feat: Add user scoped git ssh keys (#834)

2025-07-03 16:13:58 +00:00 · 2022-04-05 19:18:26 -05:00
parent 1e9e5f7c76
commit 9da17be61e
19 changed files with 924 additions and 2 deletions
--- a/coderd/gitsshkey.go
+++ b/coderd/gitsshkey.go
@ -0,0 +1,118 @@
+package coderd
+
+import (
+	"fmt"
+	"net/http"
+
+	"github.com/go-chi/render"
+
+	"github.com/coder/coder/coderd/database"
+	"github.com/coder/coder/coderd/gitsshkey"
+	"github.com/coder/coder/coderd/httpapi"
+	"github.com/coder/coder/coderd/httpmw"
+	"github.com/coder/coder/codersdk"
+)
+
+func (api *api) regenerateGitSSHKey(rw http.ResponseWriter, r *http.Request) {
+	user := httpmw.UserParam(r)
+	privateKey, publicKey, err := gitsshkey.Generate(api.SSHKeygenAlgorithm)
+	if err != nil {
+		httpapi.Write(rw, http.StatusInternalServerError, httpapi.Response{
+			Message: fmt.Sprintf("regenerate key pair: %s", err),
+		})
+		return
+	}
+
+	err = api.Database.UpdateGitSSHKey(r.Context(), database.UpdateGitSSHKeyParams{
+		UserID:     user.ID,
+		UpdatedAt:  database.Now(),
+		PrivateKey: privateKey,
+		PublicKey:  publicKey,
+	})
+	if err != nil {
+		httpapi.Write(rw, http.StatusInternalServerError, httpapi.Response{
+			Message: fmt.Sprintf("update git SSH key: %s", err),
+		})
+		return
+	}
+
+	newKey, err := api.Database.GetGitSSHKey(r.Context(), user.ID)
+	if err != nil {
+		httpapi.Write(rw, http.StatusInternalServerError, httpapi.Response{
+			Message: fmt.Sprintf("get git SSH key: %s", err),
+		})
+		return
+	}
+
+	render.Status(r, http.StatusOK)
+	render.JSON(rw, r, codersdk.GitSSHKey{
+		UserID:    newKey.UserID,
+		CreatedAt: newKey.CreatedAt,
+		UpdatedAt: newKey.UpdatedAt,
+		// No need to return the private key to the user
+		PublicKey: newKey.PublicKey,
+	})
+}
+
+func (api *api) gitSSHKey(rw http.ResponseWriter, r *http.Request) {
+	user := httpmw.UserParam(r)
+	gitSSHKey, err := api.Database.GetGitSSHKey(r.Context(), user.ID)
+	if err != nil {
+		httpapi.Write(rw, http.StatusInternalServerError, httpapi.Response{
+			Message: fmt.Sprintf("update git SSH key: %s", err),
+		})
+		return
+	}
+
+	render.Status(r, http.StatusOK)
+	render.JSON(rw, r, codersdk.GitSSHKey{
+		UserID:    gitSSHKey.UserID,
+		CreatedAt: gitSSHKey.CreatedAt,
+		UpdatedAt: gitSSHKey.UpdatedAt,
+		// No need to return the private key to the user
+		PublicKey: gitSSHKey.PublicKey,
+	})
+}
+
+func (api *api) agentGitSSHKey(rw http.ResponseWriter, r *http.Request) {
+	agent := httpmw.WorkspaceAgent(r)
+	resource, err := api.Database.GetWorkspaceResourceByID(r.Context(), agent.ResourceID)
+	if err != nil {
+		httpapi.Write(rw, http.StatusInternalServerError, httpapi.Response{
+			Message: fmt.Sprintf("getting workspace resources: %s", err),
+		})
+		return
+	}
+
+	job, err := api.Database.GetWorkspaceBuildByJobID(r.Context(), resource.JobID)
+	if err != nil {
+		httpapi.Write(rw, http.StatusInternalServerError, httpapi.Response{
+			Message: fmt.Sprintf("getting workspace build: %s", err),
+		})
+		return
+	}
+
+	workspace, err := api.Database.GetWorkspaceByID(r.Context(), job.WorkspaceID)
+	if err != nil {
+		httpapi.Write(rw, http.StatusInternalServerError, httpapi.Response{
+			Message: fmt.Sprintf("getting workspace: %s", err),
+		})
+		return
+	}
+
+	gitSSHKey, err := api.Database.GetGitSSHKey(r.Context(), workspace.OwnerID)
+	if err != nil {
+		httpapi.Write(rw, http.StatusInternalServerError, httpapi.Response{
+			Message: fmt.Sprintf("getting git SSH key: %s", err),
+		})
+		return
+	}
+
+	render.Status(r, http.StatusOK)
+	render.JSON(rw, r, codersdk.AgentGitSSHKey{
+		UserID:     gitSSHKey.UserID,
+		CreatedAt:  gitSSHKey.CreatedAt,
+		UpdatedAt:  gitSSHKey.UpdatedAt,
+		PrivateKey: gitSSHKey.PrivateKey,
+	})
+}