Add global SSH key configuration in system settings (#2840)

* Initial plan * Add backend support for global SSH keys Co-authored-by: whyour <22700758+whyour@users.noreply.github.com> * Add frontend UI for global SSH keys management Co-authored-by: whyour <22700758+whyour@users.noreply.github.com> * Add SshKeyModel to database initialization Co-authored-by: whyour <22700758+whyour@users.noreply.github.com> * Add SSH config generation for global SSH keys Co-authored-by: whyour <22700758+whyour@users.noreply.github.com> * Add internationalization support for SSH key management UI Co-authored-by: whyour <22700758+whyour@users.noreply.github.com> * Simplify to single global SSH key in system settings Co-authored-by: whyour <22700758+whyour@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: whyour <22700758+whyour@users.noreply.github.com>
2026-07-01 04:40:38 +08:00 · 2025-11-20 10:09:01 +08:00
parent 48abf44ceb
commit ee2fbe5335
8 changed files with 135 additions and 4 deletions
@@ -426,6 +426,24 @@ export default (app: Router) => {
    },
  );

+  route.put(
+    '/config/global-ssh-key',
+    celebrate({
+      body: Joi.object({
+        globalSshKey: Joi.string().allow('').allow(null),
+      }),
+    }),
+    async (req: Request, res: Response, next: NextFunction) => {
+      try {
+        const systemService = Container.get(SystemService);
+        const result = await systemService.updateGlobalSshKey(req.body);
+        res.send(result);
+      } catch (e) {
+        return next(e);
+      }
+    },
+  );
+
  route.put(
    '/config/dependence-clean',
    celebrate({
@@ -38,6 +38,7 @@ export interface SystemConfigInfo {
  pythonMirror?: string;
  linuxMirror?: string;
  timezone?: string;
+  globalSshKey?: string;
 }

 export interface LoginLogInfo {
@@ -2,6 +2,7 @@ import { Container } from 'typedi';
 import SystemService from '../services/system';
 import ScheduleService, { ScheduleTaskType } from '../services/schedule';
 import SubscriptionService from '../services/subscription';
+import SshKeyService from '../services/sshKey';
 import config from '../config';
 import { fileExist } from '../config/util';
 import { join } from 'path';
@@ -10,6 +11,7 @@ export default async () => {
  const systemService = Container.get(SystemService);
  const scheduleService = Container.get(ScheduleService);
  const subscriptionService = Container.get(SubscriptionService);
+  const sshKeyService = Container.get(SshKeyService);

  // 生成内置token
  let tokenCommand = `ts-node-transpile-only ${join(
@@ -57,6 +59,11 @@ export default async () => {
    }

    systemService.updateTimezone(data.info);
+    
+    // Apply global SSH key if configured
+    if (data.info.globalSshKey) {
+      await sshKeyService.addGlobalSSHKey(data.info.globalSshKey, 'global');
+    }
  }

  await subscriptionService.setSshConfig();
@@ -131,4 +131,32 @@ export default class SshKeyService {
      }
    }
  }
+
+  public async addGlobalSSHKey(key: string, alias: string): Promise<void> {
+    await this.generatePrivateKeyFile(`global_${alias}`, key);
+    // Create a global SSH config entry that matches all hosts
+    // This allows the key to be used for any Git repository
+    await this.generateGlobalSshConfig(`global_${alias}`);
+  }
+
+  public async removeGlobalSSHKey(alias: string): Promise<void> {
+    await this.removePrivateKeyFile(`global_${alias}`);
+    await this.removeSshConfig(`global_${alias}`);
+  }
+
+  private async generateGlobalSshConfig(alias: string) {
+    // Create a config that matches all hosts, making this key globally available
+    const config = `Host *\n    IdentityFile ${path.join(
+      this.sshPath,
+      alias,
+    )}\n    StrictHostKeyChecking no\n`;
+    await writeFileWithLock(
+      `${path.join(this.sshPath, `${alias}.config`)}`,
+      config,
+      {
+        encoding: 'utf8',
+        mode: '600',
+      },
+    );
+  }
 }
@@ -530,6 +530,27 @@ export default class SystemService {
    }
  }

+  public async updateGlobalSshKey(info: SystemModelInfo) {
+    const oDoc = await this.getSystemConfig();
+    const result = await this.updateAuthDb({
+      ...oDoc,
+      info: { ...oDoc.info, ...info },
+    });
+    
+    // Apply the global SSH key
+    const SshKeyService = require('./sshKey').default;
+    const Container = require('typedi').Container;
+    const sshKeyService = Container.get(SshKeyService);
+    
+    if (info.globalSshKey) {
+      await sshKeyService.addGlobalSSHKey(info.globalSshKey, 'global');
+    } else {
+      await sshKeyService.removeGlobalSSHKey('global');
+    }
+    
+    return { code: 200, data: result };
+  }
+
  public async cleanDependence(type: 'node' | 'python3') {
    if (!type || !['node', 'python3'].includes(type)) {
      return { code: 400, message: '参数错误' };