From b837fd6d33b9a781bc3b4cfea096e5bfedd97e8c Mon Sep 17 00:00:00 2001
From: Samuel Fadel <samuel@nihil.ws>
Date: Mon, 9 Oct 2023 10:46:33 +0200
Subject: Added git-credential-read-only.

New tool to be used as credential helper for https-only repositories.
---
 bin/git-credential-read-only | 42 ++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 42 insertions(+)
 create mode 100755 bin/git-credential-read-only

(limited to 'bin/git-credential-read-only')

diff --git a/bin/git-credential-read-only b/bin/git-credential-read-only
new file mode 100755
index 0000000..e47259b
--- /dev/null
+++ b/bin/git-credential-read-only
@@ -0,0 +1,42 @@
+#!/bin/sh
+#
+# Reads STDIN ensuring protocol=https (if present) and then until the
+# line host=<HOST> is found. Finally, uses <HOST> to look through
+# login info to then output credentials for git.
+
+LOGINS_DB=$HOME/.config/logins.db.asc
+
+# We only support get as the first argument
+if [ $1 != "get" ]; then
+    exit 1
+fi
+
+# Read input to figure out which host/domain we want to read
+# credentials from
+export LESSPASS_MASTER_PASSWORD=`pass lesspass`
+SELECTION=
+while read input; do
+    key=`echo $input | cut -f 1 -d '='`
+    value=`echo $input | cut -f 2 -d '='`
+    if [ $key == 'protocol' ] && [ $value != 'https' ]; then
+        exit 1
+    fi
+    if [ $key == 'host' ]; then
+        SELECTION=`gpg --decrypt $LOGINS_DB 2>/dev/null | grep $value`
+        break
+    fi
+done
+
+if [ -z "${SELECTION}" ]; then
+    exit 1
+fi
+
+DOMAIN=`echo $SELECTION | cut -f 1 -d ' '`
+USERNAME=`echo $SELECTION | cut -f 2 -d ' '`
+OPTIONS=`echo $SELECTION | cut -f 1,2 -d ' ' --complement`
+
+# Output credentials in the format git expects
+echo protocol=https
+echo host=$DOMAIN
+echo username=$USERNAME
+echo password=`lpass $DOMAIN $USERNAME $OPTIONS`
-- 
cgit v1.2.3