Unify login-push.bash logic

0xDA221E / Login-push

Sends an alert through the mobile push notification APIs like Pushover when someone logs into your Linux box. SSHd, physical terminal or even sudo, all of them trigger notifications.

GNU General Public License v3.0

3 stars 1 forks source link

Unify login-push.bash logic #5

Open 0xDA221E opened 8 years ago

0xDA221E commented 8 years ago

All the logic should be in a single file to avoid code duplication, and maybe source from that file other bash files to perform different push notifications.

jmaris commented 8 years ago

Maybe we should have a single installer file that "Generates" the login-push.bash file using Echo, that way there will be no need for SED'ing or modifying files, it'll make things easier but Installer.bash will get messy as hell.

liamjack commented 8 years ago

How about generating one configuration file on installation that sets global variables like:

NOTIFICATION_METHOD="pushover"
PUSHOVER_TOKEN="8a7...83df"
PUSHOVER_SECRET="ad5...e49"

Then on login, source login-push-configuration.bash, source login-push-$NOTIFICATION_METHOD.bash and notify()

0xDA221E commented 8 years ago

Variable names are unique for each push protocol anyways (user and app tokens, etc). Would Cuonic's proposal allow for multiple push methods to be used? For example, upon login I want Pushover to alert my team and also my Telegram bot to alert me exclusively.

0xDA221E commented 8 years ago

This is what I think:

# common logic, such as the Ctrl+C trap or checking if $PAM_RUSER is set, and set it to [unknown] if not
[...]
source login-push-pushover.bash
source login-push-telegram.bash
source login-push-pushbullet.bash

Each source line is added by the installer as per user request, and the user can enable protocols as desired. This way, the process is trapped and the variables are set, but the code is a bit easier to manage and we remove duplicated code.

The installer should be adding the source file.bash line and installing the correct file in whatever location it needs to.

This also ensures we don't need to touch the pam.d file more than once, and the notifications can be easily disabled for debugging and whatnot.

liamjack commented 8 years ago

The mail "configuration" file could look like this, generated by the installer based on which push services the user chooses.

#!/bin/bash

PUSHOVER_TOKEN="8a7...83df"
PUSHOVER_SECRET="ad5...e49"
TELEGRAM_TOKEN="blabla"
TELEGRAM_SECRET="uhfdusghfuh"

source "login-push-pushover.bash"
source "login-push-telegram.bash"

jmaris commented 8 years ago

This sounds like a good plan

0xDA221E commented 8 years ago

The problem is that the installer, when you want to install an additional service, would have to "read" and sed its way through the file to replace (delete, or paste below or above) all the tokens and shit, while also adding the sources.

I think tokens should reside in each individual file. Then simply source 'em all (or some, or a single file, or none). While the main config file won't be regularly updated (it shouldn't, in fact, be touched, minus the last lines containing all the sources), the other files should be updated when their API changes.

liamjack commented 8 years ago

You could just append each service individually in the file like so:

# Pushover
PUSHOVER_TOKEN="8a7...83df"
PUSHOVER_SECRET="ad5...e49"
source "login-push-pushover.bash"

Then if you want to add another service, the installer can just append to the end of the file:

# Pushover
PUSHOVER_TOKEN="8a7...83df"
PUSHOVER_SECRET="ad5...e49"
source "login-push-pushover.bash"

# Telegram
TELEGRAM_TOKEN="blabla"
TELEGRAM_SECRET="uhfdusghfuh"
source "login-push-telegram.bash"

Then you can also list enabled push services with the comments above each service's section, and remove them with some magic script