2023-06-08 12:59:00 +02:00
|
|
|
|
#!/usr/bin/env bash
|
2022-12-01 13:25:10 +01:00
|
|
|
|
|
|
|
|
|
# Shell created by Raven for BorgWarehouse.
|
2024-05-12 16:35:45 +02:00
|
|
|
|
# This shell takes 4 args: [repositoryName] [new SSH pub key] [quota] [append-only mode (boolean)]
|
2023-08-22 21:11:28 +02:00
|
|
|
|
# This shell updates the SSH key and the quota for a repository.
|
2022-12-01 13:25:10 +01:00
|
|
|
|
|
|
|
|
|
# Exit when any command fails
|
|
|
|
|
set -e
|
|
|
|
|
|
2023-08-22 21:11:28 +02:00
|
|
|
|
# Load .env if exists
|
|
|
|
|
if [[ -f .env ]]; then
|
|
|
|
|
source .env
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
# Default value if .env not exists
|
|
|
|
|
: "${home:=/home/borgwarehouse}"
|
|
|
|
|
|
2022-12-01 13:25:10 +01:00
|
|
|
|
# Check args
|
2024-05-12 16:35:45 +02:00
|
|
|
|
if [ "$1" == "" ] || [ "$2" == "" ] || [ "$3" == "" ] || [ "$4" != "true" ] && [ "$4" != "false" ]; then
|
|
|
|
|
echo -n "This shell takes 4 args: [repositoryName] [new SSH pub key] [quota] [Append only mode [true|false]]"
|
2022-12-01 13:25:10 +01:00
|
|
|
|
exit 1
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
# Check if the SSH public key is a valid format
|
|
|
|
|
# This pattern validates SSH public keys for : rsa, ed25519, ed25519-sk
|
|
|
|
|
pattern='(ssh-ed25519 AAAAC3NzaC1lZDI1NTE5|sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29t|ssh-rsa AAAAB3NzaC1yc2)[0-9A-Za-z+/]+[=]{0,3}(\s.*)?'
|
|
|
|
|
if [[ ! "$2" =~ $pattern ]]
|
2022-12-17 02:23:42 +01:00
|
|
|
|
then
|
2023-09-03 15:31:15 +02:00
|
|
|
|
echo -n "Invalid public SSH KEY format. Provide a key in OpenSSH format (rsa, ed25519, ed25519-sk)"
|
2022-12-01 13:25:10 +01:00
|
|
|
|
exit 2
|
|
|
|
|
fi
|
|
|
|
|
|
2023-08-22 21:11:28 +02:00
|
|
|
|
# Check if repositoryName length is 8 char. With createRepo.sh our randoms have a length of 8 characters.
|
|
|
|
|
# If we receive another length, there is necessarily a problem.
|
|
|
|
|
repositoryName=$1
|
|
|
|
|
if [ ${#repositoryName} != 8 ]; then
|
2023-09-03 15:31:15 +02:00
|
|
|
|
echo -n "Error with the length of the repositoryName."
|
2022-12-01 13:25:10 +01:00
|
|
|
|
exit 3
|
|
|
|
|
fi
|
|
|
|
|
|
2023-08-22 21:11:28 +02:00
|
|
|
|
# Check if a line in authorized_keys contains repository_name
|
|
|
|
|
if ! grep -q "command=\".*${repositoryName}.*\",restrict" "$home/.ssh/authorized_keys"; then
|
2023-09-03 15:31:15 +02:00
|
|
|
|
echo -n "No line containing $repositoryName found in authorized_keys"
|
2022-12-01 13:25:10 +01:00
|
|
|
|
exit 4
|
|
|
|
|
fi
|
|
|
|
|
|
2023-08-22 21:11:28 +02:00
|
|
|
|
# Check if the new SSH pub key is already present on a line OTHER than the one corresponding to repositoryName
|
|
|
|
|
found=false
|
|
|
|
|
regex="command=\".*${repositoryName}.*\",restrict"
|
|
|
|
|
while IFS= read -r line; do
|
|
|
|
|
if [[ $line =~ $pattern ]]; then
|
|
|
|
|
# Get the SSH pub key of the line (ignore the comment)
|
2023-11-02 11:47:51 +01:00
|
|
|
|
key1=$(echo "${BASH_REMATCH[0]}" | awk '{print $1 " " $2}')
|
2023-08-22 21:11:28 +02:00
|
|
|
|
# Get the SSH pub key of the new SSH pub key (ignore the comment)
|
|
|
|
|
key2=$(echo "$2" | awk '{print $1 " " $2}')
|
|
|
|
|
|
|
|
|
|
if [ "$key1" == "$key2" ]; then
|
|
|
|
|
# If the SSH pub key is already present on a line other than the one corresponding to repositoryName
|
|
|
|
|
if [[ ! $line =~ $regex ]]; then
|
|
|
|
|
found=true
|
|
|
|
|
break
|
|
|
|
|
fi
|
|
|
|
|
fi
|
|
|
|
|
fi
|
|
|
|
|
done < "$home/.ssh/authorized_keys"
|
|
|
|
|
if [ "$found" = true ]; then
|
2023-09-03 15:48:57 +02:00
|
|
|
|
echo -n "This SSH pub key is already present in authorized_keys on a different line."
|
2023-08-22 21:11:28 +02:00
|
|
|
|
exit 5
|
|
|
|
|
fi
|
2022-12-01 13:25:10 +01:00
|
|
|
|
|
2024-05-12 16:35:45 +02:00
|
|
|
|
# Append only mode
|
|
|
|
|
if [ "$4" == "true" ]; then
|
|
|
|
|
sed -ri "/command=\".*${repositoryName}.*\",restrict/ {/borg serve .*--append-only /! s|(borg serve )|\1--append-only |}" "$home/.ssh/authorized_keys"
|
|
|
|
|
elif [ "$4" == "false" ]; then
|
|
|
|
|
sed -ri "/command=\".*${repositoryName}.*\",restrict/ s|(--append-only )||g" "$home/.ssh/authorized_keys"
|
|
|
|
|
fi
|
|
|
|
|
|
2023-08-22 21:11:28 +02:00
|
|
|
|
# Modify authorized_keys for the repositoryName: update the line with the quota and the SSH pub key
|
2024-05-12 16:35:45 +02:00
|
|
|
|
sed -ri "s|(command=\".*${repositoryName}.*--storage-quota ).*G\",restrict .*|\\1$3G\",restrict $2|g" "$home/.ssh/authorized_keys"
|