1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
|
// Package authorizedcerts implements functions for authorizing users with ssh certificates
package authorizedcerts
import (
"context"
"fmt"
"net/url"
"gitlab.com/gitlab-org/gitlab-shell/v14/client"
"gitlab.com/gitlab-org/gitlab-shell/v14/internal/config"
"gitlab.com/gitlab-org/gitlab-shell/v14/internal/gitlabnet"
)
const (
authorizedCertsPath = "/authorized_certs"
)
// Client wraps a gitlab client and its associated config
type Client struct {
config *config.Config
client *client.GitlabNetClient
}
// Response contains the json response from authorized_certs
type Response struct {
Username string `json:"username"`
Namespace string `json:"namespace"`
}
// NewClient instantiates a Client with config
func NewClient(config *config.Config) (*Client, error) {
client, err := gitlabnet.GetClient(config)
if err != nil {
return nil, fmt.Errorf("error creating http client: %v", err)
}
return &Client{config: config, client: client}, nil
}
// GetByKey makes a request to authorized_certs for the namespace configured with a cert that matches fingerprint
func (c *Client) GetByKey(ctx context.Context, userID, fingerprint string) (*Response, error) {
path, err := pathWithKey(userID, fingerprint)
if err != nil {
return nil, err
}
response, err := c.client.Get(ctx, path)
if err != nil {
return nil, err
}
defer func() {
_ = response.Body.Close()
}()
parsedResponse := &Response{}
if err := gitlabnet.ParseJSON(response, parsedResponse); err != nil {
return nil, err
}
return parsedResponse, nil
}
func pathWithKey(userID, fingerprint string) (string, error) {
u, err := url.Parse(authorizedCertsPath)
if err != nil {
return "", err
}
params := u.Query()
params.Set("key", fingerprint)
params.Set("user_identifier", userID)
u.RawQuery = params.Encode()
return u.String(), nil
}
|
