feat: pull the image from root repo if not available locally

ssh_router.sh

@@ -2,7 +2,7 @@
 
 PERSON="$1"
 WORKSPACE="$SSH_ORIGINAL_COMMAND"
-IMAGE="analytics-backend-workspace" # change to match your setup
+IMAGE="localhost:5100/analytics-backend-workspace:latest"
 TMUX_SESSION="$WORKSPACE|analytics-backend"
 DEV_USER="devuser"
 
@@ -10,11 +10,29 @@ log() {
   echo "[$(date '+%Y-%m-%d %H:%M:%S')] $*"
 }
 
-if [[ ! "$WORKSPACE" =~ ^[a-zA-Z0-9._-]+$ ]]; then
-  log "❌ Invalid container name: $WORKSPACE"
-  exit 1
+# Log access
+log "[SSH] $USER connected with command: $SSH_ORIGINAL_COMMAND" >>/home/infilytics/ssh-router.log
+
+# Check if image exists locally
+if ! podman image exists "$IMAGE"; then
+  log "📦 Image $IMAGE not found locally. Pulling from registry..."
+
+  # Attempt to pull the image from the local registry (insecure HTTP)
+  if ! podman pull --tls-verify=false "$IMAGE"; then
+    log "❌ Failed to pull image from $IMAGE"
+    exit 1
+  fi
+
+  log "✅ Successfully pulled $IMAGE"
 fi
 
+case "$SSH_ORIGINAL_COMMAND" in
+*scp* | *sftp* | *rsync* | *tar*)
+  log "❌ File transfers are disabled"
+  exit 1
+  ;;
+esac
+
 # Function to start the container if not running
 start_container_if_needed() {
   if ! podman container exists "$WORKSPACE"; then
@@ -55,6 +73,18 @@ get_access_mode_and_session() {
   local workspace="$1"
   local person="$2"
 
+  # If workspace is empty, use person's name
+  if [[ -z "$workspace" ]]; then
+    WORKSPACE="$person"
+    echo "access=rw"
+    return 0
+  fi
+
+  if [[ ! "$workspace" =~ ^[a-zA-Z0-9._-]+$ ]]; then
+    log "❌ Invalid container name: $WORKSPACE"
+    exit 1
+  fi
+
   # Special case: user accessing their own workspace
   if [[ "$workspace" == "$person" ]]; then
     echo "access=rw"