selfprivacy-rest-api/selfprivacy_api/resources/services/ssh.py

123 lines
3.4 KiB
Python
Raw Normal View History

2021-11-11 18:31:28 +00:00
#!/usr/bin/env python3
2021-11-16 16:14:01 +00:00
"""SSH management module"""
import json
2021-11-16 16:14:01 +00:00
import portalocker
from flask_restful import Resource, reqparse
2021-11-11 18:31:28 +00:00
from selfprivacy_api.resources.services import api
2021-11-16 16:14:01 +00:00
2021-11-11 18:31:28 +00:00
class EnableSSH(Resource):
2021-11-16 16:14:01 +00:00
"""Enable SSH"""
2021-11-11 18:31:28 +00:00
def post(self):
2021-11-16 16:14:01 +00:00
"""
Enable SSH
---
tags:
- SSH
security:
- bearerAuth: []
responses:
200:
description: SSH enabled
401:
description: Unauthorized
"""
with open(
"/etc/nixos/userdata/userdata.json", "r+", encoding="utf-8"
) as userdata_file:
portalocker.lock(userdata_file, portalocker.LOCK_EX)
try:
2021-11-16 16:14:01 +00:00
data = json.load(userdata_file)
if "ssh" not in data:
data["ssh"] = {}
data["ssh"]["enable"] = True
2021-11-16 16:14:01 +00:00
userdata_file.seek(0)
json.dump(data, userdata_file, indent=4)
userdata_file.truncate()
finally:
2021-11-16 16:14:01 +00:00
portalocker.unlock(userdata_file)
2021-11-11 18:31:28 +00:00
return {
"status": 0,
"message": "SSH enabled",
}
class WriteSSHKey(Resource):
2021-11-16 16:14:01 +00:00
"""Write new SSH key"""
2021-11-11 18:31:28 +00:00
def put(self):
2021-11-16 16:14:01 +00:00
"""
Add a SSH root key
---
consumes:
- application/json
tags:
- SSH
security:
- bearerAuth: []
parameters:
- in: body
name: body
required: true
description: Public key to add
schema:
type: object
required:
- public_key
properties:
public_key:
type: string
description: ssh-ed25519 public key.
responses:
201:
description: Key added
400:
description: Bad request
401:
description: Unauthorized
409:
description: Key already exists
"""
2021-11-11 18:45:57 +00:00
parser = reqparse.RequestParser()
parser.add_argument(
"public_key", type=str, required=True, help="Key cannot be blank!"
)
args = parser.parse_args()
2021-11-11 18:31:28 +00:00
2021-11-16 16:14:01 +00:00
public_key = args["public_key"]
2021-11-11 18:31:28 +00:00
2021-11-16 16:14:01 +00:00
with open(
"/etc/nixos/userdata/userdata.json", "r+", encoding="utf-8"
) as userdata_file:
portalocker.lock(userdata_file, portalocker.LOCK_EX)
try:
2021-11-16 16:14:01 +00:00
data = json.load(userdata_file)
if "ssh" not in data:
data["ssh"] = {}
if "rootKeys" not in data["ssh"]:
data["ssh"]["rootKeys"] = []
2021-11-16 16:14:01 +00:00
# Return 409 if key already in array
2021-11-17 09:18:17 +00:00
for key in data["ssh"]["rootKeys"]:
2021-11-16 16:14:01 +00:00
if key == public_key:
return {
"error": "Key already exists",
2021-11-16 16:14:01 +00:00
}, 409
2021-11-17 09:18:17 +00:00
data["ssh"]["rootKeys"].append(public_key)
2021-11-16 16:14:01 +00:00
userdata_file.seek(0)
json.dump(data, userdata_file, indent=4)
userdata_file.truncate()
finally:
2021-11-16 16:14:01 +00:00
portalocker.unlock(userdata_file)
2021-11-11 18:31:28 +00:00
return {
"status": 0,
"message": "New SSH key successfully written",
2021-11-16 16:14:01 +00:00
}, 201
2021-11-11 18:31:28 +00:00
api.add_resource(EnableSSH, "/ssh/enable")
api.add_resource(WriteSSHKey, "/ssh/key/send")