Merge pull request #227 from moul/renovate/all

fix(deps): update all

.github/ISSUE_TEMPLATE.md

@@ -1,25 +1,15 @@
-<!-- Thanks for filling an issue!
+### Actual Result / Problem
 
-If this is a BUG REPORT, please:
-  - Fill in as much of the template below as you can
+When I do Foo, Bar happens...
 
-If this is a FEATURE REQUEST, please:
-  - Describe *in detail* the feature/behavior/change you would like to see
--->
+### Expected Result / Suggestion
 
-**What happened**:
+I expect that Foobar happens...
 
-**What you expected to happen**:
+### Some context
 
-**How to reproduce it (as minimally and precisely as possible)**:
-
-**Anything else we need to know?**:
-
-<!--
-**Environment**:
-- sshportal --version
-- ssh sshportal info
-- OS (e.g. from /etc/os-release): 
-- install method (e.g. go/docker/brew/...):
-- others:
--->
+Any screenshot to share?
+`sshportal --version`?
+`ssh sshportal info`?
+OS/Go version?
+...

.github/PULL_REQUEST_TEMPLATE.md

@@ -1,7 +1 @@
-<!--  Thanks for sending a pull request!  Here are some tips for you -->
-
-**What this PR does / why we need it**:
-
-**Which issue this PR fixes**: fixes #xxx, fixes #xxx...
-
-**Special notes for your reviewer**:
+<!-- thank you for your contribution! ❤️  -->

.github/workflows/ci.yml

@@ -20,9 +20,9 @@ jobs:
     steps:
       - uses: actions/checkout@v2
       - name: lint
-        uses: golangci/golangci-lint-action@v2.5.1
+        uses: golangci/golangci-lint-action@v2.5.2
         with:
-          version: v1.28
+          version: v1.38
           github-token: ${{ secrets.GITHUB_TOKEN }}
   tests-on-windows:
     needs: golangci-lint # run after golangci-lint action to not produce duplicated errors
@@ -30,7 +30,7 @@ jobs:
     strategy:
       matrix:
         golang:
-          - 1.15.0
+          - 1.16.x
     steps:
       - uses: actions/checkout@v2
       - name: Install Go
@@ -46,14 +46,14 @@ jobs:
     strategy:
       matrix:
         golang:
-          - 1.15.0
+          - 1.16.x
     steps:
       - uses: actions/checkout@v2
       - name: Install Go
         uses: actions/setup-go@v2
         with:
           go-version: ${{ matrix.golang }}
-      - uses: actions/cache@v2.1.3
+      - uses: actions/cache@v2.1.5
         with:
           path: ~/go/pkg/mod
           key: ${{ runner.os }}-go-${{ matrix.golang }}-${{ hashFiles('**/go.sum') }}
@@ -67,16 +67,17 @@ jobs:
     strategy:
       matrix:
         golang:
-          - 1.13
-          - 1.14
-          - 1.15.0
+          - 1.13.x
+          - 1.14.x
+          - 1.15.x
+          - 1.16.x
     steps:
       - uses: actions/checkout@v2
       - name: Install Go
         uses: actions/setup-go@v2
         with:
           go-version: ${{ matrix.golang }}
-      - uses: actions/cache@v2.1.3
+      - uses: actions/cache@v2.1.5
         with:
           path: ~/go/pkg/mod
           key: ${{ runner.os }}-go-${{ matrix.golang }}-${{ hashFiles('**/go.sum') }}

AUTHORS

@@ -5,9 +5,11 @@ ahh <ahamidullah@gmail.com>
 Alen Masic <alenn.masic@gmail.com>
 Alexander Turner <me@alexturner.co>
 bozzo <bozzo@users.noreply.github.com>
+Darko Djalevski <darko.djalevski@inplayer.com>
 dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 fossabot <badges@fossa.io>
 ImgBotApp <ImgBotHelp@gmail.com>
+Jason Wessel <jason.wessel@windriver.com>
 Jean-Louis Férey <jeanlouis.ferey@orange.com>
 jerard@alfa-safety.fr <jrrdev@users.noreply.github.com>
 Jess <jessachandler@gmail.com>
@@ -20,6 +22,7 @@ Manuel <manuel.sabban@nbs-system.com>
 Manuel Sabban <manu@sabban.eu>
 Manuel Sabban <msa@nbs-system.com>
 Mathieu Pasquet <mathieu.pasquet@alterway.fr>
+matteyeux <matteyeux@users.noreply.github.com>
 Mikael Rapp <micke.rapp@gmail.com>
 MitaliBo <mitali.bisht14@gmail.com>
 moul-bot <bot@moul.io>
@@ -27,6 +30,7 @@ Nelly Asher <karmelylle@rambler.ru>
 NocFlame <aad@nocflame.se>
 Quentin Perez <qperez42@gmail.com>
 Renovate Bot <bot@renovateapp.com>
+Sergey Yashchuk <11705746+GreyOBox@users.noreply.github.com>
 Sergey Yashchuk <sergey.yashchuk@coins.ph>
 Shawn Wang <shawn111@gmail.com>
 Valentin Daviot <valentin.daviot@alterway.fr>

depaware.txt

@@ -96,7 +96,8 @@ moul.io/sshportal dependencies: (generated by github.com/tailscale/depaware)
         hash                                                         from crypto+
         html                                                         from github.com/asaskevich/govalidator+
         io                                                           from bufio+
-        io/ioutil                                                    from crypto/tls+
+        io/fs                                                        from crypto/rand+
+        io/ioutil                                                    from crypto/x509+
         log                                                          from github.com/gliderlabs/ssh+
         math                                                         from crypto/rsa+
         math/big                                                     from crypto/dsa+

go.mod

@@ -2,32 +2,34 @@ module moul.io/sshportal
 
 require (
 	github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be
-	github.com/asaskevich/govalidator v0.0.0-20200907205600-7a23bdc65eef
+	github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d
 	github.com/cpuguy83/go-md2man/v2 v2.0.0 // indirect
 	github.com/creack/pty v1.1.11 // indirect
-	github.com/davecgh/go-spew v1.1.1 // indirect
-	github.com/docker/docker v1.13.1
+	github.com/docker/docker v20.10.6+incompatible
 	github.com/dustin/go-humanize v1.0.0
 	github.com/gliderlabs/ssh v0.3.2
-	github.com/go-sql-driver/mysql v1.5.0
-	github.com/gopherjs/gopherjs v0.0.0-20181103185306-d547d1d9531e // indirect
+	github.com/go-sql-driver/mysql v1.6.0
 	github.com/jinzhu/gorm v1.9.16
 	github.com/kr/pty v1.1.8
-	github.com/lib/pq v1.8.0 // indirect
+	github.com/lib/pq v1.10.1 // indirect
 	github.com/mattn/go-colorable v0.1.8 // indirect
-	github.com/mattn/go-sqlite3 v2.0.3+incompatible // indirect
+	github.com/mattn/go-runewidth v0.0.12 // indirect
+	github.com/mattn/go-sqlite3 v1.14.7 // indirect
 	github.com/mgutz/ansi v0.0.0-20200706080929-d51e80ef957d
 	github.com/olekukonko/tablewriter v0.0.5
 	github.com/pkg/errors v0.9.1
 	github.com/reiver/go-oi v1.0.0
 	github.com/reiver/go-telnet v0.0.0-20180421082511-9ff0b2ab096e
+	github.com/rivo/uniseg v0.2.0 // indirect
+	github.com/russross/blackfriday/v2 v2.1.0 // indirect
 	github.com/sabban/bastion v0.0.0-20180110125408-b9d3c9b1f4d3
-	github.com/smartystreets/assertions v0.0.0-20190401211740-f487f9de1cd3 // indirect
 	github.com/smartystreets/goconvey v1.6.4
-	github.com/stretchr/testify v1.4.0 // indirect
+	github.com/tailscale/depaware v0.0.0-20201214215404-77d1e9757027
 	github.com/urfave/cli v1.22.5
-	golang.org/x/crypto v0.0.0-20201112155050-0c6587e931a9
-	golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f // indirect
+	golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b
+	golang.org/x/sys v0.0.0-20210423185535-09eb48e85fd7 // indirect
+	golang.org/x/term v0.0.0-20210422114643-f5beecf764ed // indirect
+	golang.org/x/tools v0.1.0
 	gopkg.in/gormigrate.v1 v1.6.0
 	moul.io/srand v1.6.1
 )

go.sum

@@ -4,22 +4,23 @@ github.com/PuerkitoBio/goquery v1.5.1/go.mod h1:GsLWisAFVj4WgDibEWF4pvYnkVQBpKBK
 github.com/andybalholm/cascadia v1.1.0/go.mod h1:GsXiBklL0woXo1j/WYWtSYYC4ouU9PqHO0sqidkEA4Y=
 github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be h1:9AeTilPcZAjCFIImctFaOjnTIavg87rW78vTPkQqLI8=
 github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be/go.mod h1:ySMOLuWl6zY27l47sB3qLNK6tF2fkHG55UZxx8oIVo4=
-github.com/asaskevich/govalidator v0.0.0-20200907205600-7a23bdc65eef h1:46PFijGLmAjMPwCCCo7Jf0W6f9slllCkkv7vyc1yOSg=
-github.com/asaskevich/govalidator v0.0.0-20200907205600-7a23bdc65eef/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
+github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d h1:Byv0BzEl3/e6D5CLfI0j/7hiIEtvGVFPCZ7Ei2oq8iQ=
+github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
+github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d h1:U+s90UTSYgptZMwQh2aRr3LuazLJIa+Pg3Kc1ylSYVY=
 github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
 github.com/cpuguy83/go-md2man/v2 v2.0.0 h1:EoUDS0afbrsXAZ9YQ9jdu/mZ2sXgT1/2yyNng4PGlyM=
 github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
+github.com/creack/pty v1.1.7 h1:6pwm8kMQKCmgUg0ZHTm5+/YvRK0s3THD/28+T6/kk4A=
 github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY=
 github.com/creack/pty v1.1.11 h1:07n33Z8lZxZ2qwegKbObQohDhXDQxiMMz1NOUGYlesw=
 github.com/creack/pty v1.1.11/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
+github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
-github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/denisenkom/go-mssqldb v0.0.0-20181014144952-4e0d7dc8888f/go.mod h1:xN/JuLBIz4bjkxNmByTiV1IbhfnYb6oo99phBn4Eqhc=
 github.com/denisenkom/go-mssqldb v0.0.0-20191124224453-732737034ffd h1:83Wprp6ROGeiHFAP8WJdI2RoxALQYgdllERc3N5N2DM=
 github.com/denisenkom/go-mssqldb v0.0.0-20191124224453-732737034ffd/go.mod h1:xbL0rPBG9cCiLr28tMa8zpbdarY27NDyej4t/EjAShU=
-github.com/docker/docker v1.13.1 h1:IkZjBSIc8hBjLpqeAbeE5mca5mNgeatLHBy3GO78BWo=
-github.com/docker/docker v1.13.1/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
+github.com/docker/docker v20.10.6+incompatible h1:oXI3Vas8TI8Eu/EjH4srKHJBVqraSzJybhxY7Om9faQ=
+github.com/docker/docker v20.10.6+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
 github.com/dustin/go-humanize v1.0.0 h1:VSnTsYCnlFHaM2/igO1h6X3HA71jcobQuxemgkq4zYo=
 github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk=
 github.com/erikstmartin/go-testdb v0.0.0-20160219214506-8d10e4a1bae5 h1:Yzb9+7DPaBjB8zlTR87/ElzFsnQfuHnVUVqpZZIcV5Y=
@@ -29,14 +30,15 @@ github.com/gliderlabs/ssh v0.3.2/go.mod h1:U7qILu1NlMHj9FlMhZLlkCdDnU1DBEAqr0aev
 github.com/go-sql-driver/mysql v1.4.1/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w=
 github.com/go-sql-driver/mysql v1.5.0 h1:ozyZYNQW3x3HtqT1jira07DN2PArx2v7/mN66gGcHOs=
 github.com/go-sql-driver/mysql v1.5.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg=
+github.com/go-sql-driver/mysql v1.6.0 h1:BCTh4TKNUYmOmMUcQ3IipzF5prigylS7XXjEkfCHuOE=
+github.com/go-sql-driver/mysql v1.6.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg=
 github.com/gofrs/uuid v3.2.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM=
 github.com/golang-sql/civil v0.0.0-20190719163853-cb61b32ac6fe h1:lXe2qZdvpiX5WZkZR4hgp4KJVfY3nMkvmwbVkpv1rVY=
 github.com/golang-sql/civil v0.0.0-20190719163853-cb61b32ac6fe/go.mod h1:8vg3r2VgvsThLBIFL93Qb5yWzgyZWhEmBwUJWevAkK0=
 github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
+github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1 h1:EGx4pi6eqNxGaHF6qqu48+N2wcFQ5qg5FXgOdqsJ5d8=
 github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
-github.com/gopherjs/gopherjs v0.0.0-20181103185306-d547d1d9531e h1:JKmoR8x90Iww1ks85zJ1lfDGgIiMDuIptTOhJq+zKyg=
-github.com/gopherjs/gopherjs v0.0.0-20181103185306-d547d1d9531e/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
 github.com/jinzhu/gorm v1.9.2/go.mod h1:Vla75njaFJ8clLU1W44h34PjIkijhjHIYnZxMqCdxqo=
 github.com/jinzhu/gorm v1.9.16 h1:+IyIjPEABKRpsu/F8OvDPy9fyQlgsg2luMV2ZIH5i5o=
 github.com/jinzhu/gorm v1.9.16/go.mod h1:G3LB3wezTOWM2ITLzPxEXgSkOXAntiLHS7UdBefADcs=
@@ -55,22 +57,27 @@ github.com/kr/pty v1.1.8/go.mod h1:O1sed60cT9XZ5uDucP5qwvh+TE3NnUj51EiZO/lmSfw=
 github.com/lib/pq v1.0.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
 github.com/lib/pq v1.1.1 h1:sJZmqHoEaY7f+NPP8pgLB/WxulyR3fewgCM2qaSlBb4=
 github.com/lib/pq v1.1.1/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
-github.com/lib/pq v1.8.0 h1:9xohqzkUwzR4Ga4ivdTcawVS89YSDVxXMa3xJX3cGzg=
-github.com/lib/pq v1.8.0/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
+github.com/lib/pq v1.10.1 h1:6VXZrLU0jHBYyAqrSPa+MgPfnSvTPuMgK+k0o5kVFWo=
+github.com/lib/pq v1.10.1/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
 github.com/mattn/go-colorable v0.1.8 h1:c1ghPdyEDarC70ftn0y+A/Ee++9zz8ljHG1b13eJ0s8=
 github.com/mattn/go-colorable v0.1.8/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc=
 github.com/mattn/go-isatty v0.0.12 h1:wuysRhFDzyxgEmMf5xjvJ2M9dZoWAXNNr5LSBS7uHXY=
 github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU=
 github.com/mattn/go-runewidth v0.0.9 h1:Lm995f3rfxdpd6TSmuVCHVb/QhupuXlYr8sCI/QdE+0=
 github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI=
+github.com/mattn/go-runewidth v0.0.12 h1:Y41i/hVW3Pgwr8gV+J23B9YEY0zxjptBuCWEaxmAOow=
+github.com/mattn/go-runewidth v0.0.12/go.mod h1:RAqKPSqVFrSLVXbA8x7dzmKdmGzieGRCM46jaSJTDAk=
 github.com/mattn/go-sqlite3 v1.10.0/go.mod h1:FPy6KqzDD04eiIsT53CuJW3U88zkxoIYsOqkbpncsNc=
+github.com/mattn/go-sqlite3 v1.14.0 h1:mLyGNKR8+Vv9CAU7PphKa2hkEqxxhn8i32J6FPj1/QA=
 github.com/mattn/go-sqlite3 v1.14.0/go.mod h1:JIl7NbARA7phWnGvh0LKTyg7S9BA+6gx71ShQilpsus=
-github.com/mattn/go-sqlite3 v2.0.3+incompatible h1:gXHsfypPkaMZrKbD5209QV9jbUTJKjyR5WD3HYQSd+U=
-github.com/mattn/go-sqlite3 v2.0.3+incompatible/go.mod h1:FPy6KqzDD04eiIsT53CuJW3U88zkxoIYsOqkbpncsNc=
+github.com/mattn/go-sqlite3 v1.14.7 h1:fxWBnXkxfM6sRiuH3bqJ4CfzZojMOLVc0UTsTglEghA=
+github.com/mattn/go-sqlite3 v1.14.7/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A/KQRfk6bU=
 github.com/mgutz/ansi v0.0.0-20200706080929-d51e80ef957d h1:5PJl274Y63IEHC+7izoQE9x6ikvDFZS2mDVS3drnohI=
 github.com/mgutz/ansi v0.0.0-20200706080929-d51e80ef957d/go.mod h1:01TrycV0kFyexm33Z7vhZRXopbI8J3TDReVlkTgMUxE=
 github.com/olekukonko/tablewriter v0.0.5 h1:P2Ga83D34wi1o9J6Wh1mRuqd4mF/x/lgBS7N7AbDhec=
 github.com/olekukonko/tablewriter v0.0.5/go.mod h1:hPp6KlRPjbx+hW8ykQs1w3UBbZlj6HuIJcUGPhkA7kY=
+github.com/pkg/diff v0.0.0-20200914180035-5b29258ca4f7 h1:+/+DxvQaYifJ+grD4klzrS5y+KJXldn/2YTl5JG+vZ8=
+github.com/pkg/diff v0.0.0-20200914180035-5b29258ca4f7/go.mod h1:zO8QMzTeZd5cpnIkz/Gn6iK0jDfGicM1nynOkkPIl28=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
@@ -79,36 +86,54 @@ github.com/reiver/go-oi v1.0.0 h1:nvECWD7LF+vOs8leNGV/ww+F2iZKf3EYjYZ527turzM=
 github.com/reiver/go-oi v1.0.0/go.mod h1:RrDBct90BAhoDTxB1fenZwfykqeGvhI6LsNfStJoEkI=
 github.com/reiver/go-telnet v0.0.0-20180421082511-9ff0b2ab096e h1:quuzZLi72kkJjl+f5AQ93FMcadG19WkS7MO6TXFOSas=
 github.com/reiver/go-telnet v0.0.0-20180421082511-9ff0b2ab096e/go.mod h1:+5vNVvEWwEIx86DB9Ke/+a5wBI464eDRo3eF0LcfpWg=
+github.com/rivo/uniseg v0.1.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
+github.com/rivo/uniseg v0.2.0 h1:S1pD9weZBuJdFmowNwbpi7BJ8TNftyUImj/0WQi72jY=
+github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
 github.com/russross/blackfriday/v2 v2.0.1 h1:lPqVAte+HuHNfhJ/0LC98ESWRz8afy9tM/0RK8m9o+Q=
 github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
+github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk=
+github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
 github.com/sabban/bastion v0.0.0-20180110125408-b9d3c9b1f4d3 h1:yxUGvEatvDMO6gkhwx82Va+Czdyui9LiCw6a5YB/2f8=
 github.com/sabban/bastion v0.0.0-20180110125408-b9d3c9b1f4d3/go.mod h1:1Q04m7wmv/IMoZU9t8UkH+n9McWn4i3H9v9LnMgqloo=
+github.com/sergi/go-diff v1.0.0 h1:Kpca3qRNrduNnOQeazBd0ysaKrUJiIuISHxogkT9RPQ=
+github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo=
 github.com/shurcooL/sanitized_anchor_name v1.0.0 h1:PdmoCO6wvbs+7yrJyMORt4/BmY5IYyJwS/kOiWx8mHo=
 github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
+github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d h1:zE9ykElWQ6/NYmHa3jpm/yHnI4xSofP+UP6SpjHcSeM=
 github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc=
-github.com/smartystreets/assertions v0.0.0-20190401211740-f487f9de1cd3 h1:hBSHahWMEgzwRyS6dRpxY0XyjZsHyQ61s084wo5PJe0=
-github.com/smartystreets/assertions v0.0.0-20190401211740-f487f9de1cd3/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc=
 github.com/smartystreets/goconvey v1.6.4 h1:fv0U8FUIMPNf1L9lnHLvLhgicrIVChEkdzIKYqbNC9s=
 github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/testify v1.3.0 h1:TivCn/peBQ7UY8ooIcPgZFpTNSz0Q2U6UrFlUfqbe0Q=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 github.com/stretchr/testify v1.4.0 h1:2E4SXV/wtOkTonXsotYi4li6zVWxYlZuYNCXe9XRJyk=
 github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
+github.com/tailscale/depaware v0.0.0-20201214215404-77d1e9757027 h1:lK99QQdH3yBWY6aGilF+IRlQIdmhzLrsEmF6JgN+Ryw=
+github.com/tailscale/depaware v0.0.0-20201214215404-77d1e9757027/go.mod h1:p9lPsd+cx33L3H9nNoecRRxPssFKUwwI50I3pZ0yT+8=
 github.com/urfave/cli v1.22.5 h1:lNq9sAHXK2qfdI8W+GRItjCEkI+2oR4d+MEHy1CKXoU=
 github.com/urfave/cli v1.22.5/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0=
+github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 golang.org/x/crypto v0.0.0-20181112202954-3d3f9f413869/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20190325154230-a5d413f7728c/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20191205180655-e7c4368fe9dd/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/crypto v0.0.0-20201112155050-0c6587e931a9 h1:umElSU9WZirRdgu2yFHY0ayQkEnKiOC1TtM3fWXFnoU=
-golang.org/x/crypto v0.0.0-20201112155050-0c6587e931a9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b h1:7mWr3k41Qtv8XlltBkDkl8LoP3mpSgBW8BUoxtEdbXg=
+golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4=
+golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
+golang.org/x/mod v0.4.0 h1:8pl+sMODzuvGJkmj2W4kZihvVb5mKm8pB/X44PIQHv8=
+golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/net v0.0.0-20180218175443-cbe0f9307d01/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
+golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
+golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
+golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -116,8 +141,26 @@ golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f h1:+Nyd8tzPX9R7BWHguqsrbFdRx3WQ/1ib8I44HXV5yTA=
 golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210423185535-09eb48e85fd7 h1:iGu644GcxtEcrInvDsQRCwJjtCIOlT2V7IRt6ah2Whw=
+golang.org/x/sys v0.0.0-20210423185535-09eb48e85fd7/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
+golang.org/x/term v0.0.0-20210422114643-f5beecf764ed h1:Ei4bQjjpYUsS4efOUz+5Nz++IVkHk87n2zBA0NxBWc0=
+golang.org/x/term v0.0.0-20210422114643-f5beecf764ed/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190328211700-ab21143f2384/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
+golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20201211185031-d93e913c1a58 h1:1Bs6RVeBFtLZ8Yi1Hk07DiOqzvwLD/4hln4iahvFlag=
+golang.org/x/tools v0.0.0-20201211185031-d93e913c1a58/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
+golang.org/x/tools v0.1.0 h1:po9/4sTYwZU9lPhi1tOrb4hCv3qrhiQ77LZfGa2OjwY=
+golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0=
+golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 h1:go1bK/D/BFZV2I8cIQd1NKEZ+0owSTG1fDTci4IqFcE=
+golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 google.golang.org/appengine v1.3.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=

internal/tools/tools.go

@@ -0,0 +1,11 @@
+// +build tools
+
+package tools
+
+import (
+	// required by depaware
+	_ "github.com/tailscale/depaware/depaware"
+
+	// required by goimports
+	_ "golang.org/x/tools/cover"
+)

main.go

@@ -83,6 +83,11 @@ func main() {
 					Value: 0,
 					Usage: "Duration before an inactive connection is timed out (0 to disable)",
 				},
+				cli.StringFlag{
+					Name:   "acl-check-cmd",
+					EnvVar: "SSHPORTAL_ACL_CHECK_CMD",
+					Usage:  "Execute external command to check ACL",
+				},
 			},
 		}, {
 			Name:   "healthcheck",

pkg/bastion/acl.go

@@ -1,19 +1,28 @@
 package bastion
 
 import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"log"
+	"os/exec"
 	"sort"
+	"strings"
 	"time"
 
 	"moul.io/sshportal/pkg/dbmodels"
 )
 
+// ACLHookTimeout is timeout for external ACL hook execution
+const ACLHookTimeout = 2 * time.Second
+
 type byWeight []*dbmodels.ACL
 
 func (a byWeight) Len() int           { return len(a) }
 func (a byWeight) Swap(i, j int)      { a[i], a[j] = a[j], a[i] }
 func (a byWeight) Less(i, j int) bool { return a[i].Weight < a[j].Weight }
 
-func checkACLs(user dbmodels.User, host dbmodels.Host) string {
+func checkACLs(user dbmodels.User, host dbmodels.Host, aclCheckCmd string) string {
 	currentTime := time.Now()
 
 	// shared ACLs between user and host
@@ -34,9 +43,13 @@ func checkACLs(user dbmodels.User, host dbmodels.Host) string {
 	}
 	// FIXME: add ACLs that match host pattern
 
-	// deny by default if no shared ACL
+	// if no shared ACL then execute ACLs hook if it exists and return its result
 	if len(aclMap) == 0 {
-		return string(dbmodels.ACLActionDeny) // default action
+		action, err := checkACLsHook(aclCheckCmd, string(dbmodels.ACLActionDeny), user, host)
+		if err != nil {
+			log.Println(err)
+		}
+		return action
 	}
 
 	// transform map to slice and sort it
@@ -46,5 +59,62 @@ func checkACLs(user dbmodels.User, host dbmodels.Host) string {
 	}
 	sort.Sort(byWeight(acls))
 
-	return acls[0].Action
+	action, err := checkACLsHook(aclCheckCmd, acls[0].Action, user, host)
+	if err != nil {
+		log.Println(err)
+	}
+
+	return action
+}
+
+// checkACLsHook executes external command to check ACL and passes following parameters:
+// $1 - SSH Portal `action` (`allow` or `deny`)
+// $2 - User as JSON string
+// $3 - Host as JSON string
+// External program has to return `allow` or `deny` in stdout.
+// In case of any error function returns `action`.
+func checkACLsHook(aclCheckCmd string, action string, user dbmodels.User, host dbmodels.Host) (string, error) {
+	if aclCheckCmd == "" {
+		return action, nil
+	}
+
+	ctx, cancel := context.WithTimeout(context.Background(), ACLHookTimeout)
+	defer cancel()
+
+	jsonUser, err := json.Marshal(user)
+	if err != nil {
+		return action, err
+	}
+
+	jsonHost, err := json.Marshal(host)
+	if err != nil {
+		return action, err
+	}
+
+	args := []string{
+		action,
+		string(jsonUser),
+		string(jsonHost),
+	}
+
+	cmd := exec.CommandContext(ctx, aclCheckCmd, args...)
+	out, err := cmd.Output()
+	if err != nil {
+		return action, err
+	}
+
+	if ctx.Err() == context.DeadlineExceeded {
+		return action, fmt.Errorf("external ACL hook command timed out")
+	}
+
+	outStr := strings.TrimSuffix(string(out), "\n")
+
+	switch outStr {
+	case string(dbmodels.ACLActionAllow):
+		return string(dbmodels.ACLActionAllow), nil
+	case string(dbmodels.ACLActionDeny):
+		return string(dbmodels.ACLActionDeny), nil
+	default:
+		return action, fmt.Errorf("acl-check-cmd wrong output '%s'", outStr)
+	}
 }

pkg/bastion/acl_test.go

@@ -43,7 +43,7 @@ func TestCheckACLs(t *testing.T) {
 		db.Preload("Groups").Preload("Groups.ACLs").Find(&users)
 
 		// test
-		action := checkACLs(users[0], hosts[0])
+		action := checkACLs(users[0], hosts[0], "")
 		c.So(action, ShouldEqual, dbmodels.ACLActionAllow)
 	})
 }

pkg/bastion/shell.go

@@ -22,9 +22,10 @@ import (
 	"github.com/olekukonko/tablewriter"
 	"github.com/urfave/cli"
 	gossh "golang.org/x/crypto/ssh"
-	"golang.org/x/crypto/ssh/terminal"
+	"golang.org/x/crypto/ssh/terminal" // nolint:staticcheck
 	"moul.io/sshportal/pkg/crypto"
 	"moul.io/sshportal/pkg/dbmodels"
+	"moul.io/sshportal/pkg/utils"
 )
 
 var banner = `
@@ -511,7 +512,6 @@ GLOBAL OPTIONS:
 							"host_groups",
 							"host_host_groups",
 							"hosts",
-							//"migrations",
 							"sessions",
 							"settings",
 							"ssh_keys",
@@ -522,6 +522,7 @@ GLOBAL OPTIONS:
 							"user_user_groups",
 							"user_user_roles",
 							"users",
+							// "migrations",
 						}
 						for _, tableName := range tableNames {
 							/* #nosec */
@@ -1459,7 +1460,6 @@ GLOBAL OPTIONS:
 								key.Name,
 								key.Type,
 								fmt.Sprintf("%d", key.Length),
-								//key.Fingerprint,
 								fmt.Sprintf("%d", len(key.Hosts)),
 								humanize.Time(key.UpdatedAt),
 								humanize.Time(key.CreatedAt),
@@ -1624,9 +1624,11 @@ GLOBAL OPTIONS:
 							return err
 						}
 
-						// FIXME: validate email
-
 						email := c.Args().First()
+						valid := utils.ValidateEmail(email)
+						if !valid {
+							return errors.New("invalid email")
+						}
 						name := strings.Split(email, "@")[0]
 						if c.String("name") != "" {
 							name = c.String("name")
@@ -2338,7 +2340,7 @@ GLOBAL OPTIONS:
 					if cliErr.ExitCode() != 0 {
 						fmt.Fprintf(s, "error: %v\n", err)
 					}
-					//s.Exit(cliErr.ExitCode())
+					// s.Exit(cliErr.ExitCode())
 				} else {
 					fmt.Fprintf(s, "error: %v\n", err)
 				}

pkg/bastion/ssh.go

@@ -28,6 +28,7 @@ type authContext struct {
 	db              *gorm.DB
 	userKey         dbmodels.UserKey
 	logsLocation    string
+	aclCheckCmd     string
 	aesKey          string
 	dbDriver, dbURL string
 	bindAddr        string
@@ -206,7 +207,7 @@ func bastionClientConfig(ctx ssh.Context, host *dbmodels.Host) (*gossh.ClientCon
 		return nil, err
 	}
 
-	action := checkACLs(tmpUser, tmpHost)
+	action := checkACLs(tmpUser, tmpHost, actx.aclCheckCmd)
 	switch action {
 	case string(dbmodels.ACLActionAllow):
 		// do nothing
@@ -251,12 +252,13 @@ func ShellHandler(s ssh.Session, version, gitSha, gitTag string) {
 	panic("should not happen")
 }
 
-func PasswordAuthHandler(db *gorm.DB, logsLocation, aesKey, dbDriver, dbURL, bindAddr string, demo bool) ssh.PasswordHandler {
+func PasswordAuthHandler(db *gorm.DB, logsLocation, aclCheckCmd, aesKey, dbDriver, dbURL, bindAddr string, demo bool) ssh.PasswordHandler {
 	return func(ctx ssh.Context, pass string) bool {
 		actx := &authContext{
 			db:            db,
 			inputUsername: ctx.User(),
 			logsLocation:  logsLocation,
+			aclCheckCmd:   aclCheckCmd,
 			aesKey:        aesKey,
 			dbDriver:      dbDriver,
 			dbURL:         dbURL,
@@ -287,12 +289,13 @@ func PrivateKeyFromDB(db *gorm.DB, aesKey string) func(*ssh.Server) error {
 	}
 }
 
-func PublicKeyAuthHandler(db *gorm.DB, logsLocation, aesKey, dbDriver, dbURL, bindAddr string, demo bool) ssh.PublicKeyHandler {
+func PublicKeyAuthHandler(db *gorm.DB, logsLocation, aclCheckCmd, aesKey, dbDriver, dbURL, bindAddr string, demo bool) ssh.PublicKeyHandler {
 	return func(ctx ssh.Context, key ssh.PublicKey) bool {
 		actx := &authContext{
 			db:            db,
 			inputUsername: ctx.User(),
 			logsLocation:  logsLocation,
+			aclCheckCmd:   aclCheckCmd,
 			aesKey:        aesKey,
 			dbDriver:      dbDriver,
 			dbURL:         dbURL,

pkg/bastion/telnet.go

@@ -79,7 +79,7 @@ func scannerSplitFunc(data []byte, atEOF bool) (advance int, token []byte, err e
 func telnetHandler(host *dbmodels.Host) ssh.Handler {
 	return func(s ssh.Session) {
 		// FIXME: log session in db
-		//actx := s.Context().Value(authContextKey).(*authContext)
+		// actx := s.Context().Value(authContextKey).(*authContext)
 		caller := bastionTelnetCaller{ssh: s}
 		if err := telnet.DialToAndCall(host.DialAddr(), caller); err != nil {
 			fmt.Fprintf(s, "error: %v", err)

pkg/dbmodels/dbmodels.go

@@ -410,9 +410,6 @@ func UserKeysByUserID(db *gorm.DB, identifiers []string) *gorm.DB {
 
 // UserRole helpers
 
-//func UserRolesPreload(db *gorm.DB) *gorm.DB {
-//	return db.Preload("Users")
-//}
 func UserRolesByIdentifiers(db *gorm.DB, identifiers []string) *gorm.DB {
 	return GenericNameOrID(db, identifiers)
 }
@@ -461,7 +458,6 @@ func (e *Event) Log(db *gorm.DB) {
 }
 
 func (e *Event) SetAuthor(user *User) *Event {
-	//e.Author = user
 	e.AuthorID = user.ID
 	return e
 }

pkg/utils/emailvalidator.go

@@ -0,0 +1,13 @@
+package utils
+
+import "regexp"
+
+var emailRegex = regexp.MustCompile("^[a-zA-Z0-9.!#$%&'*+\\/=?^_`{|}~-]+@[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?(?:\\.[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)*$")
+
+// ValidateEmail validates email.
+func ValidateEmail(e string) bool {
+	if len(e) < 3 || len(e) > 254 {
+		return false
+	}
+	return emailRegex.MatchString(e)
+}

pkg/utils/emailvalidator_test.go

@@ -0,0 +1,30 @@
+package utils_test
+
+import (
+	"testing"
+
+	"moul.io/sshportal/pkg/utils"
+)
+
+func TestValidateEmail(t *testing.T) {
+	tests := []struct {
+		input    string
+		expected bool
+	}{
+		{"goodemail@email.com", true},
+		{"b@2323.22", true},
+		{"b@2322.", false},
+		{"", false},
+		{"blah", false},
+		{"blah.com", false},
+	}
+
+	for _, test := range tests {
+		t.Run(test.input, func(t *testing.T) {
+			got := utils.ValidateEmail(test.input)
+			if got != test.expected {
+				t.Errorf("expected %v, got %v", test.expected, got)
+			}
+		})
+	}
+}

rules.mk

@@ -113,13 +113,13 @@ ifeq ($(CI),true)
 	@echo "mode: atomic" > /tmp/gocoverage
 	@rm -f $(GOTESTJSON_FILE)
 	@set -e; for dir in $(GOMOD_DIRS); do (set -e; (set -euf pipefail; \
-	    cd $$dir; \
-	    (($(GO) test ./... $(GO_TEST_OPTS) -cover -coverprofile=/tmp/profile.out -covermode=atomic -race -json && touch $@.ok) | tee -a $(GOTESTJSON_FILE) 3>&1 1>&2 2>&3 | tee -a $(GOBUILDLOG_FILE); \
+		cd $$dir; \
+		(($(GO) test ./... $(GO_TEST_OPTS) -cover -coverprofile=/tmp/profile.out -covermode=atomic -race -json && touch $@.ok) | tee -a $(GOTESTJSON_FILE) 3>&1 1>&2 2>&3 | tee -a $(GOBUILDLOG_FILE); \
 	  ); \
 	  rm $@.ok 2>/dev/null || exit 1; \
 	  if [ -f /tmp/profile.out ]; then \
-	    cat /tmp/profile.out | sed "/mode: atomic/d" >> /tmp/gocoverage; \
-	    rm -f /tmp/profile.out; \
+		cat /tmp/profile.out | sed "/mode: atomic/d" >> /tmp/gocoverage; \
+		rm -f /tmp/profile.out; \
 	  fi)); done
 	@mv /tmp/gocoverage $(GOCOVERAGE_FILE)
 else
@@ -128,8 +128,8 @@ else
 	  cd $$dir; \
 	  $(GO) test ./... $(GO_TEST_OPTS) -cover -coverprofile=/tmp/profile.out -covermode=atomic -race); \
 	  if [ -f /tmp/profile.out ]; then \
-	    cat /tmp/profile.out | sed "/mode: atomic/d" >> /tmp/gocoverage; \
-	    rm -f /tmp/profile.out; \
+		cat /tmp/profile.out | sed "/mode: atomic/d" >> /tmp/gocoverage; \
+		rm -f /tmp/profile.out; \
 	  fi); done
 	@mv /tmp/gocoverage $(GOCOVERAGE_FILE)
 endif
@@ -193,7 +193,7 @@ go.bumpdeps:
 	  $(GO)	get -u ./...; \
 	); done
 
-.PHONY: go.bump-deps
+.PHONY: go.fmt
 go.fmt:
 	@set -e; for dir in $(GOMOD_DIRS); do ( set -xe; \
 	  cd $$dir; \
@@ -243,8 +243,8 @@ npm.publish:
 	@echo -n "Do you want to npm publish? [y/N] " && read ans && \
 	@if [ $${ans:-N} = y ]; then \
 	  set -e; for dir in $(NPM_PACKAGES); do ( set -xe; \
-	    cd $$dir; \
-	    npm publish --access=public; \
+		cd $$dir; \
+		npm publish --access=public; \
 	  ); done; \
 	fi
 RELEASE_STEPS += npm.publish
@@ -254,7 +254,7 @@ endif
 ## Docker
 ##
 
-docker_build = 	docker build \
+docker_build =	docker build \
 	  --build-arg VCS_REF=`git rev-parse --short HEAD` \
 	  --build-arg BUILD_DATE=`date -u +"%Y-%m-%dT%H:%M:%SZ"` \
 	  --build-arg VERSION=`git describe --tags --always` \

server.go

@@ -22,6 +22,7 @@ type serverConfig struct {
 	bindAddr        string
 	debug, demo     bool
 	idleTimeout     time.Duration
+	aclCheckCmd     string
 }
 
 func parseServerConfig(c *cli.Context) (*serverConfig, error) {
@@ -34,6 +35,7 @@ func parseServerConfig(c *cli.Context) (*serverConfig, error) {
 		demo:         c.Bool("demo"),
 		logsLocation: c.String("logs-location"),
 		idleTimeout:  c.Duration("idle-timeout"),
+		aclCheckCmd:  c.String("acl-check-cmd"),
 	}
 	switch len(ret.aesKey) {
 	case 0, 16, 24, 32:
@@ -59,7 +61,7 @@ func ensureLogDirectory(location string) error {
 }
 
 func server(c *serverConfig) (err error) {
-	var db = (*gorm.DB)(nil)
+	var db *gorm.DB
 
 	// try to setup the local DB
 	if db, err = gorm.Open(c.dbDriver, c.dbURL); err != nil {
@@ -119,8 +121,8 @@ func server(c *serverConfig) (err error) {
 
 	for _, opt := range []ssh.Option{
 		// custom PublicKeyAuth handler
-		ssh.PublicKeyAuth(bastion.PublicKeyAuthHandler(db, c.logsLocation, c.aesKey, c.dbDriver, c.dbURL, c.bindAddr, c.demo)),
-		ssh.PasswordAuth(bastion.PasswordAuthHandler(db, c.logsLocation, c.aesKey, c.dbDriver, c.dbURL, c.bindAddr, c.demo)),
+		ssh.PublicKeyAuth(bastion.PublicKeyAuthHandler(db, c.logsLocation, c.aclCheckCmd, c.aesKey, c.dbDriver, c.dbURL, c.bindAddr, c.demo)),
+		ssh.PasswordAuth(bastion.PasswordAuthHandler(db, c.logsLocation, c.aclCheckCmd, c.aesKey, c.dbDriver, c.dbURL, c.bindAddr, c.demo)),
 		// retrieve sshportal SSH private key from database
 		bastion.PrivateKeyFromDB(db, c.aesKey),
 	} {

testserver.go

@@ -60,7 +60,7 @@ func testServer(c *cli.Context) error {
 			_, _ = io.Copy(s, f) // #nosec
 			cmdErr = cmd.Wait()
 		} else {
-			//cmd.Stdin = s
+			// cmd.Stdin = s
 			cmd.Stdout = s
 			cmd.Stderr = s
 			cmdErr = cmd.Run()