULL, 20 21 key TEXT NOT NULL, 21 21 - UNIQUE(did, key) 22 22 + name TEXT NOT NULL, 23 23 + UNIQUE(did, handle, key) 22 24 ) 23 25 ", 24 26 [],

+1

core/src/main.rs

··· 32 32 .route("/", routing::get(index::get)) 33 33 .route("/login", routing::get(login::get).post(login::post)) 34 34 .route("/keys", routing::get(keys::get).put(keys::put)) 35 35 + .route("/keys-file", routing::get(keys::keys_file)) 35 36 .layer(session_layer) 36 37 .with_state(app_state) 37 38 .layer(Extension(Arc::new(db)));

+41 -6

core/src/routes.rs

··· 87 87 88 88 #[derive(Deserialize)] 89 89 pub struct GetReq { 90 90 - id: AtIdentifier, 90 90 + handle: AtIdentifier, 91 91 } 92 92 93 93 #[derive(Serialize)] ··· 101 101 State(state): State<AppState>, 102 102 Query(req): Query<GetReq>, 103 103 ) -> impl IntoResponse { 104 104 - let did_doc = state.resolve_did_document(&req.id).await.unwrap(); 104 104 + let did_doc = state.resolve_did_document(&req.handle).await.unwrap(); 105 105 let keys = db 106 106 .conn 107 107 .call(|c| { ··· 115 115 .await 116 116 .unwrap(); 117 117 Json(GetRes { 118 118 - id: req.id.clone(), 118 118 + id: req.handle.clone(), 119 119 keys, 120 120 }) 121 121 } ··· 123 123 #[derive(Deserialize)] 124 124 pub struct PutReq { 125 125 key: String, 126 126 + name: String, 126 127 } 127 128 128 129 pub async fn put( ··· 141 142 None => StatusCode::UNAUTHORIZED, 142 143 Some(sess) => { 143 144 let did = sess.did.clone().into(); 145 145 + let handle = sess.handle.clone().into(); 144 146 db.conn 145 147 .call(|c| { 146 146 - c.execute("INSERT INTO keys (did, key) VALUES (?1, ?2)", [ 147 147 - did, req.key, 148 148 - ])?; 148 148 + c.execute( 149 149 + "INSERT INTO keys (did, handle, key, name) VALUES (?1, ?2, ?3, ?4)", 150 150 + [did, handle, req.key, req.name], 151 151 + )?; 149 152 Ok(()) 150 153 }) 151 154 .await ··· 153 156 StatusCode::OK 154 157 } 155 158 } 159 159 + } 160 160 + 161 161 + pub async fn keys_file(Extension(db): Extension<Arc<db::Db>>) -> impl IntoResponse { 162 162 + authorized_keys_file(db).await 163 163 + } 164 164 + 165 165 + // TODO: use this 166 166 + async fn write_authorized_keys_file(db: Arc<db::Db>) { 167 167 + let file = authorized_keys_file(db).await; 168 168 + tokio::fs::write("/home/git/.ssh/authorized_keys", &file) 169 169 + .await 170 170 + .unwrap(); 171 171 + } 172 172 + 173 173 + // TODO: use this 174 174 + async fn authorized_keys_file(db: Arc<db::Db>) -> String { 175 175 + db.conn 176 176 + .call(|c| { 177 177 + let mut stmt = c.prepare("SELECT handle, key FROM keys")?; 178 178 + let file = stmt 179 179 + .query_map([], |row| { 180 180 + let handle = row.get::<usize, String>(0)?; 181 181 + let key = row.get::<usize, String>(1)?; 182 182 + Ok(format!(r##"command="/home/git/repoguard -base-dir /home/git -user {handle} -log-path /home/git/log ",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty {key}"##)) 183 183 + })? 184 184 + .filter_map(|r| r.ok()) 185 185 + .collect::<Vec<_>>() 186 186 + .join("\n"); 187 187 + Ok(file) 188 188 + }) 189 189 + .await 190 190 + .unwrap() 156 191 } 157 192 }