Add protocol and implement for ssh public keys

Author: mustard-mh

components/gitpod-db/src/typeorm/entity/db-user-ssh-public-key.ts

@@ -0,0 +1,45 @@
+/**
+ * Copyright (c) 2020 Gitpod GmbH. All rights reserved.
+ * Licensed under the GNU Affero General Public License (AGPL).
+ * See License-AGPL.txt in the project root for license information.
+ */
+
+import { PrimaryColumn, Column, Entity, Index } from "typeorm";
+import { TypeORM } from "../typeorm";
+import { UserSSHPublicKey } from "@gitpod/gitpod-protocol";
+import { Transformer } from "../transformer";
+
+@Entity("d_b_user_ssh_public_key")
+export class DBUserSshPublicKey implements UserSSHPublicKey {
+    @PrimaryColumn(TypeORM.UUID_COLUMN_TYPE)
+    id: string;
+
+    @Column(TypeORM.UUID_COLUMN_TYPE)
+    @Index("ind_userId")
+    userId: string;
+
+    @Column("varchar")
+    name: string;
+
+    @Column("varchar")
+    key: string;
+
+    @Column("varchar")
+    fingerprint: string;
+
+    @Column({
+        type: "timestamp",
+        precision: 6,
+        default: () => "CURRENT_TIMESTAMP(6)",
+        transformer: Transformer.MAP_ISO_STRING_TO_TIMESTAMP_DROP,
+    })
+    @Index("ind_creationTime")
+    creationTime: string;
+
+    @Column({
+        type: "timestamp",
+        precision: 6,
+        transformer: Transformer.MAP_ISO_STRING_TO_TIMESTAMP_DROP,
+    })
+    lastUsedTime?: string;
+}

components/gitpod-db/src/typeorm/migration/1654842204415-UserSshPublicKey.ts

@@ -0,0 +1,17 @@
+/**
+ * Copyright (c) 2022 Gitpod GmbH. All rights reserved.
+ * Licensed under the GNU Affero General Public License (AGPL).
+ * See License-AGPL.txt in the project root for license information.
+ */
+
+import { MigrationInterface, QueryRunner } from "typeorm";
+
+export class UserSshPublicKey1654842204415 implements MigrationInterface {
+    public async up(queryRunner: QueryRunner): Promise<void> {
+        await queryRunner.query(
+            "CREATE TABLE IF NOT EXISTS `d_b_user_ssh_public_key` (`id` char(36) NOT NULL, `userId` char(36) NOT NULL, `name` varchar(255) NOT NULL, `key` text NOT NULL, `fingerprint` varchar(255) NOT NULL, `creationTime` timestamp(6) NOT NULL DEFAULT CURRENT_TIMESTAMP(6), `lastUsedTime` timestamp(6)), PRIMARY KEY (`id`), KEY ind_userId (`userId`),  KEY ind_creationTime (`creationTime`)) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;",
+        );
+    }
+
+    public async down(queryRunner: QueryRunner): Promise<void> {}
+}

components/gitpod-db/src/typeorm/user-db-impl.ts

@@ -10,10 +10,12 @@ import {
     GitpodTokenType,
     Identity,
     IdentityLookup,
+    SSHPublicKeyValue,
     Token,
     TokenEntry,
     User,
     UserEnvVar,
+    UserSSHPublicKey,
 } from "@gitpod/gitpod-protocol";
 import { EncryptionService } from "@gitpod/gitpod-protocol/lib/encryption/encryption-service";
 import {
@@ -41,6 +43,7 @@ import { DBTokenEntry } from "./entity/db-token-entry";
 import { DBUser } from "./entity/db-user";
 import { DBUserEnvVar } from "./entity/db-user-env-vars";
 import { DBWorkspace } from "./entity/db-workspace";
+import { DBUserSshPublicKey } from "./entity/db-user-ssh-public-key";
 import { TypeORM } from "./typeorm";
 import { log } from "@gitpod/gitpod-protocol/lib/util/logging";
 
@@ -95,6 +98,10 @@ export class TypeORMUserDBImpl implements UserDB {
         return (await this.getEntityManager()).getRepository<DBUserEnvVar>(DBUserEnvVar);
     }
 
+    protected async getSSHPublicKeyRepo(): Promise<Repository<DBUserSshPublicKey>> {
+        return (await this.getEntityManager()).getRepository<DBUserSshPublicKey>(DBUserSshPublicKey);
+    }
+
     public async newUser(): Promise<User> {
         const user: User = {
             id: uuidv4(),
@@ -395,6 +402,27 @@ export class TypeORMUserDBImpl implements UserDB {
         await repo.save(envVar);
     }
 
+    public async getSSHPublicKeys(userId: string): Promise<UserSSHPublicKey[]> {
+        const repo = await this.getSSHPublicKeyRepo();
+        return repo.find({ where: { userId }, order: { creationTime: "DESC" } });
+    }
+
+    public async addSSHPublicKey(userId: string, value: SSHPublicKeyValue): Promise<UserSSHPublicKey> {
+        const repo = await this.getSSHPublicKeyRepo();
+        return repo.save({
+            userId,
+            name: value.name,
+            key: value.key,
+            fingerprint: SSHPublicKeyValue.getFingerprint(value),
+            creationTime: new Date().toISOString(),
+        });
+    }
+
+    public async deleteSSHPublicKey(userId: string, id: string): Promise<void> {
+        const repo = await this.getSSHPublicKeyRepo();
+        await repo.delete({ userId, id });
+    }
+
     public async findAllUsers(
         offset: number,
         limit: number,

components/gitpod-db/src/user-db.ts

@@ -10,10 +10,12 @@ import {
     GitpodTokenType,
     Identity,
     IdentityLookup,
+    SSHPublicKeyValue,
     Token,
     TokenEntry,
     User,
     UserEnvVar,
+    UserSSHPublicKey,
 } from "@gitpod/gitpod-protocol";
 import { OAuthTokenRepository, OAuthUserRepository } from "@jmondi/oauth2-server";
 import { Repository } from "typeorm";
@@ -117,6 +119,11 @@ export interface UserDB extends OAuthUserRepository, OAuthTokenRepository {
     deleteEnvVar(envVar: UserEnvVar): Promise<void>;
     getEnvVars(userId: string): Promise<UserEnvVar[]>;
 
+    // User SSH Keys
+    getSSHPublicKeys(userId: string): Promise<UserSSHPublicKey[]>;
+    addSSHPublicKey(userId: string, value: SSHPublicKeyValue): Promise<UserSSHPublicKey>;
+    deleteSSHPublicKey(userId: string, id: string): Promise<void>;
+
     findAllUsers(
         offset: number,
         limit: number,

components/gitpod-protocol/go/gitpod-service.go

@@ -64,6 +64,9 @@ type APIInterface interface {
 	GetEnvVars(ctx context.Context) (res []*UserEnvVarValue, err error)
 	SetEnvVar(ctx context.Context, variable *UserEnvVarValue) (err error)
 	DeleteEnvVar(ctx context.Context, variable *UserEnvVarValue) (err error)
+	GetSSHPublicKeys(ctx context.Context) (res []*UserSSHPublicKeyValue, err error)
+	AddSSHPublicKey(ctx context.Context, value *SSHPublicKeyValue) (res *UserSSHPublicKeyValue, err error)
+	DeleteSSHPublicKey(ctx context.Context, id string) (err error)
 	GetContentBlobUploadURL(ctx context.Context, name string) (url string, err error)
 	GetContentBlobDownloadURL(ctx context.Context, name string) (url string, err error)
 	GetGitpodTokens(ctx context.Context) (res []*APIToken, err error)
@@ -168,6 +171,12 @@ const (
 	FunctionSetEnvVar FunctionName = "setEnvVar"
 	// FunctionDeleteEnvVar is the name of the deleteEnvVar function
 	FunctionDeleteEnvVar FunctionName = "deleteEnvVar"
+	// FunctionGetSSHPublicKeys is the name of the getSSHPublicKeys function
+	FunctionGetSSHPublicKeys FunctionName = "getSSHPublicKeys"
+	// FunctionAddSSHPublicKey is the name of the addSSHPublicKey function
+	FunctionAddSSHPublicKey FunctionName = "addSSHPublicKey"
+	// FunctionDeleteSSHPublicKey is the name of the deleteSSHPublicKey function
+	FunctionDeleteSSHPublicKey FunctionName = "deleteSSHPublicKey"
 	// FunctionGetContentBlobUploadURL is the name fo the getContentBlobUploadUrl function
 	FunctionGetContentBlobUploadURL FunctionName = "getContentBlobUploadUrl"
 	// FunctionGetContentBlobDownloadURL is the name fo the getContentBlobDownloadUrl function
@@ -1117,6 +1126,39 @@ func (gp *APIoverJSONRPC) DeleteEnvVar(ctx context.Context, variable *UserEnvVar
 	return
 }
 
+// GetSSHPublicKeys calls getSSHPublicKeys on the server
+func (gp *APIoverJSONRPC) GetSSHPublicKeys(ctx context.Context) (res []*UserSSHPublicKeyValue, err error) {
+	if gp == nil {
+		err = errNotConnected
+		return
+	}
+	var _params []interface{}
+	err = gp.C.Call(ctx, "getSSHPublicKeys", _params, &res)
+	return
+}
+
+// AddSSHPublicKey calls addSSHPublicKey on the server
+func (gp *APIoverJSONRPC) AddSSHPublicKey(ctx context.Context, value *SSHPublicKeyValue) (res *UserSSHPublicKeyValue, err error) {
+	if gp == nil {
+		err = errNotConnected
+		return
+	}
+	_params := []interface{}{value}
+	err = gp.C.Call(ctx, "addSSHPublicKey", _params, &res)
+	return
+}
+
+// DeleteSSHPublicKey calls deleteSSHPublicKey on the server
+func (gp *APIoverJSONRPC) DeleteSSHPublicKey(ctx context.Context, id string) (err error) {
+	if gp == nil {
+		err = errNotConnected
+		return
+	}
+	_params := []interface{}{id}
+	err = gp.C.Call(ctx, "deleteSSHPublicKey", _params, nil)
+	return
+}
+
 // GetContentBlobUploadURL calls getContentBlobUploadUrl on the server
 func (gp *APIoverJSONRPC) GetContentBlobUploadURL(ctx context.Context, name string) (url string, err error) {
 	if gp == nil {
@@ -1789,6 +1831,19 @@ type UserEnvVarValue struct {
 	Value             string `json:"value,omitempty"`
 }
 
+type SSHPublicKeyValue struct {
+	Name string `json:"name,omitempty"`
+	Key  string `json:"key,omitempty"`
+}
+
+type UserSSHPublicKeyValue struct {
+	ID           string `json:"id,omitempty"`
+	Name         string `json:"name,omitempty"`
+	Fingerprint  string `json:"fingerprint,omitempty"`
+	CreationTime string `json:"creationTime,omitempty"`
+	LastUsedTime string `json:"lastUsedTime,omitempty"`
+}
+
 // GenerateNewGitpodTokenOptions is the GenerateNewGitpodTokenOptions message type
 type GenerateNewGitpodTokenOptions struct {
 	Name string `json:"name,omitempty"`

components/gitpod-protocol/go/mock.go

@@ -24,6 +24,8 @@ import {
     GuessGitTokenScopesParams,
     GuessedGitTokenScopes,
     ProjectEnvVar,
+    UserSSHPublicKeyValue,
+    SSHPublicKeyValue,
 } from "./protocol";
 import {
     Team,
@@ -147,6 +149,11 @@ export interface GitpodServer extends JsonRpcServer<GitpodClient>, AdminServer,
     setEnvVar(variable: UserEnvVarValue): Promise<void>;
     deleteEnvVar(variable: UserEnvVarValue): Promise<void>;
 
+    // User SSH Keys
+    getSSHPublicKeys(): Promise<UserSSHPublicKeyValue[]>;
+    addSSHPublicKey(value: SSHPublicKeyValue): Promise<UserSSHPublicKeyValue>;
+    deleteSSHPublicKey(id: string): Promise<void>;
+
     // Teams
     getTeams(): Promise<Team[]>;
     getTeamMembers(teamId: string): Promise<TeamMemberInfo[]>;

components/gitpod-protocol/src/gitpod-service.ts

@@ -356,6 +356,48 @@ export namespace UserEnvVar {
     }
 }
 
+export interface SSHPublicKeyValue {
+    name: string;
+    key: string;
+}
+export interface UserSSHPublicKey extends SSHPublicKeyValue {
+    id: string;
+    key: string;
+    userId: string;
+    fingerprint: string;
+    creationTime: string;
+    lastUsedTime?: string;
+}
+
+export type UserSSHPublicKeyValue = Omit<UserSSHPublicKey, "key" | "userId">;
+
+export namespace SSHPublicKeyValue {
+    export function validate(value: SSHPublicKeyValue) {
+        // Begins with 'ssh-rsa', 'ecdsa-sha2-nistp256', 'ecdsa-sha2-nistp384', 'ecdsa-sha2-nistp521', 'ssh-ed25519', '[email protected]', or '[email protected]'.
+        const regex =
+            /^(?<type>ssh-rsa|ecdsa-sha2-nistp256|ecdsa-sha2-nistp384|ecdsa-sha2-nistp521|ssh-ed25519|sk-ecdsa-sha2-nistp256@openssh\.com|sk-ssh-ed25519@openssh\.com) (?<key>.*?)( (?<email>.*?))?$/;
+        const resultGroup = regex.exec(value.key.trim());
+        if (!resultGroup) {
+            throw new Error("SSH public key is not available");
+        }
+        return {
+            type: resultGroup.groups?.["type"] as string,
+            key: resultGroup.groups?.["key"] as string,
+            email: resultGroup.groups?.["email"] || undefined,
+        };
+    }
+
+    export function getFingerprint(value: SSHPublicKeyValue) {
+        const data = SSHPublicKeyValue.validate(value);
+        let buf = Buffer.from(data.key, "base64");
+        // gitlab style
+        const hash = createHash("md5").update(buf).digest("hex");
+        // github style
+        // const hash = createHash('sha256').update(buf).digest('base64');
+        return hash;
+    }
+}
+
 export interface GitpodToken {
     /** Hash value (SHA256) of the token (primary key). */
     tokenHash: string;

components/gitpod-protocol/src/protocol.ts

@@ -370,6 +370,18 @@ func (f *FakeGitpodAPI) DeleteEnvVar(ctx context.Context, variable *gitpod.UserE
 	panic("implement me")
 }
 
+func (f *FakeGitpodAPI) GetSSHPublicKeys(ctx context.Context) (res []*gitpod.UserSSHPublicKeyValue, err error) {
+	panic("implement me")
+}
+
+func (f *FakeGitpodAPI) AddSSHPublicKey(ctx context.Context, value *gitpod.SSHPublicKeyValue) (res *gitpod.UserSSHPublicKeyValue, err error) {
+	panic("implement me")
+}
+
+func (f *FakeGitpodAPI) DeleteSSHPublicKey(ctx context.Context, id string) (err error) {
+	panic("implement me")
+}
+
 func (f *FakeGitpodAPI) GetContentBlobUploadURL(ctx context.Context, name string) (url string, err error) {
 	panic("implement me")
 }

components/public-api-server/pkg/apiv1/workspace_test.go

@@ -92,6 +92,9 @@ function getConfig(config: RateLimiterConfig): RateLimiterConfig {
         getAllEnvVars: { group: "default", points: 1 },
         setEnvVar: { group: "default", points: 1 },
         deleteEnvVar: { group: "default", points: 1 },
+        getSSHPublicKeys: { group: "default", points: 1 },
+        addSSHPublicKey: { group: "default", points: 1 },
+        deleteSSHPublicKey: { group: "default", points: 1 },
         setProjectEnvironmentVariable: { group: "default", points: 1 },
         getProjectEnvironmentVariables: { group: "default", points: 1 },
         deleteProjectEnvironmentVariable: { group: "default", points: 1 },