feat: check for syringe client version

nixpig · Jul 17, 2024 · 7783854 · 7783854
1 parent 4c64cb5
commit 7783854
Show file tree

Hide file tree

Showing 4 changed files with 18 additions and 5 deletions.
diff --git a/README.md b/README.md
@@ -60,13 +60,13 @@ Secrets can be managed using 'projects' and 'environments'.
 
 ### P1
 
+- [ ] Genericise storage solution so whole thing can self-hosted and backed by sqlite databases
 - [ ] Build and publish artifact on GitHub
+- [ ] Build and publish deployable Docker image for server
 - [ ] Install script that downloads cli binary into path.
 - [ ] E2E tests with the CLI (or SSH?) client, including a couple like trying to create secrets for a non-existent project or environmnet
   - Work out how to start/stop server asynchronously and run tests. Could be containerised using testcontainers?
   - Just use testcontainers??
-- [ ] Genericise storage solution so whole thing can self-hosted and backed by sqlite databases
-- [ ] Build and publish deployable Docker image for server
 
 ### P2
 

diff --git a/config/config.go b/config/config.go
@@ -1,3 +1,4 @@
 package config
 
 const Version = "0.0.3"
+const Client = "SSH-2.0-Syringe"
diff --git a/internal/middleware/auth.go b/internal/middleware/auth.go
@@ -1,7 +1,10 @@
 package middleware
 
 import (
+	"fmt"
+
 	"github.com/charmbracelet/ssh"
+	"github.com/nixpig/syringe.sh/config"
 	"github.com/nixpig/syringe.sh/internal/auth"
 	"github.com/nixpig/syringe.sh/pkg/ctxkeys"
 	"github.com/rs/zerolog"
@@ -13,14 +16,21 @@ func NewMiddlewareAuth(
 ) func(next ssh.Handler) ssh.Handler {
 	return func(next ssh.Handler) ssh.Handler {
 		return func(sess ssh.Session) {
+			clientVersion := sess.Context().ClientVersion()
+
+			if clientVersion != config.Client {
+				logger.Warn().Str("clientVersion", clientVersion).Msg("invalid client")
+				sess.Stderr().Write([]byte(fmt.Sprintf("Unsupported client %s.\nPlease use the syringe CLI, available at: \n  https://github.com/nixpig/syringe.sh\n", clientVersion)))
+				return
+			}
 			user, err := authService.AuthenticateUser(auth.AuthenticateUserRequest{
 				Username:  sess.User(),
 				PublicKey: sess.PublicKey(),
 			})
 			if err != nil {
 				logger.Warn().Msg("user not authenticated")
 
-				sess.Write([]byte("Public key not recognised.\n"))
+				sess.Stderr().Write([]byte("Public key not recognised.\n"))
 
 				return
 			}

diff --git a/pkg/ssh/client.go b/pkg/ssh/client.go
@@ -6,6 +6,7 @@ import (
 	"net"
 	"os"
 
+	"github.com/nixpig/syringe.sh/config"
 	"github.com/skeema/knownhosts"
 	gossh "golang.org/x/crypto/ssh"
 	"golang.org/x/crypto/ssh/agent"
@@ -54,8 +55,9 @@ func NewSSHClient(
 	knownHosts string,
 ) (*SSHClient, error) {
 	sshConfig := &gossh.ClientConfig{
-		User: username,
-		Auth: []gossh.AuthMethod{authMethod},
+		User:          username,
+		ClientVersion: config.Client,
+		Auth:          []gossh.AuthMethod{authMethod},
 
 		HostKeyCallback: gossh.HostKeyCallback(
 			func(hostname string, remote net.Addr, key gossh.PublicKey) error {