pangolin_mirror/pangolin
1
0
Fork 0
mirror of https://github.com/fosrl/pangolin.git synced 2026-03-23 02:56:37 +00:00
Code Issues Packages Projects Releases Wiki Activity

Change SSH WIP

Browse Source
This commit is contained in:
Owen
2026-03-21 10:40:12 -07:00
parent 21b91374a3
commit d85496453f
1 changed files with 70 additions and 59 deletions
Download Patch File Download Diff File Expand all files Collapse all files

59
server/private/routers/ssh/signSshKey.ts
View File

@@ -21,7 +21,7 @@ import {
roles, roles,
roundTripMessageTracker, roundTripMessageTracker,
siteResources, siteResources,
sites, siteNetworks,
userOrgs userOrgs
} from "@server/db"; } from "@server/db";
import { isLicensedOrSubscribed } from "#private/lib/isLicencedOrSubscribed"; import { isLicensedOrSubscribed } from "#private/lib/isLicencedOrSubscribed";
@@ -62,11 +62,11 @@ const bodySchema = z
export type SignSshKeyResponse = { export type SignSshKeyResponse = {
certificate: string; certificate: string;
messageId: number; messageIds: number[];
sshUsername: string; sshUsername: string;
sshHost: string; sshHost: string;
resourceId: number; resourceId: number;
siteId: number; siteIds: number[];
keyId: string; keyId: string;
validPrincipals: string[]; validPrincipals: string[];
validAfter: string; validAfter: string;
@@ -250,10 +250,7 @@ export async function signSshKey(
.update(userOrgs) .update(userOrgs)
.set({ pamUsername: usernameToUse }) .set({ pamUsername: usernameToUse })
.where( .where(
and( and(eq(userOrgs.orgId, orgId), eq(userOrgs.userId, userId))
eq(userOrgs.orgId, orgId),
eq(userOrgs.userId, userId)
)
); );
} else { } else {
usernameToUse = userOrg.pamUsername; usernameToUse = userOrg.pamUsername;
@@ -374,21 +371,12 @@ export async function signSshKey(
const homedir = roleRow?.sshCreateHomeDir ?? null; const homedir = roleRow?.sshCreateHomeDir ?? null;
const sudoMode = roleRow?.sshSudoMode ?? "none"; const sudoMode = roleRow?.sshSudoMode ?? "none";
// get the site const sites = await db
const [newt] = await db .select({ siteId: siteNetworks.siteId })
.select() .from(siteNetworks)
.from(newts) .where(eq(siteNetworks.networkId, resource.networkId!));
.where(eq(newts.siteId, resource.siteId))
.limit(1);
if (!newt) { const siteIds = sites.map((site) => site.siteId);
return next(
createHttpError(
HttpCode.INTERNAL_SERVER_ERROR,
"Site associated with resource not found"
)
);
}
// Sign the public key // Sign the public key
const now = BigInt(Math.floor(Date.now() / 1000)); const now = BigInt(Math.floor(Date.now() / 1000));
@@ -402,6 +390,24 @@ export async function signSshKey(
validBefore: now + validFor validBefore: now + validFor
}); });
const messageIds: number[] = [];
for (const siteId of siteIds) {
// get the site
const [newt] = await db
.select()
.from(newts)
.where(eq(newts.siteId, siteId))
.limit(1);
if (!newt) {
return next(
createHttpError(
HttpCode.INTERNAL_SERVER_ERROR,
"Site associated with resource not found"
)
);
}
const [message] = await db const [message] = await db
.insert(roundTripMessageTracker) .insert(roundTripMessageTracker)
.values({ .values({
@@ -420,6 +426,8 @@ export async function signSshKey(
); );
} }
messageIds.push(message.messageId);
await sendToClient(newt.newtId, { await sendToClient(newt.newtId, {
type: `newt/pam/connection`, type: `newt/pam/connection`,
data: { data: {
@@ -439,6 +447,7 @@ export async function signSshKey(
} }
} }
}); });
}
const expiresIn = Number(validFor); // seconds const expiresIn = Number(validFor); // seconds
@@ -459,18 +468,20 @@ export async function signSshKey(
metadata: JSON.stringify({ metadata: JSON.stringify({
resourceId: resource.siteResourceId, resourceId: resource.siteResourceId,
resource: resource.name, resource: resource.name,
siteId: resource.siteId, siteIds: siteIds
}) })
}); });
// TODO: WE NEED TO MAKE SURE THE MESSAGEIDS ARE BACKWARD COMPATABILE AND THE SITEIDS TOO AND UPDATE THE CLI TO HANDLE THE MESSAGE IDS
return response<SignSshKeyResponse>(res, { return response<SignSshKeyResponse>(res, {
data: { data: {
certificate: cert.certificate, certificate: cert.certificate,
messageId: message.messageId, messageIds: messageIds,
sshUsername: usernameToUse, sshUsername: usernameToUse,
sshHost: sshHost, sshHost: sshHost,
resourceId: resource.siteResourceId, resourceId: resource.siteResourceId,
siteId: resource.siteId, siteIds: siteIds,
keyId: cert.keyId, keyId: cert.keyId,
validPrincipals: cert.validPrincipals, validPrincipals: cert.validPrincipals,
validAfter: cert.validAfter.toISOString(), validAfter: cert.validAfter.toISOString(),