chore: add SSH key fingerprint API and UI updates

fabiovincenzi · fabiovincenzi · commit e5da79c33a58 · 2025-11-20T20:28:46.000+01:00
diff --git a/src/service/routes/users.ts b/src/service/routes/users.ts
@@ -1,12 +1,28 @@
 import express, { Request, Response } from 'express';
 import { utils } from 'ssh2';
+import crypto from 'crypto';
 
 import * as db from '../../db';
 import { toPublicUser } from './publicApi';
-import { DuplicateSSHKeyError, UserNotFoundError } from '../../errors/DatabaseErrors';
 
 const router = express.Router();
-const parseKey = utils.parseKey;
+
+// Calculate SHA-256 fingerprint from SSH public key
+// Note: This function is duplicated in src/cli/ssh-key.ts to keep CLI and server independent
+function calculateFingerprint(publicKeyStr: string): string | null {
+  try {
+    const parsed = utils.parseKey(publicKeyStr);
+    if (!parsed || parsed instanceof Error) {
+      return null;
+    }
+    const pubKey = parsed.getPublicSSH();
+    const hash = crypto.createHash('sha256').update(pubKey).digest('base64');
+    return `SHA256:${hash}`;
+  } catch (err) {
+    console.error('Error calculating fingerprint:', err);
+    return null;
+  }
+}
 
 router.get('/', async (req: Request, res: Response) => {
   console.log('fetching users');
@@ -25,91 +41,126 @@ router.get('/:id', async (req: Request, res: Response) => {
   res.send(toPublicUser(user));
 });
 
+// Get SSH key fingerprints for a user
+router.get('/:username/ssh-key-fingerprints', async (req: Request, res: Response) => {
+  if (!req.user) {
+    res.status(401).json({ error: 'Authentication required' });
+    return;
+  }
+
+  const { username, admin } = req.user as { username: string; admin: boolean };
+  const targetUsername = req.params.username.toLowerCase();
+
+  // Only allow users to view their own keys, or admins to view any keys
+  if (username !== targetUsername && !admin) {
+    res.status(403).json({ error: 'Not authorized to view keys for this user' });
+    return;
+  }
+
+  try {
+    const publicKeys = await db.getPublicKeys(targetUsername);
+    const keyFingerprints = publicKeys.map((keyRecord) => ({
+      fingerprint: keyRecord.fingerprint,
+      name: keyRecord.name,
+      addedAt: keyRecord.addedAt,
+    }));
+    res.json(keyFingerprints);
+  } catch (error) {
+    console.error('Error retrieving SSH keys:', error);
+    res.status(500).json({ error: 'Failed to retrieve SSH keys' });
+  }
+});
+
 // Add SSH public key
 router.post('/:username/ssh-keys', async (req: Request, res: Response) => {
   if (!req.user) {
-    res.status(401).json({ error: 'Login required' });
+    res.status(401).json({ error: 'Authentication required' });
     return;
   }
 
   const { username, admin } = req.user as { username: string; admin: boolean };
   const targetUsername = req.params.username.toLowerCase();
 
-  // Admins can add to any account, users can only add to their own
+  // Only allow users to add keys to their own account, or admins to add to any account
   if (username !== targetUsername && !admin) {
     res.status(403).json({ error: 'Not authorized to add keys for this user' });
     return;
   }
 
-  const { publicKey } = req.body;
-  if (!publicKey || typeof publicKey !== 'string') {
+  const { publicKey, name } = req.body;
+  if (!publicKey) {
     res.status(400).json({ error: 'Public key is required' });
     return;
   }
 
-  try {
-    const parsedKey = parseKey(publicKey.trim());
+  // Strip the comment from the key (everything after the last space)
+  const keyWithoutComment = publicKey.trim().split(' ').slice(0, 2).join(' ');
 
-    if (parsedKey instanceof Error) {
-      res.status(400).json({ error: `Invalid SSH key: ${parsedKey.message}` });
-      return;
-    }
+  // Calculate fingerprint
+  const fingerprint = calculateFingerprint(keyWithoutComment);
+  if (!fingerprint) {
+    res.status(400).json({ error: 'Invalid SSH public key format' });
+    return;
+  }
 
-    if (parsedKey.isPrivateKey()) {
-      res.status(400).json({ error: 'Invalid SSH key: Must be a public key' });
-      return;
-    }
+  const publicKeyRecord = {
+    key: keyWithoutComment,
+    name: name || 'Unnamed Key',
+    addedAt: new Date().toISOString(),
+    fingerprint: fingerprint,
+  };
 
-    const keyWithoutComment = parsedKey.getPublicSSH().toString('utf8');
-    console.log('Adding SSH key', { targetUsername, keyWithoutComment });
-    await db.addPublicKey(targetUsername, keyWithoutComment);
-    res.status(201).json({ message: 'SSH key added successfully' });
-  } catch (error) {
+  console.log('Adding SSH key', { targetUsername, fingerprint });
+  try {
+    await db.addPublicKey(targetUsername, publicKeyRecord);
+    res.status(201).json({
+      message: 'SSH key added successfully',
+      fingerprint: fingerprint,
+    });
+  } catch (error: any) {
     console.error('Error adding SSH key:', error);
 
-    if (error instanceof DuplicateSSHKeyError) {
-      res.status(409).json({ error: error.message });
-      return;
-    }
-
-    if (error instanceof UserNotFoundError) {
-      res.status(404).json({ error: error.message });
-      return;
+    // Return specific error message
+    if (error.message === 'SSH key already exists') {
+      res.status(409).json({ error: 'This SSH key already exists' });
+    } else if (error.message === 'User not found') {
+      res.status(404).json({ error: 'User not found' });
+    } else {
+      res.status(500).json({ error: error.message || 'Failed to add SSH key' });
     }
-
-    const errorMessage = error instanceof Error ? error.message : 'Unknown error';
-    res.status(500).json({ error: `Failed to add SSH key: ${errorMessage}` });
   }
 });
 
-// Remove SSH public key
-router.delete('/:username/ssh-keys', async (req: Request, res: Response) => {
+// Remove SSH public key by fingerprint
+router.delete('/:username/ssh-keys/:fingerprint', async (req: Request, res: Response) => {
   if (!req.user) {
-    res.status(401).json({ error: 'Login required' });
+    res.status(401).json({ error: 'Authentication required' });
     return;
   }
 
   const { username, admin } = req.user as { username: string; admin: boolean };
   const targetUsername = req.params.username.toLowerCase();
+  const fingerprint = req.params.fingerprint;
 
   // Only allow users to remove keys from their own account, or admins to remove from any account
   if (username !== targetUsername && !admin) {
     res.status(403).json({ error: 'Not authorized to remove keys for this user' });
     return;
   }
 
-  const { publicKey } = req.body;
-  if (!publicKey) {
-    res.status(400).json({ error: 'Public key is required' });
-    return;
-  }
-
+  console.log('Removing SSH key', { targetUsername, fingerprint });
   try {
-    await db.removePublicKey(targetUsername, publicKey);
+    await db.removePublicKey(targetUsername, fingerprint);
     res.status(200).json({ message: 'SSH key removed successfully' });
-  } catch (error) {
+  } catch (error: any) {
     console.error('Error removing SSH key:', error);
-    res.status(500).json({ error: 'Failed to remove SSH key' });
+
+    // Return specific error message
+    if (error.message === 'User not found') {
+      res.status(404).json({ error: 'User not found' });
+    } else {
+      res.status(500).json({ error: error.message || 'Failed to remove SSH key' });
+    }
   }
 });
 
diff --git a/src/ui/views/User/UserProfile.tsx b/src/ui/views/User/UserProfile.tsx
@@ -25,9 +25,9 @@ import {
   DialogContent,
   DialogActions,
 } from '@material-ui/core';
-import { UserContextType } from '../RepoDetails/RepoDetails';
 import { getSSHKeys, addSSHKey, deleteSSHKey, SSHKey } from '../../services/ssh';
 import Snackbar from '../../components/Snackbar/Snackbar';
+import { UserContextType } from '../RepoDetails/RepoDetails';
 
 const useStyles = makeStyles((theme: Theme) => ({
   root: {
@@ -82,10 +82,10 @@ export default function UserProfile(): React.ReactElement {
 
   // Load SSH keys when data is available
   useEffect(() => {
-    if (data && (isProfile || isAdmin)) {
+    if (data && (isOwnProfile || loggedInUser?.admin)) {
       loadSSHKeys();
     }
-  }, [data, isProfile, isAdmin, loadSSHKeys]);
+  }, [data, isOwnProfile, loggedInUser, loadSSHKeys]);
 
   const showSnackbar = (message: string, color: 'success' | 'danger') => {
     setSnackbarMessage(message);
@@ -190,11 +190,7 @@ export default function UserProfile(): React.ReactElement {
                   padding: '20px',
                 }}
               >
-                <GridContainer
-                  style={{
-                    paddingTop: '10px',
-                  }}
-                >
+                <GridContainer>
                   {data.gitAccount && (
                     <GridItem xs={1} sm={1} md={1}>
                       <img
@@ -240,7 +236,7 @@ export default function UserProfile(): React.ReactElement {
                     )}
                   </GridItem>
                 </GridContainer>
-                {isOwnProfile || loggedInUser.admin ? (
+                {isOwnProfile || loggedInUser?.admin ? (
                   <div style={{ marginTop: '50px' }}>
                     <hr style={{ opacity: 0.2 }} />
                     <div style={{ marginTop: '25px' }}>
