GitFOSS

#!/bin/sh

# set -u # exit on undefined variable
SSH_ORIGINAL_COMMAND=${SSH_ORIGINAL_COMMAND}
USERNAME=$1

# If SSH_ORIGINAL_COMMAND is unset, simply kill term.
if [ -z ${SSH_ORIGINAL_COMMAND+x} ]; then
  printf '%s\n' "Hi $USER! You've successfully authenticated, but I do not"
  printf '%s\n' "provide interactive shell access."
  exit 128
fi

RES_JSON=$(/usr/bin/ssh_command_node "${USERNAME}")
EXIT=$?

COMMAND=$(echo "$RES_JSON" | jq -r '.command')
AUTH_MODE=$(echo "$RES_JSON" | jq -r '.authMode')
GIT_REPO_DIR=$(echo "$RES_JSON" | jq -r '.gitRepositoryDir')

echo "AUTH_MODE: ${AUTH_MODE}" >> /home/git/ssh_commands.log
echo "GIT_REPO_DIR: ${GIT_REPO_DIR}" >> /home/git/ssh_commands.log

echo "ssh_command_node stdout: ${RES_JSON}" >> /home/git/ssh_commands.log
echo "ssh_command_node exit code: ${EXIT}" >> /home/git/ssh_commands.log

if [ "$EXIT" = "0" ]; then
  $COMMAND $GIT_REPO_DIR;
  RESULT=$?

  echo "result => ${RESULT}" >> /home/git/ssh_commands.log
  exit $?
else
  echo "C: 0017x03Forbidden access.\n"
  exit 1
fi

# If we should reject:


# Assuming bash will only execute the first command in the string
# TODO See this https://unix.stackexchange.com/a/444949/309572
# {
#   $SSH_ORIGINAL_COMMAND
#   exit $?
# } || { # catch
#   echo "Could not complete request."
#   exit 1
# }