ssh tunnel - alternative modes

app/package.json

@@ -37,6 +37,15 @@
         "github"
       ]
     },
+    "snap": {
+      "publish": [
+        "github",
+        "snapStore"
+      ],
+      "environment": {
+        "ELECTRON_SNAP": "true"
+      }
+    },
     "win": {
       "target": [
         "nsis"

packages/api/src/controllers/config.js

@@ -1,4 +1,5 @@
 const currentVersion = require('../currentVersion');
+const platformInfo = require('../utility/platformInfo');
 
 module.exports = {
   get_meta: 'get',
@@ -31,4 +32,10 @@ module.exports = {
       ...currentVersion,
     };
   },
+
+  platformInfo_meta: 'get',
+  async platformInfo() {
+    return platformInfo;
+  },
+  
 };

packages/api/src/controllers/runners.js

@@ -24,6 +24,7 @@ const requirePluginsTemplate = plugins =>
 
 const scriptTemplate = script => `
 const dbgateApi = require(process.env.DBGATE_API);
+dbgateApi.registerProcessCommunication();
 ${requirePluginsTemplate(extractPlugins(script))}
 require=null;
 async function run() {
@@ -36,6 +37,7 @@ dbgateApi.runScript(run);
 
 const loaderScriptTemplate = (functionName, props, runid) => `
 const dbgateApi = require(process.env.DBGATE_API);
+dbgateApi.registerProcessCommunication();
 ${requirePluginsTemplate(extractShellApiPlugins(functionName, props))}
 require=null;
 async function run() {

packages/api/src/shell/index.js

@@ -17,6 +17,7 @@ const requirePlugin = require('./requirePlugin');
 const download = require('./download');
 const executeQuery = require('./executeQuery');
 const loadFile = require('./loadFile');
+const registerProcessCommunication = require('./registerProcessCommunication');
 
 const dbgateApi = {
   queryReader,
@@ -37,6 +38,7 @@ const dbgateApi = {
   registerPlugins,
   executeQuery,
   loadFile,
+  registerProcessCommunication,
 };
 
 requirePlugin.initializeDbgateApi(dbgateApi);

packages/api/src/shell/registerProcessCommunication.js

@@ -0,0 +1,9 @@
+const { handleProcessCommunication } = require('../utility/processComm');
+
+async function registerProcessCommunication() {
+  process.on('message', async message => {
+    handleProcessCommunication(message);
+  });
+}
+
+module.exports = registerProcessCommunication;

packages/api/src/utility/crypting.js

@@ -42,31 +42,45 @@ function getEncryptor() {
   return _encryptor;
 }
 
-function encryptConnection(connection) {
+function encryptPasswordField(connection, field) {
   if (
     connection &&
-    connection.password &&
+    connection[field] &&
-    !connection.password.startsWith('crypt:') &&
+    !connection[field].startsWith('crypt:') &&
     connection.passwordMode != 'saveRaw'
   ) {
     return {
       ...connection,
-      password: 'crypt:' + getEncryptor().encrypt(connection.password),
+      [field]: 'crypt:' + getEncryptor().encrypt(connection[field]),
     };
   }
   return connection;
 }
 
-function decryptConnection(connection) {
+function decryptPasswordField(connection, field) {
-  if (connection && connection.password && connection.password.startsWith('crypt:')) {
+  if (connection && connection[field] && connection[field].startsWith('crypt:')) {
     return {
       ...connection,
-      password: getEncryptor().decrypt(connection.password.substring('crypt:'.length)),
+      [field]: getEncryptor().decrypt(connection[field].substring('crypt:'.length)),
     };
   }
   return connection;
 }
 
+function encryptConnection(connection) {
+  connection = encryptPasswordField(connection, 'password');
+  connection = encryptPasswordField(connection, 'sshPassword');
+  connection = encryptPasswordField(connection, 'sshKeyFilePassword');
+  return connection;
+}
+
+function decryptConnection(connection) {
+  connection = decryptPasswordField(connection, 'password');
+  connection = decryptPasswordField(connection, 'sshPassword');
+  connection = decryptPasswordField(connection, 'sshKeyFilePassword');
+  return connection;
+}
+
 module.exports = {
   loadEncryptionKey,
   encryptConnection,

packages/api/src/utility/platformInfo.js

@@ -0,0 +1,27 @@
+const fs = require('fs');
+const os = require('os');
+const path = require('path');
+
+const p = process;
+const platform = p.env.OS_OVERRIDE ? p.env.OS_OVERRIDE : p.platform;
+const isWindows = platform === 'win32';
+const isMac = platform === 'darwin';
+const isLinux = platform === 'linux';
+const isDocker = fs.existsSync('/home/dbgate-docker/build');
+
+const platformInfo = {
+  isWindows,
+  isMac,
+  isLinux,
+  isDocker,
+  isSnap: p.env.ELECTRON_SNAP,
+  isPortable: isWindows && p.env.PORTABLE_EXECUTABLE_DIR,
+  isAppImage: p.env.DESKTOPINTEGRATION === 'AppImageLauncher',
+  sshAuthSock: p.env.SSH_AUTH_SOCK,
+  environment: process.env.NODE_ENV,
+  platform,
+  runningInWebpack: !!p.env.WEBPACK_DEV_SERVER_URL,
+  defaultKeyFile: path.join(os.homedir(), '.ssh/id_rsa'),
+};
+
+module.exports = platformInfo;

packages/api/src/utility/sshTunnel.js

@@ -1,7 +1,9 @@
 const { SSHConnection } = require('node-ssh-forward');
+const fs = require('fs-extra');
 const portfinder = require('portfinder');
 const stableStringify = require('json-stable-stringify');
 const _ = require('lodash');
+const platformInfo = require('./platformInfo');
 
 const sshConnectionCache = {};
 const sshTunnelCache = {};
@@ -16,11 +18,14 @@ async function getSshConnection(connection) {
   const sshConfig = {
     endHost: connection.sshHost || '',
     endPort: connection.sshPort || 22,
-    bastionHost: '',
+    bastionHost: connection.sshBastionHost || '',
-    agentForward: false,
+    agentForward: connection.sshMode == 'agent',
-    passphrase: undefined,
+    passphrase: connection.sshMode == 'keyFile' ? connection.sshKeyFilePassword : undefined,
     username: connection.sshLogin,
-    password: connection.sshPassword,
+    password: connection.sshMode == 'userPassword' ? connection.sshPassword : undefined,
+    agentSocket: connection.sshMode == 'agent' ? platformInfo.sshAuthSock : undefined,
+    privateKey:
+      connection.sshMode == 'keyFile' && connection.sshKeyFile ? await fs.readFile(connection.sshKeyFile) : undefined,
     skipAutoPrivateKey: true,
     noReadline: true,
   };

packages/web/src/impexp/createImpExpScript.js

@@ -31,7 +31,7 @@ async function getConnection(extensions, storageType, conid, database) {
     const driver = findEngineDriver(conn, extensions);
     return [
       {
-        ..._.pick(conn, ['server', 'engine', 'user', 'password', 'port', 'authType']),
+        ..._.omit(conn, ['_id', 'displayName']),
         database,
       },
       driver,

packages/web/src/modals/ConnectionModal.js

@@ -8,6 +8,7 @@ import {
   FormSubmit,
   FormPasswordField,
   FormCheckboxField,
+  FormElectronFileSelector,
 } from '../utility/forms';
 import ModalHeader from './ModalHeader';
 import ModalFooter from './ModalFooter';
@@ -17,6 +18,8 @@ import LoadingInfo from '../widgets/LoadingInfo';
 import { FontIcon } from '../icons';
 import { FormProvider, useForm } from '../utility/FormProvider';
 import { TabControl, TabPage } from '../widgets/TabControl';
+import { usePlatformInfo } from '../utility/metadataLoaders';
+import getElectron from '../utility/getElectron';
 // import FormikForm from '../utility/FormikForm';
 
 function DriverFields({ extensions }) {
@@ -69,15 +72,55 @@ function DriverFields({ extensions }) {
 }
 
 function SshTunnelFields() {
-  const { values } = useForm();
+  const { values, setFieldValue } = useForm();
-  const { useSshTunnel } = values;
+  const { useSshTunnel, sshMode, sshKeyfile } = values;
+  const platformInfo = usePlatformInfo();
+  const electron = getElectron();
+
+  React.useEffect(() => {
+    if (useSshTunnel && !sshMode) {
+      setFieldValue('sshMode', 'userPassword');
+    }
+    if (useSshTunnel && sshMode == 'keyFile' && !sshKeyfile) {
+      setFieldValue('sshKeyfile', platformInfo.defaultKeyFile);
+    }
+  }, [useSshTunnel, sshMode]);
+
   return (
     <>
       <FormCheckboxField label="Use SSH tunnel" name="useSshTunnel" />
-      <FormTextField label="SSH Host" name="sshHost" disabled={!useSshTunnel} />
+      <FormTextField label="Host" name="sshHost" disabled={!useSshTunnel} />
-      <FormTextField label="SSH Port" name="sshPort" disabled={!useSshTunnel} />
+      <FormTextField label="Port" name="sshPort" disabled={!useSshTunnel} />
-      <FormTextField label="SSH Login" name="sshLogin" disabled={!useSshTunnel} />
+      <FormTextField label="Bastion host (Jump host)" name="sshBastionHost" disabled={!useSshTunnel} />
-      <FormPasswordField label="SSH Password" name="sshPassword" disabled={!useSshTunnel} />
+
+      <FormSelectField label="SSH Authentication" name="sshMode" disabled={!useSshTunnel}>
+        <option value="userPassword">Username &amp; password</option>
+        <option value="agent">SSH agent</option>
+        {!!electron && <option value="keyFile">Key file</option>}
+      </FormSelectField>
+
+      <FormTextField label="Login" name="sshLogin" disabled={!useSshTunnel} />
+
+      {sshMode == 'userPassword' && <FormPasswordField label="Password" name="sshPassword" disabled={!useSshTunnel} />}
+      {useSshTunnel &&
+        sshMode == 'agent' &&
+        (platformInfo.sshAuthSock ? (
+          <div>
+            <FontIcon icon="img ok" /> SSH Agent found
+          </div>
+        ) : (
+          <div>
+            <FontIcon icon="img error" /> SSH Agent not found
+          </div>
+        ))}
+
+      {sshMode == 'keyFile' && (
+        <FormElectronFileSelector label="Private key file" name="sshKeyfile" disabled={!useSshTunnel} />
+      )}
+
+      {sshMode == 'keyFile' && (
+        <FormPasswordField label="Key file passphrase" name="sshKeyfilePassword" disabled={!useSshTunnel} />
+      )}
     </>
   );
 }

packages/web/src/utility/forms.js

@@ -15,6 +15,13 @@ import axios from './axios';
 import useTheme from '../theme/useTheme';
 import { useForm, useFormFieldTemplate } from './FormProvider';
 import { FontIcon } from '../icons';
+import getElectron from './getElectron';
+import InlineButton from '../widgets/InlineButton';
+import styled from 'styled-components';
+
+const FlexContainer = styled.div`
+  display: flex;
+`;
 
 export function FormFieldTemplate({ label, children, type }) {
   const FieldTemplate = useFormFieldTemplate();
@@ -321,3 +328,32 @@ export function FormArchiveFolderSelect({ name, additionalFolders = [], ...other
     />
   );
 }
+
+export function FormElectronFileSelectorRaw({ name }) {
+  const { values, setFieldValue } = useForm();
+  const handleBrowse = () => {
+    const electron = getElectron();
+    if (!electron) return;
+    const filePaths = electron.remote.dialog.showOpenDialogSync(electron.remote.getCurrentWindow(), {
+      defaultPath: values[name],
+      properties: ['showHiddenFiles'],
+    });
+    const filePath = filePaths && filePaths[0];
+    if (filePath) setFieldValue(name, filePath);
+  };
+  return (
+    <FlexContainer>
+      <TextField value={values[name]} onClick={handleBrowse} readOnly />
+      <InlineButton onClick={handleBrowse}>Browse</InlineButton>
+    </FlexContainer>
+  );
+}
+
+export function FormElectronFileSelector({ label, name, ...other }) {
+  const FieldTemplate = useFormFieldTemplate();
+  return (
+    <FieldTemplate label={label} type="select">
+      <FormElectronFileSelectorRaw name={name} {...other} />
+    </FieldTemplate>
+  );
+}

packages/web/src/utility/metadataLoaders.js

@@ -46,6 +46,12 @@ const configLoader = () => ({
   reloadTrigger: 'config-changed',
 });
 
+const platformInfoLoader = () => ({
+  url: 'config/platform-info',
+  params: {},
+  reloadTrigger: 'platform-info-changed',
+});
+
 const favoritesLoader = () => ({
   url: 'files/favorites',
   params: {},
@@ -253,6 +259,13 @@ export function useConfig() {
   return useCore(configLoader, {}) || {};
 }
 
+export function getPlatformInfo() {
+  return getCore(platformInfoLoader, {}) || {};
+}
+export function usePlatformInfo() {
+  return useCore(platformInfoLoader, {}) || {};
+}
+
 export function getArchiveFiles(args) {
   return getCore(archiveFilesLoader, args);
 }