forked from pufferpanel/pufferpanel
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathauthorization.go
More file actions
64 lines (51 loc) · 1.11 KB
/
authorization.go
File metadata and controls
64 lines (51 loc) · 1.11 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
package pufferpanel
import (
"bytes"
"crypto/ecdsa"
"crypto/x509"
"encoding/pem"
"github.com/spf13/viper"
"golang.org/x/crypto/ssh"
"io"
"os"
"sync"
)
type SFTPAuthorization interface {
Validate(username, password string) (perms *ssh.Permissions, err error)
}
var publicKey *ecdsa.PublicKey
var atLocker = &sync.RWMutex{}
func SetPublicKey(key *ecdsa.PublicKey) {
atLocker.Lock()
defer atLocker.Unlock()
publicKey = key
}
func GetPublicKey() *ecdsa.PublicKey {
atLocker.RLock()
defer atLocker.RUnlock()
return publicKey
}
func LoadPublicKey() (*ecdsa.PublicKey, error) {
publicKey := GetPublicKey()
if publicKey != nil {
return publicKey, nil
}
f, err := os.OpenFile(viper.GetString("daemon.auth.publicKey"), os.O_RDONLY, 660)
defer Close(f)
var buf bytes.Buffer
_, _ = io.Copy(&buf, f)
block, _ := pem.Decode(buf.Bytes())
if block == nil {
return nil, ErrKeyNotPEM
}
pub, err := x509.ParsePKIXPublicKey(block.Bytes)
if err != nil {
return nil, err
}
publicKey, ok := pub.(*ecdsa.PublicKey)
if !ok {
return nil, ErrKeyNotECDSA
}
SetPublicKey(publicKey)
return publicKey, nil
}