[server,db,protocol] support ssh public key

Author: mustard-mh

components/gitpod-db/src/tables.ts

@@ -262,6 +262,12 @@ export class GitpodTableDescriptionProvider implements TableDescriptionProvider
             deletionColumn: "deleted",
             timeColumn: "_lastModified",
         },
+        {
+            name: "d_b_user_ssh_public_key",
+            primaryKeys: ["id"],
+            deletionColumn: "deleted",
+            timeColumn: "_lastModified",
+        },
     ];
 
     public getSortedTables(): TableDescription[] {

components/gitpod-db/src/typeorm/entity/db-user-ssh-public-key.ts

@@ -0,0 +1,56 @@
+/**
+ * Copyright (c) 2022 Gitpod GmbH. All rights reserved.
+ * Licensed under the GNU Affero General Public License (AGPL).
+ * See License-AGPL.txt in the project root for license information.
+ */
+
+import { PrimaryColumn, Column, Entity, Index } from "typeorm";
+import { TypeORM } from "../typeorm";
+import { UserSSHPublicKey } from "@gitpod/gitpod-protocol";
+import { Transformer } from "../transformer";
+import { encryptionService } from "../user-db-impl";
+
+@Entity("d_b_user_ssh_public_key")
+export class DBUserSshPublicKey implements UserSSHPublicKey {
+    @PrimaryColumn(TypeORM.UUID_COLUMN_TYPE)
+    id: string;
+
+    @Column(TypeORM.UUID_COLUMN_TYPE)
+    @Index("ind_userId")
+    userId: string;
+
+    @Column("varchar")
+    name: string;
+
+    @Column({
+        type: "simple-json",
+        // Relies on the initialization of the var in UserDbImpl
+        transformer: Transformer.compose(
+            Transformer.SIMPLE_JSON([]),
+            Transformer.encrypted(() => encryptionService),
+        ),
+    })
+    key: string;
+
+    @Column("varchar")
+    fingerprint: string;
+
+    @Column({
+        type: "timestamp",
+        precision: 6,
+        default: () => "CURRENT_TIMESTAMP(6)",
+        transformer: Transformer.MAP_ISO_STRING_TO_TIMESTAMP_DROP,
+    })
+    @Index("ind_creationTime")
+    creationTime: string;
+
+    @Column({
+        default: "",
+        transformer: Transformer.MAP_EMPTY_STR_TO_UNDEFINED,
+    })
+    lastUsedTime?: string;
+
+    // This column triggers the db-sync deletion mechanism. It's not intended for public consumption.
+    @Column()
+    deleted: boolean;
+}

components/gitpod-db/src/typeorm/migration/1654842204415-UserSshPublicKey.ts

@@ -0,0 +1,17 @@
+/**
+ * Copyright (c) 2022 Gitpod GmbH. All rights reserved.
+ * Licensed under the GNU Affero General Public License (AGPL).
+ * See License-AGPL.txt in the project root for license information.
+ */
+
+import { MigrationInterface, QueryRunner } from "typeorm";
+
+export class UserSshPublicKey1654842204415 implements MigrationInterface {
+    public async up(queryRunner: QueryRunner): Promise<void> {
+        await queryRunner.query(
+            "CREATE TABLE IF NOT EXISTS `d_b_user_ssh_public_key` ( `id` char(36) NOT NULL, `userId` char(36) NOT NULL, `name` varchar(255) NOT NULL, `key` text NOT NULL, `fingerprint` varchar(255) NOT NULL, `deleted` tinyint(4) NOT NULL DEFAULT '0', `_lastModified` timestamp(6) NOT NULL DEFAULT CURRENT_TIMESTAMP(6) ON UPDATE CURRENT_TIMESTAMP(6), `creationTime` timestamp(6) NOT NULL DEFAULT CURRENT_TIMESTAMP(6), `lastUsedTime` varchar(255) NOT NULL DEFAULT '', PRIMARY KEY (`id`), KEY ind_userId (`userId`), KEY ind_creationTime (`creationTime`) ) ENGINE = InnoDB DEFAULT CHARSET = utf8mb4;",
+        );
+    }
+
+    public async down(queryRunner: QueryRunner): Promise<void> {}
+}

components/gitpod-db/src/typeorm/user-db-impl.ts

@@ -10,10 +10,12 @@ import {
     GitpodTokenType,
     Identity,
     IdentityLookup,
+    SSHPublicKeyValue,
     Token,
     TokenEntry,
     User,
     UserEnvVar,
+    UserSSHPublicKey,
 } from "@gitpod/gitpod-protocol";
 import { EncryptionService } from "@gitpod/gitpod-protocol/lib/encryption/encryption-service";
 import {
@@ -41,6 +43,7 @@ import { DBTokenEntry } from "./entity/db-token-entry";
 import { DBUser } from "./entity/db-user";
 import { DBUserEnvVar } from "./entity/db-user-env-vars";
 import { DBWorkspace } from "./entity/db-workspace";
+import { DBUserSshPublicKey } from "./entity/db-user-ssh-public-key";
 import { TypeORM } from "./typeorm";
 import { log } from "@gitpod/gitpod-protocol/lib/util/logging";
 
@@ -95,6 +98,10 @@ export class TypeORMUserDBImpl implements UserDB {
         return (await this.getEntityManager()).getRepository<DBUserEnvVar>(DBUserEnvVar);
     }
 
+    protected async getSSHPublicKeyRepo(): Promise<Repository<DBUserSshPublicKey>> {
+        return (await this.getEntityManager()).getRepository<DBUserSshPublicKey>(DBUserSshPublicKey);
+    }
+
     public async newUser(): Promise<User> {
         const user: User = {
             id: uuidv4(),
@@ -395,6 +402,43 @@ export class TypeORMUserDBImpl implements UserDB {
         await repo.save(envVar);
     }
 
+    public async hasSSHPublicKey(userId: string): Promise<boolean> {
+        const repo = await this.getSSHPublicKeyRepo();
+        return !!(await repo.findOne({ where: { userId, deleted: false } }));
+    }
+
+    public async getSSHPublicKeys(userId: string): Promise<UserSSHPublicKey[]> {
+        const repo = await this.getSSHPublicKeyRepo();
+        return repo.find({ where: { userId, deleted: false }, order: { creationTime: "ASC" } });
+    }
+
+    public async addSSHPublicKey(userId: string, value: SSHPublicKeyValue): Promise<UserSSHPublicKey> {
+        const repo = await this.getSSHPublicKeyRepo();
+        const fingerprint = SSHPublicKeyValue.getFingerprint(value);
+        const allKeys = await repo.find({ where: { userId, deleted: false } });
+        const prevOne = allKeys.find((e) => e.fingerprint === fingerprint);
+        if (!!prevOne) {
+            throw new Error(`Duplicate public key with ${prevOne.name}`);
+        }
+        if (allKeys.length > SSHPublicKeyValue.MAXIMUM_KEY_LENGTH) {
+            throw new Error(`The maximum of public keys is ${SSHPublicKeyValue.MAXIMUM_KEY_LENGTH}`);
+        }
+        return repo.save({
+            id: uuidv4(),
+            userId,
+            fingerprint,
+            name: value.name,
+            key: value.key,
+            creationTime: new Date().toISOString(),
+            deleted: false,
+        });
+    }
+
+    public async deleteSSHPublicKey(userId: string, id: string): Promise<void> {
+        const repo = await this.getSSHPublicKeyRepo();
+        await repo.update({ userId, id }, { deleted: true });
+    }
+
     public async findAllUsers(
         offset: number,
         limit: number,

components/gitpod-db/src/user-db.ts

@@ -10,10 +10,12 @@ import {
     GitpodTokenType,
     Identity,
     IdentityLookup,
+    SSHPublicKeyValue,
     Token,
     TokenEntry,
     User,
     UserEnvVar,
+    UserSSHPublicKey,
 } from "@gitpod/gitpod-protocol";
 import { OAuthTokenRepository, OAuthUserRepository } from "@jmondi/oauth2-server";
 import { Repository } from "typeorm";
@@ -117,6 +119,12 @@ export interface UserDB extends OAuthUserRepository, OAuthTokenRepository {
     deleteEnvVar(envVar: UserEnvVar): Promise<void>;
     getEnvVars(userId: string): Promise<UserEnvVar[]>;
 
+    // User SSH Keys
+    hasSSHPublicKey(userId: string): Promise<boolean>;
+    getSSHPublicKeys(userId: string): Promise<UserSSHPublicKey[]>;
+    addSSHPublicKey(userId: string, value: SSHPublicKeyValue): Promise<UserSSHPublicKey>;
+    deleteSSHPublicKey(userId: string, id: string): Promise<void>;
+
     findAllUsers(
         offset: number,
         limit: number,

components/gitpod-protocol/go/gitpod-service.go

@@ -64,6 +64,10 @@ type APIInterface interface {
 	GetEnvVars(ctx context.Context) (res []*UserEnvVarValue, err error)
 	SetEnvVar(ctx context.Context, variable *UserEnvVarValue) (err error)
 	DeleteEnvVar(ctx context.Context, variable *UserEnvVarValue) (err error)
+	HasSSHPublicKey(ctx context.Context) (res bool, err error)
+	GetSSHPublicKeys(ctx context.Context) (res []*UserSSHPublicKeyValue, err error)
+	AddSSHPublicKey(ctx context.Context, value *SSHPublicKeyValue) (res *UserSSHPublicKeyValue, err error)
+	DeleteSSHPublicKey(ctx context.Context, id string) (err error)
 	GetContentBlobUploadURL(ctx context.Context, name string) (url string, err error)
 	GetContentBlobDownloadURL(ctx context.Context, name string) (url string, err error)
 	GetGitpodTokens(ctx context.Context) (res []*APIToken, err error)
@@ -168,6 +172,14 @@ const (
 	FunctionSetEnvVar FunctionName = "setEnvVar"
 	// FunctionDeleteEnvVar is the name of the deleteEnvVar function
 	FunctionDeleteEnvVar FunctionName = "deleteEnvVar"
+	// FunctionHasSSHPublicKey is the name of the hasSSHPublicKey function
+	FunctionHasSSHPublicKey FunctionName = "hasSSHPublicKey"
+	// FunctionGetSSHPublicKeys is the name of the getSSHPublicKeys function
+	FunctionGetSSHPublicKeys FunctionName = "getSSHPublicKeys"
+	// FunctionAddSSHPublicKey is the name of the addSSHPublicKey function
+	FunctionAddSSHPublicKey FunctionName = "addSSHPublicKey"
+	// FunctionDeleteSSHPublicKey is the name of the deleteSSHPublicKey function
+	FunctionDeleteSSHPublicKey FunctionName = "deleteSSHPublicKey"
 	// FunctionGetContentBlobUploadURL is the name fo the getContentBlobUploadUrl function
 	FunctionGetContentBlobUploadURL FunctionName = "getContentBlobUploadUrl"
 	// FunctionGetContentBlobDownloadURL is the name fo the getContentBlobDownloadUrl function
@@ -1117,6 +1129,50 @@ func (gp *APIoverJSONRPC) DeleteEnvVar(ctx context.Context, variable *UserEnvVar
 	return
 }
 
+// HasSSHPublicKey calls hasSSHPublicKey on the server
+func (gp *APIoverJSONRPC) HasSSHPublicKey(ctx context.Context) (res bool, err error) {
+	if gp == nil {
+		err = errNotConnected
+		return
+	}
+	var _params []interface{}
+	err = gp.C.Call(ctx, "hasSSHPublicKey", _params, &res)
+	return
+}
+
+// GetSSHPublicKeys calls getSSHPublicKeys on the server
+func (gp *APIoverJSONRPC) GetSSHPublicKeys(ctx context.Context) (res []*UserSSHPublicKeyValue, err error) {
+	if gp == nil {
+		err = errNotConnected
+		return
+	}
+	var _params []interface{}
+	err = gp.C.Call(ctx, "getSSHPublicKeys", _params, &res)
+	return
+}
+
+// AddSSHPublicKey calls addSSHPublicKey on the server
+func (gp *APIoverJSONRPC) AddSSHPublicKey(ctx context.Context, value *SSHPublicKeyValue) (res *UserSSHPublicKeyValue, err error) {
+	if gp == nil {
+		err = errNotConnected
+		return
+	}
+	_params := []interface{}{value}
+	err = gp.C.Call(ctx, "addSSHPublicKey", _params, &res)
+	return
+}
+
+// DeleteSSHPublicKey calls deleteSSHPublicKey on the server
+func (gp *APIoverJSONRPC) DeleteSSHPublicKey(ctx context.Context, id string) (err error) {
+	if gp == nil {
+		err = errNotConnected
+		return
+	}
+	_params := []interface{}{id}
+	err = gp.C.Call(ctx, "deleteSSHPublicKey", _params, nil)
+	return
+}
+
 // GetContentBlobUploadURL calls getContentBlobUploadUrl on the server
 func (gp *APIoverJSONRPC) GetContentBlobUploadURL(ctx context.Context, name string) (url string, err error) {
 	if gp == nil {
@@ -1790,6 +1846,19 @@ type UserEnvVarValue struct {
 	Value             string `json:"value,omitempty"`
 }
 
+type SSHPublicKeyValue struct {
+	Name string `json:"name,omitempty"`
+	Key  string `json:"key,omitempty"`
+}
+
+type UserSSHPublicKeyValue struct {
+	ID           string `json:"id,omitempty"`
+	Name         string `json:"name,omitempty"`
+	Fingerprint  string `json:"fingerprint,omitempty"`
+	CreationTime string `json:"creationTime,omitempty"`
+	LastUsedTime string `json:"lastUsedTime,omitempty"`
+}
+
 // GenerateNewGitpodTokenOptions is the GenerateNewGitpodTokenOptions message type
 type GenerateNewGitpodTokenOptions struct {
 	Name string `json:"name,omitempty"`

components/gitpod-protocol/go/mock.go

@@ -24,6 +24,8 @@ import {
     GuessGitTokenScopesParams,
     GuessedGitTokenScopes,
     ProjectEnvVar,
+    UserSSHPublicKeyValue,
+    SSHPublicKeyValue,
 } from "./protocol";
 import {
     Team,
@@ -148,6 +150,12 @@ export interface GitpodServer extends JsonRpcServer<GitpodClient>, AdminServer,
     setEnvVar(variable: UserEnvVarValue): Promise<void>;
     deleteEnvVar(variable: UserEnvVarValue): Promise<void>;
 
+    // User SSH Keys
+    hasSSHPublicKey(): Promise<boolean>;
+    getSSHPublicKeys(): Promise<UserSSHPublicKeyValue[]>;
+    addSSHPublicKey(value: SSHPublicKeyValue): Promise<UserSSHPublicKeyValue>;
+    deleteSSHPublicKey(id: string): Promise<void>;
+
     // Teams
     getTeams(): Promise<Team[]>;
     getTeamMembers(teamId: string): Promise<TeamMemberInfo[]>;