From d686edef9d48d31c21c02717ace99d784ea28390 Mon Sep 17 00:00:00 2001
From: Kevin Baensch <kb@ujamii.com>
Date: Fri, 11 Nov 2022 22:29:26 +0100
Subject: [PATCH] Add automation scripts.

---
 docker-compose.yml     |  1 +
 etc/ssh/sshd_config    |  1 -
 script/myssh           | 99 ++++++++++++++++++++++++++++++++++++++++++
 script/sqlproxy_cli.sh | 18 ++++++++
 sqlproxy_setup.sh      |  6 +--
 5 files changed, 121 insertions(+), 4 deletions(-)
 create mode 100755 script/myssh
 create mode 100755 script/sqlproxy_cli.sh

diff --git a/docker-compose.yml b/docker-compose.yml
index 4db19b5..7ef3b3f 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -20,6 +20,7 @@ services:
       - /var/run/docker.sock:/tmp/docker.sock:ro
       - ./script/hostman.sh:/hostman.sh:ro
       - ./script/sqlproxy.sh:/sqlproxy.sh:ro
+      - ./script/sqlproxy_cli.sh:/sqlproxy_cli.sh:ro
     environment:
       DISABLE_KEYGEN: true
       DISABLE_CONFIG_GEN: true
diff --git a/etc/ssh/sshd_config b/etc/ssh/sshd_config
index 9b8afcd..19b2163 100644
--- a/etc/ssh/sshd_config
+++ b/etc/ssh/sshd_config
@@ -8,6 +8,5 @@ AllowTcpForwarding yes
 PermitOpen any
 
 PidFile /config/sshd.pid
-Subsystem	sftp	/usr/lib/ssh/sftp-server -u 022
 
 AllowUsers sqlproxy
diff --git a/script/myssh b/script/myssh
new file mode 100755
index 0000000..9db3322
--- /dev/null
+++ b/script/myssh
@@ -0,0 +1,99 @@
+#!/usr/bin/env bash
+
+[ -z $SQL_PROXY_HOST ] && SQL_PROXY_HOST="localhost"
+CACHE_FILE="$HOME/.cache/sqlproxy_$SQL_PROXY_HOST"
+
+HELP="Usage: myssh [ls|connect]
+SUBCOMMANDS:
+  ls: list available database hosts
+  connect: connect to a database host
+
+SYNTAX connect host [-u user] [-p password] [-c client]
+"
+
+ls() {
+    echo $(ssh $SQL_PROXY_HOST ls)
+}
+
+read_cache() {
+    if [ -f $CACHE_FILE ]
+    then
+        mapfile -t HOST_LIST < $CACHE_FILE
+        LAST_CHANGED=$(expr $(date +"%s") - "${HOST_LIST[0]}")
+        # Refresh cache if cache is older than a minute
+        if [ $LAST_CHANGED -gt 60 ]
+        then
+            write_cache $(ls)
+            read_cache
+        fi
+    else
+        write_cache $(ls)
+        read_cache
+    fi
+}
+
+write_cache() {
+    touch $CACHE_FILE
+    echo -e $(date +"%s")"\n"$1 > $CACHE_FILE
+}
+
+run_client() {
+    # wait for port to open
+    while ! nc -z localhost 3306 > /dev/null
+    do
+        sleep 0.1
+    done
+
+    if [ $(uname -s) = "Linux" ]
+    then
+        mysql --protocol=TCP -u $1 -p$2 -h localhost -P 3306
+    else
+        open "mysql://$1:$2@localhost:3306" -a "Sequel Ace"
+    fi
+}
+
+MAIN_OPTION=$1
+shift
+
+case $MAIN_OPTION in
+    ls)
+        RESPONSE=$(ls)
+        write_cache $RESPONSE
+        echo $RESPONSE;;
+    connect)
+        # Kill open connections on exit
+        # https://stackoverflow.com/questions/360201/how-do-i-kill-background-processes-jobs-when-my-shell-script-exits
+        trap "trap - SIGTERM && kill -- -$$" SIGINT SIGTERM EXIT
+
+        # check/update cache
+        read_cache
+
+        # check if host is valid
+        TARGET_HOST=$1
+        shift
+        tail -n +2 $CACHE_FILE | grep -qe "^$TARGET_HOST$"
+        GREP_EXIT_CODE=$?
+        if [ $GREP_EXIT_CODE -eq 0 ]
+        then
+            while getopts "u:p:" o
+            do
+                case "$o" in
+                    u) MYSQL_USERNAME="$OPTARG" ;;
+                    p) MYSQL_PASSWORD="$OPTARG" ;;
+                esac
+            done
+            ssh -L 3306:$TARGET_HOST:3306 $SQL_PROXY_HOST > /dev/null 2>&1 &
+            if [ ! -z $MYSQL_USERNAME ] && [ ! -z $MYSQL_PASSWORD ]
+            then
+                run_client $MYSQL_USERNAME $MYSQL_PASSWORD
+            else
+                echo 'Press CTRL C to quit this connection'
+                wait
+            fi
+        else
+            echo "Invalid Hostname: $2."
+        fi
+        ;;
+    *)
+        echo -e "Usage: myssh [ls|connect]\n\n";;
+esac
diff --git a/script/sqlproxy_cli.sh b/script/sqlproxy_cli.sh
new file mode 100755
index 0000000..a27b673
--- /dev/null
+++ b/script/sqlproxy_cli.sh
@@ -0,0 +1,18 @@
+#!/usr/bin/env sh
+
+ls_hosts() {
+    # the containers version of grep does not support perl regex so "[^ ]*(?= # Added by hostman)" does not work
+    echo $(grep -e "# Added by hostman" /etc/hosts | grep -oe "^[^ ]* [^ ]*" | grep -oe "[^ ]*$")
+}
+
+idle() {
+    echo "Press CTRL C to quit this connection"
+    sleep infinity
+}
+
+if [ -z $SSH_ORIGINAL_COMMAND ]
+then
+    idle
+else
+    ls_hosts
+fi
diff --git a/sqlproxy_setup.sh b/sqlproxy_setup.sh
index 9bdd492..5923f83 100755
--- a/sqlproxy_setup.sh
+++ b/sqlproxy_setup.sh
@@ -9,10 +9,10 @@ case $GEN_KEYS in
     [yY]*)
         mkdir -p ~/.ssh
         read -r -p "Key Name (should not already exist in ~/.ssh): " KEY_NAME
-        ssh-keygen -t ed25519 -f ~/.ssh/$KEY_NAME.key
+        ssh-keygen -t ed25519 -f ~/.ssh/$KEY_NAME.key -C "$(date --iso-8601)_$(whoami)@$HOST"
         read -r -p "Target Host: " HOST_NAME
         echo -ne "\n\nHost $HOST_NAME\n  User sqlproxy\n  IdentityFile ~/.ssh/$KEY_NAME.key" >> ~/.ssh/config
-        cat ~/.ssh/$KEY_NAME.key.pub >> ./etc/ssh/.ssh/authorized_keys
+        echo -e command=\"/sqlproxy_cli.sh\" $(cat ~/.ssh/$KEY_NAME.key.pub) >> ./etc/ssh/.ssh/authorized_keys
         break;;
-       *) echo "Not generating client ssh key.\nPlease put your desired public keys into ./etc/ssh/.ssh/authorized_keys";;
+       *) echo "Not generating client ssh key.\nPlease put your desired public keys into ./etc/ssh/.ssh/authorized_keys\nAlso add 'command=\"/sqlproxy_cli.sh\" ' in front of your key";;
 esac