mirror of
https://github.com/chrislusf/seaweedfs
synced 2025-06-29 16:22:46 +02:00
27a392f706
* improve perfs & fix rclone & refactoring Signed-off-by: Mohamed Sekour <mohamed.sekour@exfo.com> * improve perfs on download + add seaweedfs all-in-one deployment Signed-off-by: Mohamed Sekour <mohamed.sekour@exfo.com> * use helper for topologySpreadConstraints and fix create home dir of sftp users Signed-off-by: Mohamed Sekour <mohamed.sekour@exfo.com> * fix helm lint Signed-off-by: Mohamed Sekour <mohamed.sekour@exfo.com> * add missing ctx param Signed-off-by: Mohamed Sekour <mohamed.sekour@exfo.com> --------- Signed-off-by: Mohamed Sekour <mohamed.sekour@exfo.com>
51 lines
1.2 KiB
Go
51 lines
1.2 KiB
Go
package auth
|
|
|
|
import (
|
|
"fmt"
|
|
|
|
"github.com/seaweedfs/seaweedfs/weed/sftpd/user"
|
|
"golang.org/x/crypto/ssh"
|
|
)
|
|
|
|
// PublicKeyAuthenticator handles public key-based authentication
|
|
type PublicKeyAuthenticator struct {
|
|
userStore user.Store
|
|
enabled bool
|
|
}
|
|
|
|
// NewPublicKeyAuthenticator creates a new public key authenticator
|
|
func NewPublicKeyAuthenticator(userStore user.Store, enabled bool) *PublicKeyAuthenticator {
|
|
return &PublicKeyAuthenticator{
|
|
userStore: userStore,
|
|
enabled: enabled,
|
|
}
|
|
}
|
|
|
|
// Enabled returns whether public key authentication is enabled
|
|
func (a *PublicKeyAuthenticator) Enabled() bool {
|
|
return a.enabled
|
|
}
|
|
|
|
// Authenticate validates a public key for a user
|
|
func (a *PublicKeyAuthenticator) Authenticate(conn ssh.ConnMetadata, key ssh.PublicKey) (*ssh.Permissions, error) {
|
|
username := conn.User()
|
|
|
|
// Check if public key auth is enabled
|
|
if !a.enabled {
|
|
return nil, fmt.Errorf("public key authentication disabled")
|
|
}
|
|
|
|
// Convert key to string format for comparison
|
|
keyData := string(key.Marshal())
|
|
|
|
// Validate public key
|
|
if a.userStore.ValidatePublicKey(username, keyData) {
|
|
return &ssh.Permissions{
|
|
Extensions: map[string]string{
|
|
"username": username,
|
|
},
|
|
}, nil
|
|
}
|
|
|
|
return nil, fmt.Errorf("authentication failed")
|
|
}
|