Complete sshd package with tests

2025-05-10 08:27:16 +02:00
parent 3719a2611d
commit 4f970a3f71
12 changed files with 472 additions and 103 deletions
--- a/packages/sshecret-sshd/src/sshecret_sshd/settings.py
+++ b/packages/sshecret-sshd/src/sshecret_sshd/settings.py
@ -1,18 +1,48 @@
 """SSH Server settings."""

-from pydantic import AnyHttpUrl, Field, AliasChoices
-from pydantic_settings import BaseSettings, SettingsConfigDict
+import ipaddress
+from typing import Annotated, Any
+from pydantic import AnyHttpUrl, BaseModel, Field, IPvAnyNetwork, field_validator
+from pydantic_settings import BaseSettings, ForceDecode, SettingsConfigDict


 DEFAULT_LISTEN_PORT = 2222

-class ServerSettings(BaseSettings, cli_parse_args=True, cli_exit_on_error=True):
+
+class ClientRegistrationSettings(BaseModel):
+    """Client registration settings."""
+
+    enabled: bool = False
+    allow_from: Annotated[list[IPvAnyNetwork], ForceDecode] = Field(default_factory=list)
+
+    @field_validator('allow_from', mode="before")
+    @classmethod
+    def ensure_allow_from_list(cls, value: Any) -> list[IPvAnyNetwork]:
+        """Convert allow_from to a list."""
+        allow_from: list[IPvAnyNetwork] = []
+        if isinstance(value, list):
+            entries = value
+        elif isinstance(value, str):
+            entries = value.split(",")
+        else:
+            raise ValueError("Error: Unknown format for allowed_from.")
+
+        for entry in entries:
+            if isinstance(entry, str):
+                allow_from.append(ipaddress.ip_network(entry))
+            elif isinstance(entry, (ipaddress.IPv4Network, ipaddress.IPv6Network)):
+                allow_from.append(entry)
+        return allow_from
+
+class ServerSettings(BaseSettings):
    """Server Settings."""

-    model_config = SettingsConfigDict(env_file=".sshd.env", env_prefix="sshecret_sshd_")
+    model_config = SettingsConfigDict(env_file=".sshd.env", env_prefix="sshecret_sshd_", env_nested_delimiter='_')

-    backend_url: AnyHttpUrl = Field(validation_alias=AliasChoices("backend-url", "sshecret_backend_url"))
-    backend_token: str = Field(validation_alias=AliasChoices("backend-token", "sshecret_sshd_backend_token"))
-    listen_address: str = Field(default="", alias="listen")
+    backend_url: AnyHttpUrl = Field(alias="sshecret_backend_url")
+    backend_token: str
+    listen_address: str = Field(default="127.0.0.1")
    port: int = DEFAULT_LISTEN_PORT
+    registration: ClientRegistrationSettings = Field(default_factory=ClientRegistrationSettings)
    debug: bool = False
+    enable_ping_command: bool = False