scripts/backtunnel-authorize

#!/usr/bin/env bash
# SPDX-License-Identifier: GPL-3.0-or-later
# Copyright (c) 2025 LUXIM d.o.o., Slovenia
# Author: Matjaž Mozetič
#
# Name: backtunnel-authorize
# Summary: Register a named public key for later use by other tools (e.g., to grant temporary access).
# Description:
#   Copies a provided OpenSSH public key file into the per-user BackTunnel authorized store
#   under a chosen name. Other scripts can later reference this key by --allow-known <name>.
#
# Usage:
#   backtunnel-authorize <name> <pubkey-file>
#
# Examples:
#   backtunnel-authorize alice ~/.ssh/alice_ed25519.pub
#
# Dependencies:
#   - bash
#   - install (coreutils or compatible)
#
# Exit codes:
#   0  success
#   1  invalid usage or file not found
#
# Notes:
#   - Keys are stored at: ${XDG_CONFIG_HOME:-$HOME/.config}/backtunnel/authorized/<name>.pub
#   - Existing file with the same name will be overwritten (install default behavior).

set -euo pipefail  # Fail on error, undefined vars, and pipeline errors

# ---- Parse & validate arguments ----
name="${1:-}"
file="${2:-}"
[[ -n "$name" && -n "$file" && -f "$file" ]] || { echo "Usage: backtunnel-authorize <name> <pubkey-file>"; exit 1; }

# ---- Destination directory (XDG-compliant) ----
dir="${XDG_CONFIG_HOME:-$HOME/.config}/backtunnel/authorized"
mkdir -p "$dir"  # Ensure the store exists

# ---- Install the key with sane permissions (rw-r--r--) ----
install -m 644 "$file" "$dir/$name.pub"

# ---- Confirmation ----
echo "Saved: $dir/$name.pub"
Add accessor key authorization and enhance completion logic Introduce `backtunnel-authorize` for managing restricted SFTP-only keys, and update `backtunnel-share` to support temporary accessor key authorization via `--allow-key` and `--allow-known`. Extend bash completion with profile, accessor, and SSH host suggestions. Revamp README sections to include updated workflows, quick starts, and key management details. 2025-09-20 17:17:26 +02:00			`#!/usr/bin/env bash`
Add comprehensive inline metadata documentation to all BackTunnel scripts 2025-09-21 09:45:43 +02:00			`# SPDX-License-Identifier: GPL-3.0-or-later`
			`# Copyright (c) 2025 LUXIM d.o.o., Slovenia`
			`# Author: Matjaž Mozetič`
			`#`
			`# Name: backtunnel-authorize`
			`# Summary: Register a named public key for later use by other tools (e.g., to grant temporary access).`
			`# Description:`
			`# Copies a provided OpenSSH public key file into the per-user BackTunnel authorized store`
			`# under a chosen name. Other scripts can later reference this key by --allow-known <name>.`
			`#`
			`# Usage:`
			`# backtunnel-authorize <name> <pubkey-file>`
			`#`
			`# Examples:`
			`# backtunnel-authorize alice ~/.ssh/alice_ed25519.pub`
			`#`
			`# Dependencies:`
			`# - bash`
			`# - install (coreutils or compatible)`
			`#`
			`# Exit codes:`
			`# 0 success`
			`# 1 invalid usage or file not found`
			`#`
			`# Notes:`
			`# - Keys are stored at: ${XDG_CONFIG_HOME:-$HOME/.config}/backtunnel/authorized/<name>.pub`
			`# - Existing file with the same name will be overwritten (install default behavior).`

			`set -euo pipefail # Fail on error, undefined vars, and pipeline errors`

			`# ---- Parse & validate arguments ----`
Add accessor key authorization and enhance completion logic Introduce `backtunnel-authorize` for managing restricted SFTP-only keys, and update `backtunnel-share` to support temporary accessor key authorization via `--allow-key` and `--allow-known`. Extend bash completion with profile, accessor, and SSH host suggestions. Revamp README sections to include updated workflows, quick starts, and key management details. 2025-09-20 17:17:26 +02:00			`name="${1:-}"`
			`file="${2:-}"`
			`[[ -n "$name" && -n "$file" && -f "$file" ]] \|\| { echo "Usage: backtunnel-authorize <name> <pubkey-file>"; exit 1; }`
Add comprehensive inline metadata documentation to all BackTunnel scripts 2025-09-21 09:45:43 +02:00
			`# ---- Destination directory (XDG-compliant) ----`
Add accessor key authorization and enhance completion logic Introduce `backtunnel-authorize` for managing restricted SFTP-only keys, and update `backtunnel-share` to support temporary accessor key authorization via `--allow-key` and `--allow-known`. Extend bash completion with profile, accessor, and SSH host suggestions. Revamp README sections to include updated workflows, quick starts, and key management details. 2025-09-20 17:17:26 +02:00			`dir="${XDG_CONFIG_HOME:-$HOME/.config}/backtunnel/authorized"`
Add comprehensive inline metadata documentation to all BackTunnel scripts 2025-09-21 09:45:43 +02:00			`mkdir -p "$dir" # Ensure the store exists`

			`# ---- Install the key with sane permissions (rw-r--r--) ----`
Add accessor key authorization and enhance completion logic Introduce `backtunnel-authorize` for managing restricted SFTP-only keys, and update `backtunnel-share` to support temporary accessor key authorization via `--allow-key` and `--allow-known`. Extend bash completion with profile, accessor, and SSH host suggestions. Revamp README sections to include updated workflows, quick starts, and key management details. 2025-09-20 17:17:26 +02:00			`install -m 644 "$file" "$dir/$name.pub"`
Add comprehensive inline metadata documentation to all BackTunnel scripts 2025-09-21 09:45:43 +02:00
			`# ---- Confirmation ----`
Add accessor key authorization and enhance completion logic Introduce `backtunnel-authorize` for managing restricted SFTP-only keys, and update `backtunnel-share` to support temporary accessor key authorization via `--allow-key` and `--allow-known`. Extend bash completion with profile, accessor, and SSH host suggestions. Revamp README sections to include updated workflows, quick starts, and key management details. 2025-09-20 17:17:26 +02:00			`echo "Saved: $dir/$name.pub"`