add key delete feature and update authorized_key file system

gitprep.conf

@@ -25,6 +25,10 @@
 ;;; encoding name follow Perl encoding API.
 ;encoding_suspects=cp932,UTF-8
 
+;;; authorized_keys file for public key authentication via ssh.
+;;; default is "$ENV{HOME}/.ssh/authorized_keys"
+; authorized_keys_file=/home/gitprep/.ssh/authorized_keys
+
 [admin]
 ;;; If you forget admin password,
 ;;; set this value to 1 and access /reset-password page.

lib/Gitprep.pm

@@ -68,6 +68,20 @@ sub startup {
   weaken $manager->{app};
   $self->manager($manager);
 
+  # authorized_keys file
+  my $authorized_keys_file = $self->config('authorized_keys_file');
+  unless (defined $authorized_keys_file) {
+    if (defined $ENV{HOME}) {
+      $authorized_keys_file = "$ENV{HOME}/.ssh/authorized_keys_file";
+    }
+  }
+  if (defined $authorized_keys_file) {
+    $self->manager->authorized_keys_file($authorized_keys_file);
+  }
+  else {
+    $self->app->log->warn(qq/Config "authorized_keys_file" can't be detected/);
+  }
+
   # Repository home
   my $rep_home = $ENV{GITPREP_REP_HOME} || $self->home->rel_file('data/rep');
   $git->rep_home($rep_home);

lib/Gitprep/Manager.pm

@@ -6,8 +6,12 @@ use Encode 'encode';
 use File::Copy qw/move copy/;
 use File::Path qw/mkpath rmtree/;
 use File::Temp ();
+use Fcntl ':flock';
+use Carp 'croak';
+use File::Copy qw/copy move/;
 
 has 'app';
+has 'authorized_keys_file';
 
 sub admin_user {
   my $self = shift;
@@ -448,6 +452,121 @@ EOS
   }
 }
 
+
+sub update_authorized_keys_file {
+  my $self = shift;
+
+  my $authorized_keys_file = $self->authorized_keys_file;
+  if (defined $authorized_keys_file) {
+
+    # Lock file
+    my $lock_file = $self->app->rel_file('lock/authorized_keys');
+    open my $lock_fh, $lock_file
+      or croak "Can't open lock file $lock_file";
+    flock $lock_fh, LOCK_EX
+      or croak "Can't lock $lock_file";
+
+    # Create authorized_keys_file
+    unless (-f $authorized_keys_file) {
+      open my $fh, '>', $authorized_keys_file
+        or croak "Can't create $authorized_keys_file";
+    }
+
+    # Parse file
+    my ($before_part, $gitprep_part, $after_part)
+      = $self->_parse_authorized_keys_file($authorized_keys_file);
+
+    # Backup at first time
+    if ($gitprep_part eq '') {
+      # Backup original file
+      my $to = "$authorized_keys_file.gitprep.original";
+      unless (-f $to) {
+        copy $authorized_keys_file, $to
+          or croak "Can't copy $authorized_keys_file to $to";
+      }
+    }
+
+    # Create public keys
+    my $ssh_public_keys = $self->app->dbi->mode('ssh_public_key')->select->all;
+    my $ssh_public_keys_str = '';
+    for my $key (@$ssh_public_keys) {
+      my $ssh_public_key_str = $self->app->home->rel_file('script/gitprep-shell')
+        . " $key->{user_id},no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty $key->{key}";
+      $ssh_public_keys_str .= "$ssh_public_key_str\n\n";
+    }
+
+    # Output tmp file
+    my $output = "$before_part\n\n$ssh_public_keys_str\n\n$after_part";
+    my $output_file = "$authorized_keys_file.gitprep.tmp";
+    open my $out_fh, '>', $output_file
+      or croak "Can't create authorized_keys tmp file $output_file";
+    print $out_fh $output;
+    close $out_fh
+      or croak "Can't close authorized_keys tmp file $output_file";
+
+    # Replace
+    move $output_file, $authorized_keys_file
+      or croak "Can't replace $authorized_keys_file by $output_file";
+
+    # Unlock file
+    flock $lock_fh, LOCK_EX
+      or croak "Can't unlock $lock_file"
+  }
+  else {
+    croak qq/authorized_keys file "$authorized_keys_file" is not found./;
+  }
+}
+
+sub _parse_authorized_keys_file {
+  my ($self, $file) = shift;
+
+  my $start_symbol = "# gitprep start";
+  my $end_symbol = "# gitprep end";
+
+  # Parse
+  open my $fh, '<', $file
+    or croak "Can't open $file";
+  my $start_symbol_count = 0;
+  my $end_symbol_count = 0;
+  my $before_part = '';
+  my $gitprep_part = '';
+  my $after_part = '';
+  my $error_prefix = "authorized_keys file $file format error:";
+  while (my $line = <$fh>) {
+    if ($line =~ /^$start_symbol/) {
+      if ($start_symbol_count > 0) {
+        croak qq/$error_prefix "$start_symbol" is found more than one/;
+      }
+      else {
+        if ($end_symbol_count > 0) {
+          croak qq/$error_prefix "$end_symbol" is found before "$start_symbol"/;
+        }
+        else {
+          $start_symbol_count++;
+        }
+      }
+    }
+    elsif ($line =~ /^$end_symbol/) {
+      if ($end_symbol > 0) {
+        croak qq/$error_prefix "$end_symbol" is found more than one/;
+      }
+      else {
+        $end_symbol++;
+      }
+    }
+    elsif ($start_symbol_count == 0 && $end_symbol_count == 0) {
+      $before_part .= $line;
+    }
+    elsif ($start_symbol_count == 1 && $end_symbol_count == 0) {
+      $gitprep_part .= $line;
+    }
+    elsif ($start_symbol_count == 1 && $end_symbol_count == 1) {
+      $after_part .= $line;
+    }
+  }
+  return ($before_part, $gitprep_part, $after_part);
+}
+
 sub _create_project {
   my ($self, $user, $project, $params) = @_;
   $params ||= {};

templates/user-settings/ssh.html.ep

@@ -85,7 +85,10 @@
           key => $key
         };
         eval {
-          app->dbi->model('ssh_public_key')->insert($p);
+          app->dbi->connector->txn(sub {
+            app->dbi->model('ssh_public_key')->insert($p);
+            # $self->manager->update_authorized_keys_file;
+          });
         };
 
         if (my $e = $@) {
@@ -102,6 +105,22 @@
         $errors = $vresult->messages;
       }
     }
+    # Delete ssh public key
+    elsif ($op eq 'delete') {
+      my $row_id = param('row-id');
+      eval {
+        app->dbi->model('ssh_public_key')->delete(where => {row_id => $row_id});
+      };
+
+      if (my $e = $@) {
+        app->log->error(url_with . ": $e");
+        $errors = ['Internal Error'];
+      }
+      else {
+        flash(message => 'Success: a key is deleted');
+        $self->redirect_to('current');
+      }
+    }
   }
 
   my $keys = app->dbi->model('ssh_public_key')->select(where => {user_id => $user})->all;
@@ -144,22 +163,25 @@
                 This is a list of SSH keys associated with your account. Remove any keys that you do not recognize.
               </div>
               % for my $key (@$keys) {
-                <div class="border-gray" style="border-top:none;">
-                  <div class="row">
-                    <div class="span7" style="width:600px">
-                      <div style="font-size:15px;padding:10px">
-                        <div>
-                          <b><%= $key->{title} %></b>
+                <form action="<%= url_for->query(op => 'delete') %>" method="post" style="margin:0;padding:0">
+                  <div class="border-gray" style="border-top:none;">
+                    <div class="row">
+                      <div class="span7" style="width:600px">
+                        <div style="font-size:15px;padding:10px">
+                          <div>
+                            <b><%= $key->{title} %></b>
+                          </div>
                         </div>
                       </div>
-                    </div>
-                    <div class="span2">
-                      <div style="padding:5px;text-align:right">
-                        <a class="btn btn-danger" href="javascript:void(0)">Delete</a>
+                      <div class="span2">
+                        <div style="padding:5px;text-align:right">
+                          <a class="btn btn-danger" href="javascript:void(0)" onclick="$(this).closest('form').submit()">Delete</a>
+                          <%= hidden_field 'row-id' => $key->{row_id} %>
+                        </div>
                       </div>
                     </div>
                   </div>
-                </div>
+                </form>
               % }
             % } else {
               <div class="border-gray" style="margin-bottom:30px;border-top:none;padding:10px">