luckyimnotanigger/forgejo
1
0
Fork 0
mirror of https://codeberg.org/forgejo/forgejo.git synced 2025-04-20 22:19:33 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
forgejo/cmd/keys.go
Panagiotis "Ivory" Vasilopoulos dbeab2a0c3
Some checks are pending
/ release (push) Waiting to run
Details
testing / backend-checks (push) Has been skipped
Details
testing / frontend-checks (push) Has been skipped
Details
testing / test-unit (push) Has been skipped
Details
testing / test-e2e (push) Has been skipped
Details
testing / test-mysql (push) Has been skipped
Details
testing / test-pgsql (push) Has been skipped
Details
testing / test-sqlite (push) Has been skipped
Details
testing / test-remote-cacher (redis) (push) Has been skipped
Details
testing / test-remote-cacher (valkey) (push) Has been skipped
Details
testing / test-remote-cacher (garnet) (push) Has been skipped
Details
testing / test-remote-cacher (redict) (push) Has been skipped
Details
testing / security-check (push) Has been skipped
Details
chore: introduce gitNeeded bool in setup (#7348) 
There are various commands of the Forgejo CLI that do not actually need Git, because i.e. they only issue network requests. Matter of fact, most occurrences do not actually require Git.

By removing the Git initialization, operations by e.g. the manager will not fail in the absence of a Git binary. This is mostly relevant for an in-the-works Landlock implementation, which aims to minimize access to paths depending on the situation. Although we should expect that Git will be installed on the same system that the user is running Forgejo from, it somewhat slows things down, whereas the same edge cases that we are trying to protect the user from _could_ be achieved by keeping the `setting.RepoRootPath` check.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7348
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Panagiotis "Ivory" Vasilopoulos <git@n0toose.net>
Co-committed-by: Panagiotis "Ivory" Vasilopoulos <git@n0toose.net>
2025-03-31 16:35:20 +00:00

83 lines
2.2 KiB
Go
Raw Blame History

// Copyright 2018 The Gitea Authors. All rights reserved.
// SPDX-License-Identifier: MIT
package cmd
import (
"errors"
"fmt"
"strings"
"forgejo.org/modules/log"
"forgejo.org/modules/private"
"github.com/urfave/cli/v2"
)
// CmdKeys represents the available keys sub-command
var CmdKeys = &cli.Command{
Name: "keys",
Usage: "(internal) Should only be called by SSH server",
Description: "Queries the Forgejo database to get the authorized command for a given ssh key fingerprint",
Before: PrepareConsoleLoggerLevel(log.FATAL),
Action: runKeys,
Flags: []cli.Flag{
&cli.StringFlag{
Name: "expected",
Aliases: []string{"e"},
Value: "git",
Usage: "Expected user for whom provide key commands",
},
&cli.StringFlag{
Name: "username",
Aliases: []string{"u"},
Value: "",
Usage: "Username trying to log in by SSH",
},
&cli.StringFlag{
Name: "type",
Aliases: []string{"t"},
Value: "",
Usage: "Type of the SSH key provided to the SSH Server (requires content to be provided too)",
},
&cli.StringFlag{
Name: "content",
Aliases: []string{"k"},
Value: "",
Usage: "Base64 encoded content of the SSH key provided to the SSH Server (requires type to be provided too)",
},
},
}
func runKeys(c *cli.Context) error {
if !c.IsSet("username") {
return errors.New("No username provided")
}
// Check username matches the expected username
if strings.TrimSpace(c.String("username")) != strings.TrimSpace(c.String("expected")) {
return nil
}
content := ""
if c.IsSet("type") && c.IsSet("content") {
content = fmt.Sprintf("%s %s", strings.TrimSpace(c.String("type")), strings.TrimSpace(c.String("content")))
}
if content == "" {
return errors.New("No key type and content provided")
}
ctx, cancel := installSignals()
defer cancel()
setup(ctx, c.Bool("debug"), true)
authorizedString, extra := private.AuthorizedPublicKeyByContent(ctx, content)
// do not use handleCliResponseExtra or cli.NewExitError, if it exists immediately, it breaks some tests like Test_CmdKeys
if extra.Error != nil {
return extra.Error
}
_, _ = fmt.Fprintln(c.App.Writer, strings.TrimSpace(authorizedString.Text))
return nil
}
Reference in a new issue View git blame Copy permalink