Private chat

Admin's Manual.md

@@ -130,3 +130,20 @@ There are 4 environment variables you can set to quickly disable integrations on
 * `DEVZAT_OFFLINE_SLACK=true` will disable Slack
 * `DEVZAT_OFFLINE_RPC=true` will disable the gRPC server
 * `DEVZAT_OFFLINE=true` will disable all integrations.
+
+### Making a private chat
+
+Devzat have been made to be a public chat-room. But if you want, you can use it as a private, invite-only chat-room. To do so, you should add the following lines in the configuration file:
+
+```yaml
+private: true # Enables the Whitelist checking
+whitelist: 
+  272b326d7d5e9a6b1d98a10b453bdc8cc950fc15cae2c2e858e30645c72ae7c0: 'John Doe' # One entry for each person allowed to log in
+  ...
+```
+
+The `whitelist` entry is a map similar to the `admins` map. The keys are the ID of the allowed user and the value are a string whose content is not used.
+
+If someone is in the `admins` list, it is assumed that they are allowed. They, they would not be rejected from a private server even if their ID is not in the `whitelist` list. 
+If everyone on the private server is an admin, you don't need to have a `whitelist` list as all the ID are already in the `admin` list.
+

config.go

@@ -16,6 +16,8 @@ type ConfigType struct {
 	KeyFile     string            `yaml:"key_file"`
 	Admins      map[string]string `yaml:"admins"`
 	Censor      bool              `yaml:"censor,omitempty"`
+	Private     bool              `yaml:"private,omitempty"`
+	WhiteList   map[string]string `yaml:"whitelist"`
 
 	IntegrationConfig string `yaml:"integration_config"`
 }
@@ -62,6 +64,7 @@ var (
 		DataDir:     "devzat-data",
 		KeyFile:     "devzat-sshkey",
 		Censor:      false,
+		Private:     false,
 
 		IntegrationConfig: "",
 	}

main.go

@@ -170,13 +170,15 @@ func main() {
 
 	fmt.Printf("Starting chat server on port %d and profiling on port %d\n", Config.Port, Config.ProfilePort)
 	go getMsgsFromSlack()
-	go func() {
-		fmt.Println("Also starting chat server on port", Config.AltPort)
-		err := ssh.ListenAndServe(fmt.Sprintf(":%d", Config.AltPort), nil, ssh.HostKeyFile(Config.KeyFile))
-		if err != nil {
-			fmt.Println(err)
-		}
-	}()
+	if !Config.Private {
+		go func() {
+			fmt.Println("Also starting chat server on port", Config.AltPort)
+			err := ssh.ListenAndServe(fmt.Sprintf(":%d", Config.AltPort), nil, ssh.HostKeyFile(Config.KeyFile))
+			if err != nil {
+				fmt.Println(err)
+			}
+		}()
+	}
 	err = ssh.ListenAndServe(fmt.Sprintf(":%d", Config.Port), nil, ssh.HostKeyFile(Config.KeyFile),
 		ssh.PublicKeyAuth(func(ctx ssh.Context, key ssh.PublicKey) bool {
 			return true // allow all keys, this lets us hash pubkeys later
@@ -321,6 +323,18 @@ func newUser(s ssh.Session) *User {
 		u.closeQuietly()
 		return nil
 	}
+
+	if Config.Private {
+		_, okWhitelist := Config.WhiteList[u.id]
+		_, okAdmin := Config.Admins[u.id]
+		if !okAdmin && !okWhitelist {
+			fmt.Println("Refusing user with ID ", u.id)
+			u.writeln(Devbot, "You are not allowed to log into this private server. If this is a mistake, send your id ("+u.id+") to the admin so that they can whitelist you.")
+			u.closeQuietly()
+			return nil
+		}
+	}
+
 	IDsInMinToTimes[u.id]++
 	time.AfterFunc(60*time.Second, func() {
 		IDsInMinToTimes[u.id]--
@@ -354,15 +368,17 @@ func newUser(s ssh.Session) *User {
 		Log.Println("Could not load user:", err)
 	}
 
-	if len(Backlog) > 0 {
-		lastStamp := Backlog[0].timestamp
-		u.rWriteln(fmtTime(u, lastStamp))
-		for i := range Backlog {
-			if Backlog[i].timestamp.Sub(lastStamp) > time.Minute {
-				lastStamp = Backlog[i].timestamp
-				u.rWriteln(fmtTime(u, lastStamp))
+	if !Config.Private {
+		if len(Backlog) > 0 {
+			lastStamp := Backlog[0].timestamp
+			u.rWriteln(fmtTime(u, lastStamp))
+			for i := range Backlog {
+				if Backlog[i].timestamp.Sub(lastStamp) > time.Minute {
+					lastStamp = Backlog[i].timestamp
+					u.rWriteln(fmtTime(u, lastStamp))
+				}
+				u.writeln(Backlog[i].senderName, Backlog[i].text)
 			}
-			u.writeln(Backlog[i].senderName, Backlog[i].text)
 		}
 	}