bayrepo
/
hestiacp
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'e4624d9398'
${ noResults }
hestiacp/bin/v-check-access-key

115 lines
3.3 KiB
Raw Normal View History Unescape

Initial
2 years ago
#!/bin/bash
# info: check access key
# options: ACCESS_KEY_ID SECRET_ACCESS_KEY COMMAND [IP] [FORMAT]
#
# example: v-check-access-key key_id secret v-purge-nginx-cache 127.0.0.1 json
#
# * Checks if the key exists;
# * Checks if the secret belongs to the key;
# * Checks if the key user is suspended;
# * Checks if the key has permission to run the command.
#----------------------------------------------------------#
# Variables & Functions #
#----------------------------------------------------------#
access_key_id="$(basename "$1")"
secret_access_key=$2
hst_command=$3
ip46=${4-127.0.0.1}
format=${5-shell}
# Includes
# shellcheck source=/etc/hestiacp/hestia.conf
source /etc/hestiacp/hestia.conf
# shellcheck source=/usr/local/hestia/func/main.sh
source $HESTIA/func/main.sh
# load config file
source_conf "$HESTIA/conf/hestia.conf"
# Perform verification if read-only mode is enabled
check_hestia_demo_mode
time_n_date=$(date +'%T %F')
time=$(echo "$time_n_date" | cut -f 1 -d \ )
date=$(echo "$time_n_date" | cut -f 2 -d \ )
# JSON list function
json_list() {
echo -n '{"USER": "'$user'"'
if [[ -n "$user_arg_pos" ]]; then
echo -n ', "USER_ARG_POSITION": '$user_arg_pos''
fi
echo '}'
}
# SHELL list function
shell_list() {
echo "USER: $user"
if [[ -n "$user_arg_pos" ]]; then
echo "USER_ARG_POSITION: $user_arg_pos"
fi
}
# Callback to intercept invalid result validation
abort_missmatch() {
echo "Error: $2"
echo "$date $time ${access_key_id:-api} $ip46 failed to login" >> $HESTIA/log/auth.log
# Add a log for user
if [[ "$1" == "$E_PASSWORD" && -n "$user" ]]; then
log_history "[$ip46] $access_key_id $2" "Error" "$user" "API"
fi
if [[ "$1" == "$E_FORBIDEN" ]]; then
exit "$1"
fi
exit "$E_PASSWORD"
}
#----------------------------------------------------------#
# Verifications #
#----------------------------------------------------------#
# Add a callback to intercept invalid "check_result" results
CHECK_RESULT_CALLBACK="abort_missmatch"
check_args '3' "$#" 'ACCESS_KEY_ID SECRET_ACCESS_KEY COMMAND [IP] [FORMAT]'
is_format_valid 'access_key_id' 'ip46' 'command'
is_object_valid 'key' 'KEY' "$access_key_id"
is_format_valid 'secret_access_key'
check_access_key_secret "$access_key_id" "$secret_access_key" user
check_access_key_cmd "$access_key_id" "$hst_command" user_arg_pos
# Check if key owner is active
is_format_valid 'user'
is_object_valid 'user' 'USER' "$user"
export USER_DATA=$HESTIA/data/users/$user
is_object_unsuspended 'user' 'USER' "$user"
# Remove the check_result callback
CHECK_RESULT_CALLBACK=""
#----------------------------------------------------------#
# Action #
#----------------------------------------------------------#
# Listing data
case $format in
json) json_list ;;
shell) shell_list ;;
esac
#----------------------------------------------------------#
# Hestia #
#----------------------------------------------------------#
# Logging
log_history "[$ip46] Access key $access_key_id successfully launched with command $hst_command" "Info" "$user" "API"
echo "$date $time $access_key_id $ip46 $hst_command successfully launched" >> $HESTIA/log/auth.log
exit