import type { ReqHandler } from "@ethicdevs/react-monolith";
import { GitServer } from "@ethicdevs/fastify-git-server";
import { AppRoute, AppRouteParams } from "../routes.defs";
import { makeGitServerService } from "../services/gitServer";
const onSSHAuth: ReqHandler<AppRouteParams, AppRoute.SSH_AUTH> = async (
request,
reply
) => {
const gitService = makeGitServerService({
request,
cryptoService: request.cryptoService,
});
request.body =
typeof request.body === "string" ? JSON.parse(request.body) : request.body;
const { command, repoSlug, username, publicKey } = request.body;
console.log("command:", command);
console.log("repoSlug:", repoSlug);
console.log("username:", username);
console.log("publicKey:", publicKey);
const result = await gitService.repositoryResolver(
repoSlug.replace(/\.git$/, "")
);
let { authMode, gitRepositoryDir } = result;
gitRepositoryDir = gitRepositoryDir.toString().endsWith(".git")
? gitRepositoryDir
: `${gitRepositoryDir}.git`;
console.log("authMode:", authMode);
console.log("gitRepositoryDir:", gitRepositoryDir);
if (
authMode === GitServer.AuthMode.NEVER ||
(authMode === GitServer.AuthMode.PUSH_ONLY &&
command !== "git-receive-pack")
) {
console.log(
"no need for auth, repo is public/push_only and command is not push"
);
reply.status(200).send({
success: true,
authMode,
command,
gitRepositoryDir,
});
return;
}
const isAuthorizationValid = await gitService.authorizationResolver(
repoSlug.replace(/\.git$/, "") + ".pub",
{
username,
password: publicKey,
}
);
console.log(
"authorization result:",
isAuthorizationValid ? "valid" : "invalid"
);
const { frame } = require("git-pkt-line");
const msg = frame("error", "Forbidden access.");
console.log("message:", msg.toString("ascii"));
reply.status(isAuthorizationValid ? 200 : 400).send({
success: isAuthorizationValid,
authMode,
command,
gitRepositoryDir,
});
};
export const SSHAuthController = {
onSSHAuth,
};