From 9fedd48fefbef6c0eb7f1fbd566882c2cdc8074f Mon Sep 17 00:00:00 2001 From: Brandon Williams Date: Mon, 11 Mar 2019 07:50:51 -0500 Subject: [PATCH] Update api to get/save ssh key fingerprints --- services/api/src/resources/sshKey/index.js | 6 +++++ .../api/src/resources/sshKey/resolvers.js | 22 ++++++++++++------- services/api/src/resources/sshKey/sql.js | 3 +++ services/api/src/typeDefs.js | 1 + 4 files changed, 24 insertions(+), 8 deletions(-) diff --git a/services/api/src/resources/sshKey/index.js b/services/api/src/resources/sshKey/index.js index 6ba2948ce4..205b69eeef 100644 --- a/services/api/src/resources/sshKey/index.js +++ b/services/api/src/resources/sshKey/index.js @@ -14,6 +14,12 @@ const validateSshKey = (key /* : string */) /* : boolean */ => { } }; +const getSshKeyFingerprint = (key /* : string */) /* : string */ => { + const parsed = sshpk.parseKey(key, 'ssh'); + return parsed.fingerprint('sha256', 'ssh').toString(); +}; + module.exports = { validateSshKey, + getSshKeyFingerprint, }; diff --git a/services/api/src/resources/sshKey/resolvers.js b/services/api/src/resources/sshKey/resolvers.js index acddae8d60..6f5570abf4 100644 --- a/services/api/src/resources/sshKey/resolvers.js +++ b/services/api/src/resources/sshKey/resolvers.js @@ -3,7 +3,7 @@ const R = require('ramda'); const sqlClient = require('../../clients/sqlClient'); const { isPatchEmpty, prepare, query } = require('../../util/db'); -const { validateSshKey } = require('.'); +const { validateSshKey, getSshKeyFingerprint } = require('.'); const Sql = require('./sql'); /* :: @@ -66,8 +66,9 @@ const addSshKey = async ( { credentials: { role, userId: credentialsUserId } }, ) => { const keyType = sshKeyTypeToString(unformattedKeyType); + const keyFormatted = formatSshKey({ keyType, keyValue }); - if (!validateSshKey(formatSshKey({ keyType, keyValue }))) { + if (!validateSshKey(keyFormatted)) { throw new Error('Invalid SSH key format! Please verify keyType + keyValue'); } @@ -86,6 +87,7 @@ const addSshKey = async ( name, keyValue, keyType, + keyFingerprint: getSshKeyFingerprint(keyFormatted), }), ); await query(sqlClient, Sql.addSshKeyToUser({ sshKeyId: insertId, userId })); @@ -125,16 +127,20 @@ const updateSshKey = async ( throw new Error('Input patch requires at least 1 attribute'); } - if ( - (keyType || keyValue) && - !validateSshKey(formatSshKey({ keyType, keyValue })) - ) { - throw new Error('Invalid SSH key format! Please verify keyType + keyValue'); + let keyFingerprint = null; + if ((keyType || keyValue)) { + const keyFormatted = formatSshKey({ keyType, keyValue }); + + if (!validateSshKey(keyFormatted)) { + throw new Error('Invalid SSH key format! Please verify keyType + keyValue'); + } + + keyFingerprint = getSshKeyFingerprint(keyFormatted); } await query( sqlClient, - Sql.updateSshKey({ id, patch: { name, keyType, keyValue } }), + Sql.updateSshKey({ id, patch: { name, keyType, keyValue, keyFingerprint } }), ); const rows = await query(sqlClient, Sql.selectSshKey(id)); diff --git a/services/api/src/resources/sshKey/sql.js b/services/api/src/resources/sshKey/sql.js index ce5aa717eb..21269b55e7 100644 --- a/services/api/src/resources/sshKey/sql.js +++ b/services/api/src/resources/sshKey/sql.js @@ -58,11 +58,13 @@ const Sql /* : SqlObj */ = { name, keyValue, keyType, + keyFingerprint, } /* : { id: number, name: string, keyValue: string, keyType: string, + keyFingerprint: string, } */, ) => knex('ssh_key') @@ -71,6 +73,7 @@ const Sql /* : SqlObj */ = { name, key_value: keyValue, key_type: keyType, + key_fingerprint: keyFingerprint, }) .toString(), addSshKeyToUser: ( diff --git a/services/api/src/typeDefs.js b/services/api/src/typeDefs.js index 222eb3d9c3..00f45cde45 100644 --- a/services/api/src/typeDefs.js +++ b/services/api/src/typeDefs.js @@ -77,6 +77,7 @@ const typeDefs = gql` name: String keyValue: String keyType: String + keyFingerprint: String created: String }