codeisok/update_auth_keys.php at master · badoo/codeisok · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
#!/usr/bin/env php
<?php
require_once(dirname(__FILE__) . '/bootstrap.php');

class UpdateAuthKeys
{
    public function log($text = '')
    {
        $time = date("Y-m-d H:i:s");
        echo "[{$time}] {$text}\n";
    }

    public function run()
    {
        $this->log("Starting ssh keys update process...");

        $Gitosis = new \GitPHP\Model_Gitosis();

        $this->log("Getting users list...");
        $users = $Gitosis->getUsers();
        if ($users === false) {
            $this->log("Cannot receive users from DB");
            return;
        }
        $this->generateAuthKeys($users);

        $repositories = $Gitosis->getRepositories();
        if ($repositories === false) {
            $this->log("Cannot receive repositories from DB");
            return;
        }
        $this->createNewRepositories($repositories);
    }

    /**
     * @param array $users
     */
    public function generateAuthKeys($users)
    {
        $this->log("Generating authorized keys file...");

        $auth_keys = '# autogenerated file. Do not edit';
        foreach ($users as $user) {
            foreach (array_filter(explode("\n", $user['public_key'])) as $key) {
                $auth_keys .= PHP_EOL . \GitPHP\Gitosis::formatKeyString(dirname(__FILE__), $user['username'], $key);
            }
        }
        $auth_keys_path = \GitPHP\Gitosis::getAuthorizedKeysFile();
        $auth_keys_tmp_path = $auth_keys_path . '.tmp';
        if (false === file_put_contents($auth_keys_tmp_path, $auth_keys)) {
            $this->log("Cannot write authorized_keys file");
            return;
        }
        // on the most systems it's not allowed to have authorized_keys files with too wide permissions
        chmod($auth_keys_tmp_path, 0600);
        if (false === rename($auth_keys_tmp_path, $auth_keys_path)) {
            $this->log("Cannot rename tmp auth keys");
        }

        $this->log("\tdone.");
    }

    /**
     * @param array $repositories
     */
    public function createNewRepositories($repositories)
    {
        $this->log("Creating new repositories...");

        $root_directory = GitPHP\Config::GetInstance()->GetValue(GitPHP\Config::PROJECT_ROOT);
        foreach ($repositories as $repository) {
            $full_path = $root_directory . '/' . $repository['project'];
            if (is_dir($full_path)) {
                continue;
            }

            exec("cd " . $root_directory . "; git init --bare " . escapeshellarg($repository['project']), $out, $retval);
            if ($retval) {
                $this->log("Cannot create project {$repository['project']}:\n\t" . implode("\n\t", $out));
            }
        }

        $this->log("\tdone.");
    }
}

$Application = new GitPHP\Application();
$Application->init();

$Script = new UpdateAuthKeys();
$Script->run();