SourceHut user authorized keys (#182)

* SourceHut user authorized keys

* Regenerate docs

---------

Co-authored-by: Owen Ou <[email protected]>

README.md

@@ -114,6 +114,12 @@ This is compatible with `--authorized-keys`.
 $ upterm host --gitlab-user username
 ```
 
+Host a terminal session that only allows specified SourceHut user client public key(s) to connect.
+This is compatible with `--authorized-keys`.
+```console
+$ upterm host --srht-user username
+```
+
 Host a session with a custom command
 ```console
 $ upterm host -- docker run --rm -ti ubuntu bash

cmd/upterm/command/host.go

@@ -29,6 +29,7 @@ var (
 	flagAuthorizedKeys     string
 	flagGitHubUsers        []string
 	flagGitLabUsers        []string
+	flagSourceHutUsers     []string
 	flagReadOnly           bool
 )
 
@@ -70,6 +71,7 @@ func hostCmd() *cobra.Command {
 	cmd.PersistentFlags().StringVarP(&flagAuthorizedKeys, "authorized-key", "a", "", "an authorized_keys file that lists public keys that are permitted to connect.")
 	cmd.PersistentFlags().StringSliceVar(&flagGitHubUsers, "github-user", nil, "this GitHub user public keys are permitted to connect.")
 	cmd.PersistentFlags().StringSliceVar(&flagGitLabUsers, "gitlab-user", nil, "this GitLab user public keys are permitted to connect.")
+	cmd.PersistentFlags().StringSliceVar(&flagSourceHutUsers, "srht-user", nil, "this SourceHut user public keys are permitted to connect.")
 	cmd.PersistentFlags().BoolVarP(&flagReadOnly, "read-only", "r", false, "host a read-only session. Clients won't be able to interact.")
 
 	return cmd
@@ -155,6 +157,13 @@ func shareRunE(c *cobra.Command, args []string) error {
 		}
 		authorizedKeys = append(authorizedKeys, gitLabUserKeys...)
 	}
+	if flagSourceHutUsers != nil {
+		sourceHutUserKeys, err := host.SourceHutUserKeys(flagSourceHutUsers)
+		if err != nil {
+			return fmt.Errorf("error reading SourceHut user keys: %w", err)
+		}
+		authorizedKeys = append(authorizedKeys, sourceHutUserKeys...)
+	}
 
 	signers, cleanup, err := host.Signers(flagPrivateKeys)
 	if err != nil {

docs/upterm.md

@@ -40,4 +40,4 @@ Upterm is an open-source solution for sharing terminal sessions instantly with t
 * [upterm upgrade](upterm_upgrade.md)	 - Upgrade the CLI
 * [upterm version](upterm_version.md)	 - Show version
 
-###### Auto generated by spf13/cobra on 29-Sep-2023
+###### Auto generated by spf13/cobra on 30-Sep-2023

docs/upterm_host.md

@@ -44,10 +44,11 @@ upterm host [flags]
   -i, --private-key strings     private key file for public key authentication against the upterm server (default [/Users/owen/.ssh/id_ed25519])
   -r, --read-only               host a read-only session. Clients won't be able to interact.
       --server string           upterm server address (required), supported protocols are ssh, ws, or wss. (default "ssh://uptermd.upterm.dev:22")
+      --srht-user strings       this SourceHut user public keys are permitted to connect.
 ```
 
 ### SEE ALSO
 
 * [upterm](upterm.md)	 - Secure Terminal Sharing
 
-###### Auto generated by spf13/cobra on 29-Sep-2023
+###### Auto generated by spf13/cobra on 30-Sep-2023

docs/upterm_proxy.md

@@ -30,4 +30,4 @@ upterm proxy [flags]
 
 * [upterm](upterm.md)	 - Secure Terminal Sharing
 
-###### Auto generated by spf13/cobra on 29-Sep-2023
+###### Auto generated by spf13/cobra on 30-Sep-2023

docs/upterm_session.md

@@ -15,4 +15,4 @@ Display session
 * [upterm session info](upterm_session_info.md)	 - Display session by name
 * [upterm session list](upterm_session_list.md)	 - List shared sessions
 
-###### Auto generated by spf13/cobra on 29-Sep-2023
+###### Auto generated by spf13/cobra on 30-Sep-2023

docs/upterm_session_current.md

@@ -30,4 +30,4 @@ upterm session current [flags]
 
 * [upterm session](upterm_session.md)	 - Display session
 
-###### Auto generated by spf13/cobra on 29-Sep-2023
+###### Auto generated by spf13/cobra on 30-Sep-2023

docs/upterm_session_info.md

@@ -27,4 +27,4 @@ upterm session info [flags]
 
 * [upterm session](upterm_session.md)	 - Display session
 
-###### Auto generated by spf13/cobra on 29-Sep-2023
+###### Auto generated by spf13/cobra on 30-Sep-2023

docs/upterm_session_list.md

@@ -27,4 +27,4 @@ upterm session list [flags]
 
 * [upterm session](upterm_session.md)	 - Display session
 
-###### Auto generated by spf13/cobra on 29-Sep-2023
+###### Auto generated by spf13/cobra on 30-Sep-2023

docs/upterm_upgrade.md

@@ -26,4 +26,4 @@ upterm upgrade [flags]
 
 * [upterm](upterm.md)	 - Secure Terminal Sharing
 
-###### Auto generated by spf13/cobra on 29-Sep-2023
+###### Auto generated by spf13/cobra on 30-Sep-2023

docs/upterm_version.md

@@ -16,4 +16,4 @@ upterm version [flags]
 
 * [upterm](upterm.md)	 - Secure Terminal Sharing
 
-###### Auto generated by spf13/cobra on 29-Sep-2023
+###### Auto generated by spf13/cobra on 30-Sep-2023

etc/completion/upterm.bash_completion.sh

@@ -418,6 +418,8 @@ _upterm_host()
     flags+=("-r")
     flags+=("--server=")
     two_word_flags+=("--server")
+    flags+=("--srht-user=")
+    two_word_flags+=("--srht-user")
 
     must_have_one_flag=()
     must_have_one_noun=()

etc/man/man1/upterm-host.1

@@ -53,6 +53,10 @@ Host a terminal session over a reverse SSH tunnel to the Upterm server with the
 \fB--server\fP="ssh://uptermd.upterm.dev:22"
 	upterm server address (required), supported protocols are ssh, ws, or wss.
 
+.PP
+\fB--srht-user\fP=[]
+	this SourceHut user public keys are permitted to connect.
+
 
 .SH EXAMPLE
 .PP
@@ -88,4 +92,4 @@ Host a terminal session over a reverse SSH tunnel to the Upterm server with the
 
 .SH HISTORY
 .PP
-29-Sep-2023 Auto generated by spf13/cobra
+30-Sep-2023 Auto generated by spf13/cobra

etc/man/man1/upterm-proxy.1

@@ -44,4 +44,4 @@ Proxy a terminal session over WebSocket. This must be used in conjunction with S
 
 .SH HISTORY
 .PP
-29-Sep-2023 Auto generated by spf13/cobra
+30-Sep-2023 Auto generated by spf13/cobra

etc/man/man1/upterm-session-current.1

@@ -47,4 +47,4 @@ Display the current session. By default, the command fetches the current session
 
 .SH HISTORY
 .PP
-29-Sep-2023 Auto generated by spf13/cobra
+30-Sep-2023 Auto generated by spf13/cobra

etc/man/man1/upterm-session-info.1

@@ -41,4 +41,4 @@ Display session by name.
 
 .SH HISTORY
 .PP
-29-Sep-2023 Auto generated by spf13/cobra
+30-Sep-2023 Auto generated by spf13/cobra

etc/man/man1/upterm-session-list.1

@@ -41,4 +41,4 @@ List shared sessions. Session admin sockets are located in ~/.upterm.
 
 .SH HISTORY
 .PP
-29-Sep-2023 Auto generated by spf13/cobra
+30-Sep-2023 Auto generated by spf13/cobra

etc/man/man1/upterm-session.1

@@ -29,4 +29,4 @@ Display session
 
 .SH HISTORY
 .PP
-29-Sep-2023 Auto generated by spf13/cobra
+30-Sep-2023 Auto generated by spf13/cobra

etc/man/man1/upterm-upgrade.1

@@ -44,4 +44,4 @@ Upgrade the CLI
 
 .SH HISTORY
 .PP
-29-Sep-2023 Auto generated by spf13/cobra
+30-Sep-2023 Auto generated by spf13/cobra

etc/man/man1/upterm-version.1

@@ -29,4 +29,4 @@ Show version
 
 .SH HISTORY
 .PP
-29-Sep-2023 Auto generated by spf13/cobra
+30-Sep-2023 Auto generated by spf13/cobra

etc/man/man1/upterm.1

@@ -54,4 +54,4 @@ Upterm is an open-source solution for sharing terminal sessions instantly with t
 
 .SH HISTORY
 .PP
-29-Sep-2023 Auto generated by spf13/cobra
+30-Sep-2023 Auto generated by spf13/cobra

host/signer.go

@@ -23,6 +23,7 @@ const (
 	errCannotDecodeEncryptedPrivateKeys = "cannot decode encrypted private keys"
 	gitHubKeysUrlFmt                    = "https://github.com/%s"
 	gitLabKeysUrlFmt                    = "https://gitlab.com/%s"
+	sourceHutKeysUrlFmt                 = "https://meta.sr.ht/~%s"
 )
 
 type errDescryptingPrivateKey struct {
@@ -96,6 +97,10 @@ func GitLabUserKeys(usernames []string) ([]ssh.PublicKey, error) {
 	return getPublicKeys(gitLabKeysUrlFmt, usernames)
 }
 
+func SourceHutUserKeys(usernames []string) ([]ssh.PublicKey, error) {
+	return getPublicKeys(sourceHutKeysUrlFmt, usernames)
+}
+
 // Signers return signers based on the folllowing conditions:
 // If SSH agent is running and has keys, it returns signers from SSH agent, otherwise return signers from private keys;
 // If neither works, it generates a signer on the fly.