Version 1.0.0

Author: marcbachmann

.gitignore

@@ -0,0 +1 @@
+node_modules

.nvmrc

@@ -0,0 +1 @@
+8

Dockerfile

@@ -0,0 +1,9 @@
+FROM node:8-alpine
+
+WORKDIR /app
+ADD package.json /app/package.json
+RUN npm install
+ADD . /app
+
+EXPOSE 3000
+CMD /app/node_modules/.bin/fastify index.js

README.md

@@ -0,0 +1,24 @@
+# [authorizedkeys-github](https://github.com/marcbachmann/authorizedkeys-github) [![](https://img.shields.io/docker/automated/marcbachmann/authorizedkeys-github.svg)](https://hub.docker.com/r/marcbachmann/authorizedkeys-github)
+
+A server that fetches public keys of all members of a github team and writes them into an `.ssh/authorized_keys` file.
+
+You can see a list of all users and their keys on `http://localhost:3000/`
+
+### Usage
+
+```bash
+docker run -it -v /root/.ssh:/user/.ssh -p 3000:3000 \
+-e 'GITHUB_TOKEN=your-github-token' \
+-e 'GITHUB_ORG=upfrontIO' \
+-e 'GITHUB_TEAM=Livingdocs' \
+-e 'AUTHORIZED_KEYS_PATH=/Users/marcbachmann/.ssh/authorized_keys' \
+marcbachmann/authorizedkeys-github
+
+# or
+
+docker run -it -v /root/.ssh:/user/.ssh -p 3000:3000 \
+-e 'GITHUB_TOKEN=your-github-token' \
+-e 'GITHUB_TEAM_ID=352089' \
+-e 'AUTHORIZED_KEYS_PATH=/user/.ssh/authorized_keys' \
+marcbachmann/authorizedkeys-github
+```

circle.yml

@@ -0,0 +1,12 @@
+dependencies:
+  cache_directories:
+    - ~/.npm
+  pre:
+    - rm -Rf ./node_modules
+  override:
+    - nvm install && nvm alias default $(cat .nvmrc)
+    - npm install
+
+test:
+  override:
+    - npm test

index.js

@@ -0,0 +1,37 @@
+module.exports = function (fastify, opts, cb) {
+  const log = fastify.logger.logger
+  const GITHUB_TOKEN = process.env.GITHUB_TOKEN
+  const GITHUB_ORG = process.env.GITHUB_ORG
+  const GITHUB_TEAM = process.env.GITHUB_TEAM
+  const GITHUB_TEAM_ID = process.env.GITHUB_TEAM_ID
+  const AUTHORIZED_KEYS_PATH = process.env.AUTHORIZED_KEYS_PATH
+  const SYNC_INTERVAL = process.env.SYNC_INTERVAL
+
+  if (!GITHUB_TOKEN) throw new Error('The env variable GITHUB_TOKEN is required')
+  if (!AUTHORIZED_KEYS_PATH) throw new Error('The env variable AUTHORIZED_KEYS_PATH is required')
+  if (!GITHUB_TEAM_ID && !(GITHUB_ORG && GITHUB_TEAM)) throw new Error('The env variable GITHUB_TEAM_ID or the combination of GITHUB_ORG and GITHUB_TEAM are required.')
+
+  const keys = require('./keys')({token: GITHUB_TOKEN})
+  const getParams = {org: GITHUB_ORG, teamName: GITHUB_TEAM, teamId: GITHUB_TEAM_ID}
+
+  setInterval(sync, SYNC_INTERVAL || 5*60 * 1000)
+  sync()
+
+  function sync () {
+    keys.get(getParams).then(function (users) {
+      require('./update')(AUTHORIZED_KEYS_PATH, users, function (err) {
+        if (err) {
+          log.fatal(err)
+          process.exit(1)
+        }
+      })
+    }).catch(function (err) {
+      log.fatal(err)
+      process.exit(1)
+    })
+  }
+
+  fastify.get('/', (req, rep) => keys.get(getParams))
+
+  cb()
+}

keys.js

@@ -0,0 +1,57 @@
+const GitHubApi = require('github')
+const headers = {'user-agent': 'authorizedkeys-github-server'}
+const timeout = 5000
+
+module.exports = function (opts) {
+  const token = opts.token
+  opts = Object.assign({timeout, headers}, opts)
+  opts.token = undefined
+
+  const client = new GitHubApi(opts)
+  client.authenticate({type: 'token', token})
+
+  return {
+    get: function (query) {
+      return getMembers(client, query).then(getKeysOfUsers.bind(null, client))
+    }
+  }
+}
+
+function getMembers (client, {teamId, org, teamName}) {
+  let q
+  if (teamId) return getTeamMembers(client, teamId)
+
+  if (!org) throw new Error('The option `org` is required.')
+  if (!teamName) throw new Error('The option `teamName` is required.')
+  return client.orgs.getTeams({org}).then(getMembersByTeamArray(client, teamName))
+}
+
+function getMembersByTeamArray (client, teamName) {
+  return function (res) {
+    const team = res.data.find((t) => t.name === teamName)
+    if (!team) throw new Error(`No team found with the name '${teamName}'`)
+    return getTeamMembers(client, team.id)
+  }
+}
+
+function getTeamMembers (client, id) {
+  return client.orgs.getTeamMembers({id}).then((res) => res.data.filter((m) => m.type === 'User'))
+}
+
+function getKeysOfUsers (client, users) {
+  const getKey = getKeyOfUser.bind(null, client)
+  return Promise.all(users.map(getKey)).then(function (keyz) {
+    return users.map(function (user, i) {
+      return {
+        id: user.id,
+        login: user.login,
+        avatar_url: user.avatar_url,
+        keys: keyz[i]
+      }
+    })
+  })
+}
+
+function getKeyOfUser (client, user) {
+  return client.users.getKeysForUser({username: user.login}).then((res) => res.data.map((k) => k.key))
+}