auth

Dockerfile

@@ -2,7 +2,7 @@
 FROM node:latest
 
 # install nginx
-RUN apt-get update && apt-get install -y nginx git fcgiwrap spawn-fcgi
+RUN apt-get update && apt-get install -y nginx git fcgiwrap spawn-fcgi pass
 ENV GIT_PEAR=/srv/repos/pear
 EXPOSE 80
 STOPSIGNAL SIGTERM
@@ -23,7 +23,7 @@ RUN npm link
 
 RUN mkdir -p /srv/repos/pear
 
-
+COPY docker/gna.sh /app/
 COPY docker/nginx-default-config /etc/nginx/sites-enabled/default
 
 WORKDIR /app

docker/entrypoint.sh

@@ -3,6 +3,8 @@
 exec > >(tee -a "/tmp/deployment.log") 2>&1
 
 export GIT_PEAR=/srv/repos/pear 
+export GIT_PEAR_AUTH="nip98"
+export GIT_PEAR_AUTH_NSEC="nsec1lnumf25dacf7804ezv4zyd262j08g3n9h6h2fdntwgpxmhwqhw3sy3vjkp"
 git pear daemon -s 
 # if $1 exists
 if [ -n "$1" ]; then
@@ -16,7 +18,9 @@ if [[ $REPO_NAME =~ ^https.* ]]; then
   mkdir -p /srv/repos/"$ORIGINAL_NAME"
   git clone $REPO_NAME /srv/repos/"$ORIGINAL_NAME"
   cd /srv/repos/"$ORIGINAL_NAME"
-  git pear init -s
+  git pear init .
+  git pear share . public
+  git pear acl add $USER_NPUB:admin
 # enter pear repo and expose http
   cd /srv/repos/pear/"$ORIGINAL_NAME"/
   echo "[http]" >> config
@@ -27,8 +31,9 @@ fi
 if [[ ! $REPO_NAME =~ ^https.* ]]; then
   mkdir -p /srv/repos/"$REPO_NAME"
   cd /srv/repos/"$REPO_NAME"
-  git init 
+  git pear init .
-  git pear init -s
+  git pear share . public
+  git pear acl add $USER_NPUB:admin
   # enter pear repo and expose http
   cd /srv/repos/pear/"$REPO_NAME"/
   echo "[http]" >> config

docker/gna.sh

@@ -0,0 +1,60 @@
+#!/bin/bash
+set -e
+
+if ! [ -x "$(command -v nak)" ]; then
+  echo 'Error: nak is not installed.' >&2
+  echo 'Please install nak from https://github.com/fiatjaf/nak/tree/master'
+fi
+
+if ! [ -x "$(command -v jq)" ]; then
+  echo 'Error: jq is not installed.' >&2
+  echo 'Please install jq from https://stedolan.github.io/jq/download/'
+fi
+
+if ! [ -x "$(command -v pass)" ]; then
+  echo 'Error: pass is not installed.' >&2
+  echo 'Please install pass from https://www.passwordstore.org/'
+fi
+
+echo "Please insert you NSEC:"
+read -s SK
+DECODED=$(nak decode $SK)
+PUBLIC_KEY=$(echo $DECODED | jq -r .pubkey)
+PRIVATE_KEY=$(echo $DECODED | jq -r .private_key)
+PASS_PATH="nostr/$PUBLIC_KEY"
+{ echo $PRIVATE_KEY ; echo $PRIVATE_KEY ; } | pass insert $PASS_PATH
+
+read -p "Provide path to git repository or press \"Enter\" to use curent directory:" GIT_REPO
+GIT_REPO=${GIT_REPO:-.}
+
+if [ ! -d "$GIT_REPO/.git" ]; then
+  echo "$GIT_REPO is not a directory. Exiting..."
+  exit 1
+fi
+
+HOOK=`cat <<'EOF'
+#!/bin/sh\n
+\n
+url="$2"\n
+commit=$(git rev-parse HEAD)\n
+privKey=$(pass PASS_PATH)\n
+EVENT="{\"content\":\"\",\"kind\":27235,\"created_at\":$(date +%s),\"tags\":[[\"u\",\"$url\"],[\"method\",\"push\"],[\"payload\",\"$commit\"]]}"\n
+SIGNED=$(echo -n $EVENT | nak event -sec $privKey)\n
+NOSTR_AUTH_HEADER=$(echo -n $SIGNED | base64 -w 0)\n
+git config http.$url.extraHeader "X-Authorization: Nostr $NOSTR_AUTH_HEADER"\n
+EOF
+`
+PASS_PATH=$(sed 's/\//\\\//g' <<< "$PASS_PATH")
+PATTERN="s/PASS_PATH/$PASS_PATH/g"
+HOOK=$(sed "$PATTERN" <<< "$HOOK")
+
+echo "Installing git hooks..."
+if [ -f "$GIT_REPO/.git/hooks/pre-push" ]; then
+  echo "pre-push hook already exists. Skipping..."
+else
+  echo "Installing pre-push hook..."
+  echo -e $HOOK >> $GIT_REPO/.git/hooks/pre-push
+  chmod +x $GIT_REPO/.git/hooks/pre-push
+fi
+
+echo "Done!"