check for ops in Auth.CheckPublicKey and move /allowlist handling to helper functions

auth.go

@@ -76,13 +76,13 @@ func NewAuth() *Auth {
 	}
 }
 
-func (a *Auth)WhitelistMode() bool{
+func (a *Auth) WhitelistMode() bool {
 	a.whitelistModeMu.RLock()
 	defer a.whitelistModeMu.RUnlock()
 	return a.whitelistMode
 }
 
-func (a *Auth) SetWhitelistMode(value bool){
+func (a *Auth) SetWhitelistMode(value bool) {
 	a.whitelistModeMu.Lock()
 	defer a.whitelistModeMu.Unlock()
 	a.whitelistMode = value
@@ -135,7 +135,7 @@ func (a *Auth) CheckBans(addr net.Addr, key ssh.PublicKey, clientVersion string)
 func (a *Auth) CheckPublicKey(key ssh.PublicKey) error {
 	authkey := newAuthKey(key)
 	whitelisted := a.whitelist.In(authkey)
-	if a.AllowAnonymous() || whitelisted {
+	if a.AllowAnonymous() || whitelisted || a.IsOp(key) {
 		return nil
 	} else {
 		return ErrNotWhitelisted
@@ -170,9 +170,6 @@ func (a *Auth) Op(key ssh.PublicKey, d time.Duration) {
 
 // IsOp checks if a public key is an op.
 func (a *Auth) IsOp(key ssh.PublicKey) bool {
-	if key == nil {
-		return false
-	}
 	authkey := newAuthKey(key)
 	return a.ops.In(authkey)
 }

host.go

@@ -754,57 +754,23 @@ func (h *Host) InitCommands(c *chat.Commands) {
 		return
 	}
 
-	c.Add(chat.Command{
+	allowlistHelptext := []string{
-		// TODO: default for reload
+		"Usage: /allowlist help | on | off | add {PUBKEY|USER}... | remove {PUBKEY|USER}... | import [AGE] | reload {keep|flush} | reverify | status",
-		Op:         true,
+		"help: this help message",
-		Prefix:     "/allowlist",
+		"on, off: set allowlist mode (applies to new connections)",
-		PrefixHelp: "COMMAND [ARGS...]",
+		"add, remove: add or remove keys from the allowlist",
-		Help:       "Modify the allowlist or allowlist state. See /allowlist help for subcommands",
+		"import: add all keys of users connected since AGE (default 0) ago to the allowlist",
-		Handler: func(room *chat.Room, msg message.CommandMsg) error {
+		"reload: re-read the allowlist file and keep or discard entries in the current allowlist but not in the file",
-			if !room.IsOp(msg.From()) {
+		"reverify: kick all users not in the allowlist if allowlisting is enabled",
-				return errors.New("must be op")
+		"status: show status information",
 	}
 
-			args := msg.Args()
+	allowlistImport := func(args []string) (msgs []string, err error) {
-			if len(args) == 0 {
-				args = []string{"help"}
-			}
-
-			// send exactly one message to preserve order
-			replyLines := []string{}
-			sendMsg := func(content string, formatting ...interface{}) {
-				replyLines = append(replyLines, fmt.Sprintf(content, formatting...))
-			}
-
-			switch args[0] {
-			case "help":
-				sendMsg("Usage: /allowlist help | on | off | add {PUBKEY|USER}... | remove {PUBKEY|USER}... | import [AGE] | reload {keep|flush} | reverify | status")
-				sendMsg("help: this help message")
-				sendMsg("on, off: set allowlist mode (applies to new connections)")
-				sendMsg("add, remove: add or remove keys from the allowlist")
-				sendMsg("import: add all keys of users connected since AGE (default 0) ago to the allowlist")
-				sendMsg("reload: re-read the allowlist file and keep or discard entries in the current allowlist but not in the file")
-				sendMsg("reverify: kick all users not in the allowlist if allowlisting is enabled")
-				sendMsg("status: show status information")
-			case "on":
-				h.auth.SetWhitelistMode(true)
-			case "off":
-				h.auth.SetWhitelistMode(false)
-			case "add":
-				for _, errLine := range forPubkeyUser(args[1:], func(pk ssh.PublicKey) { h.auth.Whitelist(pk, 0) }) {
-					sendMsg(errLine)
-				}
-			case "remove":
-				for _, errLine := range forPubkeyUser(args[1:], func(pk ssh.PublicKey) { h.auth.Whitelist(pk, 1) }) {
-					sendMsg(errLine)
-				}
-			case "import":
 		var since time.Duration
-				if len(args) > 1 {
+		if len(args) > 0 {
-					var err error
+			since, err = time.ParseDuration(args[0])
-					since, err = time.ParseDuration(args[1])
 			if err != nil {
-						return err
+				return
 			}
 		}
 		cutoff := time.Now().Add(-since)
@@ -820,35 +786,39 @@ func (h *Host) InitCommands(c *chat.Commands) {
 			return nil
 		})
 		if len(noKeyUsers) != 0 {
-					sendMsg("users without a public key: %v", noKeyUsers)
+			msgs = []string{fmt.Sprintf("users without a public key: %v", noKeyUsers)}
 		}
-			case "reload":
+		return
-				if !(len(args) > 1 && (args[1] == "keep" || args[1] == "flush")) {
+	}
+
+	allowlistReload := func(args []string) error {
+		if !(len(args) > 0 && (args[0] == "keep" || args[0] == "flush")) {
 			return errors.New("must specify whether to keep or flush current entries")
 		}
-				if args[1] == "flush" {
+		if args[0] == "flush" {
 			h.auth.whitelist.Clear()
 		}
-				err := h.auth.LoadWhitelistFromFile(h.auth.whitelistFile)
+		return h.auth.LoadWhitelistFromFile(h.auth.whitelistFile)
-				if err != nil {
-					return err
 	}
-			case "reverify":
+
+	allowlistReverify := func() []string {
 		if !h.auth.WhitelistMode() {
-					sendMsg("allowlist is disabled, so nobody will be kicked")
+			return []string{"allowlist is disabled, so nobody will be kicked"}
-					break
 		}
 		forConnectedUsers(func(user *chat.Member, pk ssh.PublicKey) error {
-					if !h.auth.IsOp(pk) && h.auth.CheckPublicKey(pk) != nil { // TODO: why doesn't CheckPublicKey do this?
+			if h.auth.CheckPublicKey(pk) != nil {
 				user.Close() // TODO: some message anywhere?
 			}
 			return nil
 		})
-			case "status":
+		return nil
+	}
+
+	allowlistStatus := func() (msgs []string) {
 		if h.auth.WhitelistMode() {
-					sendMsg("The allowlist is currently enabled.")
+			msgs = []string{"The allowlist is currently enabled."}
 		} else {
-					sendMsg("The allowlist is currently disabled.")
+			msgs = []string{"The allowlist is currently disabled."}
 		}
 		whitelistedUsers := []string{}
 		whitelistedKeys := []string{}
@@ -868,18 +838,58 @@ func (h *Host) InitCommands(c *chat.Commands) {
 			return nil
 		})
 		if len(whitelistedUsers) != 0 {
-					sendMsg("The following connected users are on the allowlist: %v", whitelistedUsers)
+			msgs = append(msgs, fmt.Sprintf("The following connected users are on the allowlist: %v", whitelistedUsers))
 		}
 		if len(whitelistedKeys) != 0 {
-					sendMsg("The following keys of not connected users are on the allowlist: %v", whitelistedKeys)
+			msgs = append(msgs, fmt.Sprintf("The following keys of not connected users are on the allowlist: %v", whitelistedKeys))
 		}
+		return
+	}
+
+	c.Add(chat.Command{
+		Op:         true,
+		Prefix:     "/allowlist",
+		PrefixHelp: "COMMAND [ARGS...]",
+		Help:       "Modify the allowlist or allowlist state. See /allowlist help for subcommands",
+		Handler: func(room *chat.Room, msg message.CommandMsg) (err error) {
+			if !room.IsOp(msg.From()) {
+				return errors.New("must be op")
+			}
+
+			args := msg.Args()
+			if len(args) == 0 {
+				args = []string{"help"}
+			}
+
+			// send exactly one message to preserve order
+			var replyLines []string
+
+			switch args[0] {
+			case "help":
+				replyLines = allowlistHelptext
+			case "on":
+				h.auth.SetWhitelistMode(true)
+			case "off":
+				h.auth.SetWhitelistMode(false)
+			case "add":
+				replyLines = forPubkeyUser(args[1:], func(pk ssh.PublicKey) { h.auth.Whitelist(pk, 0) })
+			case "remove":
+				replyLines = forPubkeyUser(args[1:], func(pk ssh.PublicKey) { h.auth.Whitelist(pk, 1) })
+			case "import":
+				replyLines, err = allowlistImport(args[1:])
+			case "reload":
+				err = allowlistReload(args[1:])
+			case "reverify":
+				replyLines = allowlistReverify()
+			case "status":
+				replyLines = allowlistStatus()
 			default:
-				return errors.New("invalid subcommand: " + args[0])
+				err = errors.New("invalid subcommand: " + args[0])
 			}
-			if len(replyLines) != 0 {
+			if err == nil && replyLines != nil {
 				room.Send(message.NewSystemMsg(strings.Join(replyLines, "\r\n"), msg.From()))
 			}
-			return nil
+			return
 		},
 	})
 }