files: provision-user CLI + anonymous public HTTP serving#58
Merged
Conversation
Lets external services (the TronBrowser extension store) host files on files.profullstack.com without the interactive `ssh join@` onboarding. - `agentbbs provision-user --name <h> --pubkey "<ssh key>"`: registers a member from an SSH *public* key (account = handle + key fingerprint). Reuses SanitizeUsername (same rules as join@) + EnsureUser; Files/SFTP access is free for members, so the account can immediately `scp … files@host:/public/extensions/<slug>/`. JSON output; refuses on key/ handle collision. New auth.FingerprintAuthorizedKey() parses an authorized_keys line to the same SHA256 fp as a live session key (tested). - setup.sh: the files.<host> Caddy site now serves the shared /public area as unauthenticated, read-only static files (handle_path /public/*), so .crx/.zip download links work for anyone — mapping 1:1 to the SFTP path. Non-/public paths still hit the auth'd web file manager. - docs/files.md updated. Note: not compiled here — repo go.mod requires go 1.26 and this sandbox has 1.22.2; changes pass gofmt parse/format checks. Reuses existing store/auth APIs. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
vu1nz Security Review0 finding(s) in PR #? No security issues found. |
`go test ./...` / `go vet ./...` fail on `wish.Println(… "…\n")` — Println already appends a newline. Pre-existing on main (its CI is red for the same two lines); surfaced here. Switched both to `wish.Print` with an explicit trailing "\n\n" so output bytes are unchanged and vet is satisfied. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Why
The TronBrowser extension store (profullstack/tronbrowser.dev#5) needs to host publishers'
.crx/.zipbundles on files.profullstack.com without making every dev runssh join@and use an SCP client. Two small additions make AgentBBS Files usable as that host.What
agentbbs provision-userCLI — registers a member from an SSH public key (an account is just handle + key fingerprint). ReusesSanitizeUsername(same rules asjoin@) +EnsureUser; Files/SFTP access is free for members, so the account can immediately:{ok,name,fingerprint,store_id}); refuses on key/handle collision. Newauth.FingerprintAuthorizedKey()parses an authorized_keys line to the same SHA256 fp as a live session key.files.<host>Caddy site (insetup.sh) now serves the shared/publicarea as unauthenticated, read-only static files (handle_path /public/*), so download links work for anyone. Maps 1:1 to the SFTP path; non-/publicpaths still hit the auth'd web manager. (Today'sfilewebrequires login even to download — wrong for shared artifacts.)docs/files.mdupdated.Provisioning trigger
The store SSHes to this host and runs
provision-userwith an operator key when a publisher submits their pubkey (decided with @chovy). No new HTTP endpoint — fits the existing CLI-subcommand pattern (grant-pod,mint-token, …).Not compiled in CI-of-record here:
go.modrequires go 1.26 and my sandbox has 1.22.2, sogo build/go testcan't run. Changes passgofmtparse + format checks and reuse existingstore/authAPIs (EnsureUser,UserByFingerprint,ErrKeyMismatch,SanitizeUsername). Please rungo build ./... && go test ./internal/auth/...before merge.🤖 Generated with Claude Code