Merge pull request #1567 from RedisInsight/be/feature/RI-3974_ssh_tunnel

#RI-3974 ssh tunneling base implementation

Author: vlad-dargel

redisinsight/api/config/ormconfig.ts

@@ -10,6 +10,7 @@ import { SettingsEntity } from 'src/modules/settings/entities/settings.entity';
 import { CaCertificateEntity } from 'src/modules/certificate/entities/ca-certificate.entity';
 import { ClientCertificateEntity } from 'src/modules/certificate/entities/client-certificate.entity';
 import { DatabaseEntity } from 'src/modules/database/entities/database.entity';
+import { SshOptionsEntity } from 'src/modules/ssh/entities/ssh-options.entity';
 import migrations from '../migration';
 import * as config from '../src/utils/config';
 
@@ -31,6 +32,7 @@ const ormConfig = {
     PluginStateEntity,
     NotificationEntity,
     DatabaseAnalysisEntity,
+    SshOptionsEntity,
   ],
   migrations,
 };

redisinsight/api/migration/1673035852335-ssh-options.ts

@@ -0,0 +1,30 @@
+import { MigrationInterface, QueryRunner } from "typeorm";
+
+export class sshOptions1673035852335 implements MigrationInterface {
+    name = 'sshOptions1673035852335'
+
+    public async up(queryRunner: QueryRunner): Promise<void> {
+        await queryRunner.query(`CREATE TABLE "ssh_options" ("id" varchar PRIMARY KEY NOT NULL, "host" varchar NOT NULL, "port" integer NOT NULL, "encryption" varchar, "username" varchar, "password" varchar, "privateKey" varchar, "passphrase" varchar, "databaseId" varchar, CONSTRAINT "REL_fe3c3f8b1246e4824a3fb83047" UNIQUE ("databaseId"))`);
+        await queryRunner.query(`CREATE TABLE "temporary_database_instance" ("id" varchar PRIMARY KEY NOT NULL, "host" varchar NOT NULL, "port" integer NOT NULL, "name" varchar NOT NULL, "username" varchar, "password" varchar, "tls" boolean, "verifyServerCert" boolean, "lastConnection" datetime, "caCertId" varchar, "clientCertId" varchar, "connectionType" varchar NOT NULL DEFAULT ('STANDALONE'), "nodes" varchar DEFAULT ('[]'), "nameFromProvider" varchar, "sentinelMasterName" varchar, "sentinelMasterUsername" varchar, "sentinelMasterPassword" varchar, "provider" varchar DEFAULT ('UNKNOWN'), "modules" varchar NOT NULL DEFAULT ('[]'), "db" integer, "encryption" varchar, "tlsServername" varchar, "new" boolean, "ssh" boolean, CONSTRAINT "FK_d1bc747b5938e22b4b708d8e9a5" FOREIGN KEY ("caCertId") REFERENCES "ca_certificate" ("id") ON DELETE SET NULL ON UPDATE NO ACTION, CONSTRAINT "FK_3b9b625266c00feb2d66a9f36e4" FOREIGN KEY ("clientCertId") REFERENCES "client_certificate" ("id") ON DELETE SET NULL ON UPDATE NO ACTION)`);
+        await queryRunner.query(`INSERT INTO "temporary_database_instance"("id", "host", "port", "name", "username", "password", "tls", "verifyServerCert", "lastConnection", "caCertId", "clientCertId", "connectionType", "nodes", "nameFromProvider", "sentinelMasterName", "sentinelMasterUsername", "sentinelMasterPassword", "provider", "modules", "db", "encryption", "tlsServername", "new") SELECT "id", "host", "port", "name", "username", "password", "tls", "verifyServerCert", "lastConnection", "caCertId", "clientCertId", "connectionType", "nodes", "nameFromProvider", "sentinelMasterName", "sentinelMasterUsername", "sentinelMasterPassword", "provider", "modules", "db", "encryption", "tlsServername", "new" FROM "database_instance"`);
+        await queryRunner.query(`DROP TABLE "database_instance"`);
+        await queryRunner.query(`ALTER TABLE "temporary_database_instance" RENAME TO "database_instance"`);
+        await queryRunner.query(`CREATE TABLE "temporary_ssh_options" ("id" varchar PRIMARY KEY NOT NULL, "host" varchar NOT NULL, "port" integer NOT NULL, "encryption" varchar, "username" varchar, "password" varchar, "privateKey" varchar, "passphrase" varchar, "databaseId" varchar, CONSTRAINT "REL_fe3c3f8b1246e4824a3fb83047" UNIQUE ("databaseId"), CONSTRAINT "FK_fe3c3f8b1246e4824a3fb83047d" FOREIGN KEY ("databaseId") REFERENCES "database_instance" ("id") ON DELETE CASCADE ON UPDATE NO ACTION)`);
+        await queryRunner.query(`INSERT INTO "temporary_ssh_options"("id", "host", "port", "encryption", "username", "password", "privateKey", "passphrase", "databaseId") SELECT "id", "host", "port", "encryption", "username", "password", "privateKey", "passphrase", "databaseId" FROM "ssh_options"`);
+        await queryRunner.query(`DROP TABLE "ssh_options"`);
+        await queryRunner.query(`ALTER TABLE "temporary_ssh_options" RENAME TO "ssh_options"`);
+    }
+
+    public async down(queryRunner: QueryRunner): Promise<void> {
+        await queryRunner.query(`ALTER TABLE "ssh_options" RENAME TO "temporary_ssh_options"`);
+        await queryRunner.query(`CREATE TABLE "ssh_options" ("id" varchar PRIMARY KEY NOT NULL, "host" varchar NOT NULL, "port" integer NOT NULL, "encryption" varchar, "username" varchar, "password" varchar, "privateKey" varchar, "passphrase" varchar, "databaseId" varchar, CONSTRAINT "REL_fe3c3f8b1246e4824a3fb83047" UNIQUE ("databaseId"))`);
+        await queryRunner.query(`INSERT INTO "ssh_options"("id", "host", "port", "encryption", "username", "password", "privateKey", "passphrase", "databaseId") SELECT "id", "host", "port", "encryption", "username", "password", "privateKey", "passphrase", "databaseId" FROM "temporary_ssh_options"`);
+        await queryRunner.query(`DROP TABLE "temporary_ssh_options"`);
+        await queryRunner.query(`ALTER TABLE "database_instance" RENAME TO "temporary_database_instance"`);
+        await queryRunner.query(`CREATE TABLE "database_instance" ("id" varchar PRIMARY KEY NOT NULL, "host" varchar NOT NULL, "port" integer NOT NULL, "name" varchar NOT NULL, "username" varchar, "password" varchar, "tls" boolean, "verifyServerCert" boolean, "lastConnection" datetime, "caCertId" varchar, "clientCertId" varchar, "connectionType" varchar NOT NULL DEFAULT ('STANDALONE'), "nodes" varchar DEFAULT ('[]'), "nameFromProvider" varchar, "sentinelMasterName" varchar, "sentinelMasterUsername" varchar, "sentinelMasterPassword" varchar, "provider" varchar DEFAULT ('UNKNOWN'), "modules" varchar NOT NULL DEFAULT ('[]'), "db" integer, "encryption" varchar, "tlsServername" varchar, "new" boolean, CONSTRAINT "FK_d1bc747b5938e22b4b708d8e9a5" FOREIGN KEY ("caCertId") REFERENCES "ca_certificate" ("id") ON DELETE SET NULL ON UPDATE NO ACTION, CONSTRAINT "FK_3b9b625266c00feb2d66a9f36e4" FOREIGN KEY ("clientCertId") REFERENCES "client_certificate" ("id") ON DELETE SET NULL ON UPDATE NO ACTION)`);
+        await queryRunner.query(`INSERT INTO "database_instance"("id", "host", "port", "name", "username", "password", "tls", "verifyServerCert", "lastConnection", "caCertId", "clientCertId", "connectionType", "nodes", "nameFromProvider", "sentinelMasterName", "sentinelMasterUsername", "sentinelMasterPassword", "provider", "modules", "db", "encryption", "tlsServername", "new") SELECT "id", "host", "port", "name", "username", "password", "tls", "verifyServerCert", "lastConnection", "caCertId", "clientCertId", "connectionType", "nodes", "nameFromProvider", "sentinelMasterName", "sentinelMasterUsername", "sentinelMasterPassword", "provider", "modules", "db", "encryption", "tlsServername", "new" FROM "temporary_database_instance"`);
+        await queryRunner.query(`DROP TABLE "temporary_database_instance"`);
+        await queryRunner.query(`DROP TABLE "ssh_options"`);
+    }
+
+}

redisinsight/api/migration/index.ts

@@ -22,6 +22,7 @@ import { databaseAnalysisExpirationGroups1664886479051 } from './1664886479051-d
 import { workbenchExecutionTime1667368983699 } from './1667368983699-workbench-execution-time';
 import { database1667477693934 } from './1667477693934-database';
 import { databaseNew1670252337342 } from './1670252337342-database-new';
+import { sshOptions1673035852335 } from './1673035852335-ssh-options';
 
 export default [
   initialMigration1614164490968,
@@ -48,4 +49,5 @@ export default [
   workbenchExecutionTime1667368983699,
   database1667477693934,
   databaseNew1670252337342,
+  sshOptions1673035852335,
 ];

redisinsight/api/package.json

@@ -53,6 +53,7 @@
     "body-parser": "^1.19.0",
     "class-transformer": "^0.2.3",
     "class-validator": "^0.12.2",
+    "detect-port": "^1.5.1",
     "dotenv": "^16.0.0",
     "express": "^4.17.1",
     "fs-extra": "^10.0.0",
@@ -67,6 +68,7 @@
     "socket.io": "^4.4.0",
     "source-map-support": "^0.5.19",
     "sqlite3": "^5.0.11",
+    "ssh2": "^1.11.0",
     "swagger-ui-express": "^4.1.4",
     "typeorm": "^0.3.9",
     "uuid": "^8.3.2",
@@ -84,6 +86,7 @@
     "@types/lodash": "^4.14.167",
     "@types/node": "14.14.10",
     "@types/socket.io": "^3.0.2",
+    "@types/ssh2": "^1.11.6",
     "@types/supertest": "^2.0.8",
     "@typescript-eslint/eslint-plugin": "^4.8.1",
     "@typescript-eslint/parser": "^4.8.1",

redisinsight/api/src/core.module.ts

@@ -6,6 +6,7 @@ import { CertificateModule } from 'src/modules/certificate/certificate.module';
 import { EventEmitterModule } from '@nestjs/event-emitter';
 import { RedisModule } from 'src/modules/redis/redis.module';
 import { AnalyticsModule } from 'src/modules/analytics/analytics.module';
+import { SshModule } from 'src/modules/ssh/ssh.module';
 
 @Global()
 @Module({
@@ -17,13 +18,15 @@ import { AnalyticsModule } from 'src/modules/analytics/analytics.module';
     CertificateModule.register(),
     DatabaseModule.register(),
     RedisModule,
+    SshModule,
   ],
   exports: [
     EncryptionModule,
     SettingsModule,
     CertificateModule,
     DatabaseModule,
     RedisModule,
+    SshModule,
   ],
 })
 export class CoreModule {}

redisinsight/api/src/modules/database/dto/create.database.dto.ts

@@ -12,11 +12,18 @@ import { UseCaCertificateDto } from 'src/modules/certificate/dto/use.ca-certific
 import { UseClientCertificateDto } from 'src/modules/certificate/dto/use.client-certificate.dto';
 import { caCertTransformer } from 'src/modules/certificate/transformers/ca-cert.transformer';
 import { clientCertTransformer } from 'src/modules/certificate/transformers/client-cert.transformer';
+import { CreateBasicSshOptionsDto } from 'src/modules/ssh/dto/create.basic-ssh-options.dto';
+import { CreateCertSshOptionsDto } from 'src/modules/ssh/dto/create.cert-ssh-options.dto';
+import { sshOptionsTransformer } from 'src/modules/ssh/transformers/ssh-options.transformer';
 
-@ApiExtraModels(CreateCaCertificateDto, UseCaCertificateDto, CreateClientCertificateDto, UseClientCertificateDto)
+@ApiExtraModels(
+  CreateCaCertificateDto, UseCaCertificateDto,
+  CreateClientCertificateDto, UseClientCertificateDto,
+  CreateBasicSshOptionsDto, CreateCertSshOptionsDto,
+)
 export class CreateDatabaseDto extends PickType(Database, [
   'host', 'port', 'name', 'db', 'username', 'password', 'nameFromProvider', 'provider',
-  'tls', 'tlsServername', 'verifyServerCert', 'sentinelMaster',
+  'tls', 'tlsServername', 'verifyServerCert', 'sentinelMaster', 'ssh',
 ] as const) {
   @ApiPropertyOptional({
     description: 'CA Certificate',
@@ -45,4 +52,18 @@ export class CreateDatabaseDto extends PickType(Database, [
   @Type(clientCertTransformer)
   @ValidateNested()
   clientCert?: CreateClientCertificateDto | UseClientCertificateDto;
+
+  @ApiPropertyOptional({
+    description: 'SSH Options',
+    oneOf: [
+      { $ref: getSchemaPath(CreateBasicSshOptionsDto) },
+      { $ref: getSchemaPath(CreateCertSshOptionsDto) },
+    ],
+  })
+  @Expose()
+  @IsOptional()
+  @IsNotEmptyObject()
+  @Type(sshOptionsTransformer)
+  @ValidateNested()
+  sshOptions?: CreateBasicSshOptionsDto | CreateCertSshOptionsDto;
 }

redisinsight/api/src/modules/database/dto/update.database.dto.ts

@@ -13,6 +13,9 @@ import { clientCertTransformer } from 'src/modules/certificate/transformers/clie
 import { UseClientCertificateDto } from 'src/modules/certificate/dto/use.client-certificate.dto';
 import { SentinelMaster } from 'src/modules/redis-sentinel/models/sentinel-master';
 import { CreateDatabaseDto } from 'src/modules/database/dto/create.database.dto';
+import { CreateBasicSshOptionsDto } from 'src/modules/ssh/dto/create.basic-ssh-options.dto';
+import { CreateCertSshOptionsDto } from 'src/modules/ssh/dto/create.cert-ssh-options.dto';
+import { sshOptionsTransformer } from 'src/modules/ssh/transformers/ssh-options.transformer';
 
 export class UpdateDatabaseDto extends CreateDatabaseDto {
   @ValidateIf((object, value) => value !== undefined)
@@ -28,6 +31,31 @@ export class UpdateDatabaseDto extends CreateDatabaseDto {
   @IsInt({ always: true })
   port: number;
 
+  @ApiPropertyOptional({
+    description:
+      'Database username, if your database is ACL enabled, otherwise leave this field empty.',
+    type: String,
+  })
+  @Expose()
+  @IsString({ always: true })
+  @IsNotEmpty()
+  @IsOptional()
+  @Default(null)
+  username?: string;
+
+  @ApiPropertyOptional({
+    description:
+      'The password, if any, for your Redis database. '
+      + 'If your database doesn’t require a password, leave this field empty.',
+    type: String,
+  })
+  @Expose()
+  @IsString({ always: true })
+  @IsNotEmpty()
+  @IsOptional()
+  @Default(null)
+  password?: string;
+
   @ApiPropertyOptional({
     description: 'Logical database number.',
     type: Number,
@@ -47,6 +75,15 @@ export class UpdateDatabaseDto extends CreateDatabaseDto {
   @Default(false)
   tls?: boolean;
 
+  @ApiPropertyOptional({
+    description: 'Use SSH to connect.',
+    type: Boolean,
+  })
+  @IsBoolean()
+  @IsOptional()
+  @Default(false)
+  ssh?: boolean;
+
   @ApiPropertyOptional({
     description: 'SNI servername',
     type: String,
@@ -105,4 +142,19 @@ export class UpdateDatabaseDto extends CreateDatabaseDto {
   @ValidateNested()
   @Default(null)
   sentinelMaster?: SentinelMaster;
+
+  @ApiPropertyOptional({
+    description: 'SSH Options',
+    oneOf: [
+      { $ref: getSchemaPath(CreateBasicSshOptionsDto) },
+      { $ref: getSchemaPath(CreateCertSshOptionsDto) },
+    ],
+  })
+  @Expose()
+  @IsOptional()
+  @IsNotEmptyObject()
+  @Type(sshOptionsTransformer)
+  @ValidateNested()
+  @Default(null)
+  sshOptions?: CreateBasicSshOptionsDto | CreateCertSshOptionsDto;
 }

redisinsight/api/src/modules/database/entities/database.entity.ts

@@ -1,11 +1,12 @@
 import {
-  Column, Entity, ManyToOne, PrimaryGeneratedColumn,
+  Column, Entity, ManyToOne, OneToOne, PrimaryGeneratedColumn,
 } from 'typeorm';
 import { CaCertificateEntity } from 'src/modules/certificate/entities/ca-certificate.entity';
 import { ClientCertificateEntity } from 'src/modules/certificate/entities/client-certificate.entity';
 import { DataAsJsonString } from 'src/common/decorators';
-import { Expose, Transform } from 'class-transformer';
+import { Expose, Transform, Type } from 'class-transformer';
 import { SentinelMaster } from 'src/modules/redis-sentinel/models/sentinel-master';
+import { SshOptionsEntity } from 'src/modules/ssh/entities/ssh-options.entity';
 
 export enum HostingProvider {
   UNKNOWN = 'UNKNOWN',
@@ -162,4 +163,21 @@ export class DatabaseEntity {
   @Expose()
   @Column({ nullable: true })
   new: boolean;
+
+  @Expose()
+  @Column({ nullable: true })
+  ssh: boolean;
+
+  @Expose()
+  @OneToOne(
+    () => SshOptionsEntity,
+    (sshOptions) => sshOptions.database,
+    {
+      eager: true,
+      onDelete: 'CASCADE',
+      cascade: true,
+    },
+  )
+  @Type(() => SshOptionsEntity)
+  sshOptions: SshOptionsEntity;
 }

redisinsight/api/src/modules/database/models/database.ts

@@ -17,6 +17,7 @@ import {
 import { SentinelMaster } from 'src/modules/redis-sentinel/models/sentinel-master';
 import { Endpoint } from 'src/common/models';
 import { AdditionalRedisModule } from 'src/modules/database/models/additional.redis.module';
+import { SshOptions } from 'src/modules/ssh/models/ssh-options';
 
 export class Database {
   @ApiProperty({
@@ -215,4 +216,24 @@ export class Database {
   @IsOptional()
   @IsBoolean({ always: true })
   new?: boolean;
+
+  @ApiPropertyOptional({
+    description: 'Use SSH tunnel to connect.',
+    type: Boolean,
+  })
+  @Expose()
+  @IsBoolean()
+  @IsOptional()
+  ssh?: boolean;
+
+  @ApiPropertyOptional({
+    description: 'SSH options',
+    type: SshOptions,
+  })
+  @Expose()
+  @IsOptional()
+  @IsNotEmptyObject()
+  @Type(() => SshOptions)
+  @ValidateNested()
+  sshOptions?: SshOptions;
 }