Merge pull request #1577 from RedisInsight/feature/RI-3266_ssh-tunnel

Feature/ri 3266 ssh tunnel

Author: vlad-dargel

.circleci/config.yml

@@ -88,6 +88,7 @@ aliases:
     - mods-preview        # OSS Standalone and all preview modules
     - oss-st-6-tls        # OSS Standalone v6 with TLS enabled
     - oss-st-6-tls-auth   # OSS Standalone v6 with TLS auth required
+    - oss-st-6-tls-auth-ssh   # OSS Standalone v6 with TLS auth required through ssh
     - oss-clu             # OSS Cluster
     - oss-clu-tls         # OSS Cluster with TLS enabled
     - oss-sent            # OSS Sentinel

redisinsight/api/config/default.ts

@@ -55,7 +55,7 @@ export default {
     staticContent: !!process.env.SERVER_STATIC_CONTENT || false,
     buildType: process.env.BUILD_TYPE || 'ELECTRON',
     appVersion: process.env.APP_VERSION || '2.0.0',
-    requestTimeout: parseInt(process.env.REQUEST_TIMEOUT, 10) || 10000,
+    requestTimeout: parseInt(process.env.REQUEST_TIMEOUT, 10) || 25000,
     excludeRoutes: [],
     excludeAuthRoutes: [],
   },

redisinsight/api/config/ormconfig.ts

@@ -10,6 +10,7 @@ import { SettingsEntity } from 'src/modules/settings/entities/settings.entity';
 import { CaCertificateEntity } from 'src/modules/certificate/entities/ca-certificate.entity';
 import { ClientCertificateEntity } from 'src/modules/certificate/entities/client-certificate.entity';
 import { DatabaseEntity } from 'src/modules/database/entities/database.entity';
+import { SshOptionsEntity } from 'src/modules/ssh/entities/ssh-options.entity';
 import migrations from '../migration';
 import * as config from '../src/utils/config';
 
@@ -31,6 +32,7 @@ const ormConfig = {
     PluginStateEntity,
     NotificationEntity,
     DatabaseAnalysisEntity,
+    SshOptionsEntity,
   ],
   migrations,
 };

redisinsight/api/migration/1673035852335-ssh-options.ts

@@ -0,0 +1,30 @@
+import { MigrationInterface, QueryRunner } from "typeorm";
+
+export class sshOptions1673035852335 implements MigrationInterface {
+    name = 'sshOptions1673035852335'
+
+    public async up(queryRunner: QueryRunner): Promise<void> {
+        await queryRunner.query(`CREATE TABLE "ssh_options" ("id" varchar PRIMARY KEY NOT NULL, "host" varchar NOT NULL, "port" integer NOT NULL, "encryption" varchar, "username" varchar, "password" varchar, "privateKey" varchar, "passphrase" varchar, "databaseId" varchar, CONSTRAINT "REL_fe3c3f8b1246e4824a3fb83047" UNIQUE ("databaseId"))`);
+        await queryRunner.query(`CREATE TABLE "temporary_database_instance" ("id" varchar PRIMARY KEY NOT NULL, "host" varchar NOT NULL, "port" integer NOT NULL, "name" varchar NOT NULL, "username" varchar, "password" varchar, "tls" boolean, "verifyServerCert" boolean, "lastConnection" datetime, "caCertId" varchar, "clientCertId" varchar, "connectionType" varchar NOT NULL DEFAULT ('STANDALONE'), "nodes" varchar DEFAULT ('[]'), "nameFromProvider" varchar, "sentinelMasterName" varchar, "sentinelMasterUsername" varchar, "sentinelMasterPassword" varchar, "provider" varchar DEFAULT ('UNKNOWN'), "modules" varchar NOT NULL DEFAULT ('[]'), "db" integer, "encryption" varchar, "tlsServername" varchar, "new" boolean, "ssh" boolean, CONSTRAINT "FK_d1bc747b5938e22b4b708d8e9a5" FOREIGN KEY ("caCertId") REFERENCES "ca_certificate" ("id") ON DELETE SET NULL ON UPDATE NO ACTION, CONSTRAINT "FK_3b9b625266c00feb2d66a9f36e4" FOREIGN KEY ("clientCertId") REFERENCES "client_certificate" ("id") ON DELETE SET NULL ON UPDATE NO ACTION)`);
+        await queryRunner.query(`INSERT INTO "temporary_database_instance"("id", "host", "port", "name", "username", "password", "tls", "verifyServerCert", "lastConnection", "caCertId", "clientCertId", "connectionType", "nodes", "nameFromProvider", "sentinelMasterName", "sentinelMasterUsername", "sentinelMasterPassword", "provider", "modules", "db", "encryption", "tlsServername", "new") SELECT "id", "host", "port", "name", "username", "password", "tls", "verifyServerCert", "lastConnection", "caCertId", "clientCertId", "connectionType", "nodes", "nameFromProvider", "sentinelMasterName", "sentinelMasterUsername", "sentinelMasterPassword", "provider", "modules", "db", "encryption", "tlsServername", "new" FROM "database_instance"`);
+        await queryRunner.query(`DROP TABLE "database_instance"`);
+        await queryRunner.query(`ALTER TABLE "temporary_database_instance" RENAME TO "database_instance"`);
+        await queryRunner.query(`CREATE TABLE "temporary_ssh_options" ("id" varchar PRIMARY KEY NOT NULL, "host" varchar NOT NULL, "port" integer NOT NULL, "encryption" varchar, "username" varchar, "password" varchar, "privateKey" varchar, "passphrase" varchar, "databaseId" varchar, CONSTRAINT "REL_fe3c3f8b1246e4824a3fb83047" UNIQUE ("databaseId"), CONSTRAINT "FK_fe3c3f8b1246e4824a3fb83047d" FOREIGN KEY ("databaseId") REFERENCES "database_instance" ("id") ON DELETE CASCADE ON UPDATE NO ACTION)`);
+        await queryRunner.query(`INSERT INTO "temporary_ssh_options"("id", "host", "port", "encryption", "username", "password", "privateKey", "passphrase", "databaseId") SELECT "id", "host", "port", "encryption", "username", "password", "privateKey", "passphrase", "databaseId" FROM "ssh_options"`);
+        await queryRunner.query(`DROP TABLE "ssh_options"`);
+        await queryRunner.query(`ALTER TABLE "temporary_ssh_options" RENAME TO "ssh_options"`);
+    }
+
+    public async down(queryRunner: QueryRunner): Promise<void> {
+        await queryRunner.query(`ALTER TABLE "ssh_options" RENAME TO "temporary_ssh_options"`);
+        await queryRunner.query(`CREATE TABLE "ssh_options" ("id" varchar PRIMARY KEY NOT NULL, "host" varchar NOT NULL, "port" integer NOT NULL, "encryption" varchar, "username" varchar, "password" varchar, "privateKey" varchar, "passphrase" varchar, "databaseId" varchar, CONSTRAINT "REL_fe3c3f8b1246e4824a3fb83047" UNIQUE ("databaseId"))`);
+        await queryRunner.query(`INSERT INTO "ssh_options"("id", "host", "port", "encryption", "username", "password", "privateKey", "passphrase", "databaseId") SELECT "id", "host", "port", "encryption", "username", "password", "privateKey", "passphrase", "databaseId" FROM "temporary_ssh_options"`);
+        await queryRunner.query(`DROP TABLE "temporary_ssh_options"`);
+        await queryRunner.query(`ALTER TABLE "database_instance" RENAME TO "temporary_database_instance"`);
+        await queryRunner.query(`CREATE TABLE "database_instance" ("id" varchar PRIMARY KEY NOT NULL, "host" varchar NOT NULL, "port" integer NOT NULL, "name" varchar NOT NULL, "username" varchar, "password" varchar, "tls" boolean, "verifyServerCert" boolean, "lastConnection" datetime, "caCertId" varchar, "clientCertId" varchar, "connectionType" varchar NOT NULL DEFAULT ('STANDALONE'), "nodes" varchar DEFAULT ('[]'), "nameFromProvider" varchar, "sentinelMasterName" varchar, "sentinelMasterUsername" varchar, "sentinelMasterPassword" varchar, "provider" varchar DEFAULT ('UNKNOWN'), "modules" varchar NOT NULL DEFAULT ('[]'), "db" integer, "encryption" varchar, "tlsServername" varchar, "new" boolean, CONSTRAINT "FK_d1bc747b5938e22b4b708d8e9a5" FOREIGN KEY ("caCertId") REFERENCES "ca_certificate" ("id") ON DELETE SET NULL ON UPDATE NO ACTION, CONSTRAINT "FK_3b9b625266c00feb2d66a9f36e4" FOREIGN KEY ("clientCertId") REFERENCES "client_certificate" ("id") ON DELETE SET NULL ON UPDATE NO ACTION)`);
+        await queryRunner.query(`INSERT INTO "database_instance"("id", "host", "port", "name", "username", "password", "tls", "verifyServerCert", "lastConnection", "caCertId", "clientCertId", "connectionType", "nodes", "nameFromProvider", "sentinelMasterName", "sentinelMasterUsername", "sentinelMasterPassword", "provider", "modules", "db", "encryption", "tlsServername", "new") SELECT "id", "host", "port", "name", "username", "password", "tls", "verifyServerCert", "lastConnection", "caCertId", "clientCertId", "connectionType", "nodes", "nameFromProvider", "sentinelMasterName", "sentinelMasterUsername", "sentinelMasterPassword", "provider", "modules", "db", "encryption", "tlsServername", "new" FROM "temporary_database_instance"`);
+        await queryRunner.query(`DROP TABLE "temporary_database_instance"`);
+        await queryRunner.query(`DROP TABLE "ssh_options"`);
+    }
+
+}

redisinsight/api/migration/index.ts

@@ -22,6 +22,7 @@ import { databaseAnalysisExpirationGroups1664886479051 } from './1664886479051-d
 import { workbenchExecutionTime1667368983699 } from './1667368983699-workbench-execution-time';
 import { database1667477693934 } from './1667477693934-database';
 import { databaseNew1670252337342 } from './1670252337342-database-new';
+import { sshOptions1673035852335 } from './1673035852335-ssh-options';
 
 export default [
   initialMigration1614164490968,
@@ -48,4 +49,5 @@ export default [
   workbenchExecutionTime1667368983699,
   database1667477693934,
   databaseNew1670252337342,
+  sshOptions1673035852335,
 ];

redisinsight/api/package.json

@@ -53,6 +53,7 @@
     "body-parser": "^1.19.0",
     "class-transformer": "^0.2.3",
     "class-validator": "^0.12.2",
+    "detect-port": "^1.5.1",
     "dotenv": "^16.0.0",
     "express": "^4.17.1",
     "fs-extra": "^10.0.0",
@@ -67,6 +68,7 @@
     "socket.io": "^4.4.0",
     "source-map-support": "^0.5.19",
     "sqlite3": "^5.0.11",
+    "ssh2": "^1.11.0",
     "swagger-ui-express": "^4.1.4",
     "typeorm": "^0.3.9",
     "uuid": "^8.3.2",
@@ -84,6 +86,7 @@
     "@types/lodash": "^4.14.167",
     "@types/node": "14.14.10",
     "@types/socket.io": "^3.0.2",
+    "@types/ssh2": "^1.11.6",
     "@types/supertest": "^2.0.8",
     "@typescript-eslint/eslint-plugin": "^4.8.1",
     "@typescript-eslint/parser": "^4.8.1",

redisinsight/api/src/__mocks__/common.ts

@@ -54,6 +54,7 @@ export const mockRepository = jest.fn(() => ({
   findOneBy: jest.fn(),
   find: jest.fn(),
   findByIds: jest.fn(),
+  merge: jest.fn(),
   create: jest.fn(),
   save: jest.fn(),
   insert: jest.fn(),

redisinsight/api/src/__mocks__/databases.ts

@@ -9,6 +9,12 @@ import { pick } from 'lodash';
 import { RedisDatabaseInfoResponse } from 'src/modules/database/dto/redis-info.dto';
 import { DatabaseOverview } from 'src/modules/database/models/database-overview';
 import { ClientContext, ClientMetadata } from 'src/common/models';
+import {
+  mockSshOptionsBasic,
+  mockSshOptionsBasicEntity,
+  mockSshOptionsPrivateKey,
+  mockSshOptionsPrivateKeyEntity,
+} from 'src/__mocks__/ssh';
 
 export const mockDatabaseId = 'a77b23c1-7816-4ea4-b61f-d37795a0f805-db-id';
 
@@ -34,6 +40,29 @@ export const mockDatabaseEntity = Object.assign(new DatabaseEntity(), {
   encryption: null,
 });
 
+export const mockDatabaseWithSshBasic = Object.assign(new Database(), {
+  ...mockDatabase,
+  ssh: true,
+  sshOptions: mockSshOptionsBasic,
+});
+
+export const mockDatabaseWithSshBasicEntity = Object.assign(new DatabaseEntity(), {
+  ...mockDatabaseWithSshBasic,
+  encryption: null,
+  sshOptions: mockSshOptionsBasicEntity,
+});
+
+export const mockDatabaseWithSshPrivateKey = Object.assign(new Database(), {
+  ...mockDatabase,
+  ssh: true,
+  sshOptions: mockSshOptionsPrivateKey,
+});
+
+export const mockDatabaseWithSshPrivateKeyEntity = Object.assign(new DatabaseEntity(), {
+  ...mockDatabaseWithSshPrivateKey,
+  sshOptions: mockSshOptionsPrivateKeyEntity,
+});
+
 export const mockDatabaseWithAuth = Object.assign(new Database(), {
   ...mockDatabase,
   username: 'some username',
@@ -181,6 +210,7 @@ export const mockDatabaseService = jest.fn(() => ({
 
 export const mockDatabaseConnectionService = jest.fn(() => ({
   getOrCreateClient: jest.fn().mockResolvedValue(mockIORedisClient),
+  createClient: jest.fn().mockResolvedValue(mockIORedisClient),
 }));
 
 export const mockDatabaseInfoProvider = jest.fn(() => ({

redisinsight/api/src/__mocks__/index.ts

@@ -18,3 +18,4 @@ export * from './redis-enterprise';
 export * from './redis-sentinel';
 export * from './database-import';
 export * from './redis-client';
+export * from './ssh';

redisinsight/api/src/__mocks__/ssh.ts

@@ -0,0 +1,49 @@
+import { EncryptionStrategy } from 'src/modules/encryption/models';
+import { SshOptions } from 'src/modules/ssh/models/ssh-options';
+import { SshOptionsEntity } from 'src/modules/ssh/entities/ssh-options.entity';
+
+export const mockSshOptionsId = 'a77b23c1-7816-4ea4-b61f-d37795a0f805-ssh-id';
+
+export const mockSshOptionsUsernamePlain = 'ssh-username';
+export const mockSshOptionsUsernameEncrypted = 'ssh.username.ENCRYPTED';
+export const mockSshOptionsPasswordPlain = 'ssh-password';
+export const mockSshOptionsPasswordEncrypted = 'ssh.password.ENCRYPTED';
+export const mockSshOptionsPrivateKeyPlain = '-----BEGIN OPENSSH PRIVATE KEY-----\nssh-private-key';
+export const mockSshOptionsPrivateKeyEncrypted = 'ssh.privateKey.ENCRYPTED';
+export const mockSshOptionsPassphrasePlain = 'ssh-passphrase';
+export const mockSshOptionsPassphraseEncrypted = 'ssh.passphrase.ENCRYPTED';
+
+export const mockSshOptionsBasic = Object.assign(new SshOptions(), {
+  id: mockSshOptionsId,
+  host: 'ssh.host.test',
+  port: 22,
+  username: mockSshOptionsUsernamePlain,
+  password: mockSshOptionsPasswordPlain,
+  privateKey: null,
+  passphrase: null,
+});
+
+export const mockSshOptionsBasicEntity = Object.assign(new SshOptionsEntity(), {
+  ...mockSshOptionsBasic,
+  username: mockSshOptionsUsernameEncrypted,
+  password: mockSshOptionsPasswordEncrypted,
+  encryption: EncryptionStrategy.KEYTAR,
+});
+
+export const mockSshOptionsPrivateKey = Object.assign(new SshOptions(), {
+  ...mockSshOptionsBasic,
+  password: null,
+  privateKey: mockSshOptionsPrivateKeyPlain,
+  passphrase: mockSshOptionsPassphrasePlain,
+});
+
+export const mockSshOptionsPrivateKeyEntity = Object.assign(new SshOptionsEntity(), {
+  ...mockSshOptionsBasicEntity,
+  password: null,
+  privateKey: mockSshOptionsPrivateKeyEncrypted,
+  passphrase: mockSshOptionsPassphraseEncrypted,
+});
+
+export const mockSshTunnelProvider = jest.fn(() => {
+
+});