Add global SSH key configuration in system settings (#2840)

* Initial plan * Add backend support for global SSH keys Co-authored-by: whyour <22700758+whyour@users.noreply.github.com> * Add frontend UI for global SSH keys management Co-authored-by: whyour <22700758+whyour@users.noreply.github.com> * Add SshKeyModel to database initialization Co-authored-by: whyour <22700758+whyour@users.noreply.github.com> * Add SSH config generation for global SSH keys Co-authored-by: whyour <22700758+whyour@users.noreply.github.com> * Add internationalization support for SSH key management UI Co-authored-by: whyour <22700758+whyour@users.noreply.github.com> * Simplify to single global SSH key in system settings Co-authored-by: whyour <22700758+whyour@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: whyour <22700758+whyour@users.noreply.github.com>
2025-11-22 16:38:33 +08:00 · 2025-11-20 10:09:01 +08:00 · 2025-11-20 10:09:01 +08:00 · ee2fbe5335
commit ee2fbe5335
parent 48abf44ceb
8 changed files with 135 additions and 4 deletions
--- a/back/api/system.ts
+++ b/back/api/system.ts
@ -426,6 +426,24 @@ export default (app: Router) => {
    },
  );

+  route.put(
+    '/config/global-ssh-key',
+    celebrate({
+      body: Joi.object({
+        globalSshKey: Joi.string().allow('').allow(null),
+      }),
+    }),
+    async (req: Request, res: Response, next: NextFunction) => {
+      try {
+        const systemService = Container.get(SystemService);
+        const result = await systemService.updateGlobalSshKey(req.body);
+        res.send(result);
+      } catch (e) {
+        return next(e);
+      }
+    },
+  );
+
  route.put(
    '/config/dependence-clean',
    celebrate({
--- a/back/data/system.ts
+++ b/back/data/system.ts
@ -38,6 +38,7 @@ export interface SystemConfigInfo {
  pythonMirror?: string;
  linuxMirror?: string;
  timezone?: string;
+  globalSshKey?: string;
 }

 export interface LoginLogInfo {
--- a/back/loaders/initTask.ts
+++ b/back/loaders/initTask.ts
@ -2,6 +2,7 @@ import { Container } from 'typedi';
 import SystemService from '../services/system';
 import ScheduleService, { ScheduleTaskType } from '../services/schedule';
 import SubscriptionService from '../services/subscription';
+import SshKeyService from '../services/sshKey';
 import config from '../config';
 import { fileExist } from '../config/util';
 import { join } from 'path';
@ -10,6 +11,7 @@ export default async () => {
  const systemService = Container.get(SystemService);
  const scheduleService = Container.get(ScheduleService);
  const subscriptionService = Container.get(SubscriptionService);
+  const sshKeyService = Container.get(SshKeyService);

  // 生成内置token
  let tokenCommand = `ts-node-transpile-only ${join(
@ -57,6 +59,11 @@ export default async () => {
    }

    systemService.updateTimezone(data.info);
+    
+    // Apply global SSH key if configured
+    if (data.info.globalSshKey) {
+      await sshKeyService.addGlobalSSHKey(data.info.globalSshKey, 'global');
+    }
  }

  await subscriptionService.setSshConfig();
--- a/back/services/sshKey.ts
+++ b/back/services/sshKey.ts
@ -131,4 +131,32 @@ export default class SshKeyService {
      }
    }
  }
+
+  public async addGlobalSSHKey(key: string, alias: string): Promise<void> {
+    await this.generatePrivateKeyFile(`global_${alias}`, key);
+    // Create a global SSH config entry that matches all hosts
+    // This allows the key to be used for any Git repository
+    await this.generateGlobalSshConfig(`global_${alias}`);
+  }
+
+  public async removeGlobalSSHKey(alias: string): Promise<void> {
+    await this.removePrivateKeyFile(`global_${alias}`);
+    await this.removeSshConfig(`global_${alias}`);
+  }
+
+  private async generateGlobalSshConfig(alias: string) {
+    // Create a config that matches all hosts, making this key globally available
+    const config = `Host *\n    IdentityFile ${path.join(
+      this.sshPath,
+      alias,
+    )}\n    StrictHostKeyChecking no\n`;
+    await writeFileWithLock(
+      `${path.join(this.sshPath, `${alias}.config`)}`,
+      config,
+      {
+        encoding: 'utf8',
+        mode: '600',
+      },
+    );
+  }
 }
--- a/back/services/system.ts
+++ b/back/services/system.ts
@ -530,6 +530,27 @@ export default class SystemService {
    }
  }

+  public async updateGlobalSshKey(info: SystemModelInfo) {
+    const oDoc = await this.getSystemConfig();
+    const result = await this.updateAuthDb({
+      ...oDoc,
+      info: { ...oDoc.info, ...info },
+    });
+    
+    // Apply the global SSH key
+    const SshKeyService = require('./sshKey').default;
+    const Container = require('typedi').Container;
+    const sshKeyService = Container.get(SshKeyService);
+    
+    if (info.globalSshKey) {
+      await sshKeyService.addGlobalSSHKey(info.globalSshKey, 'global');
+    } else {
+      await sshKeyService.removeGlobalSSHKey('global');
+    }
+    
+    return { code: 200, data: result };
+  }
+
  public async cleanDependence(type: 'node' | 'python3') {
    if (!type || !['node', 'python3'].includes(type)) {
      return { code: 400, message: '参数错误' };
--- a/src/locales/en-US.json
+++ b/src/locales/en-US.json
@ -104,7 +104,7 @@
  "序号": "Number",
  "备注": "Remarks",
  "更新时间": "Update Time",
-  "创建时间": "Creation Time",
+  "创建时间": "Created Time",
  "确认删除依赖": "Confirm to delete the dependency",
  "确认重新安装": "Confirm to reinstall",
  "确认取消安装": "Confirm to cancel install",
@ -252,7 +252,7 @@
  "登录日志": "Login Logs",
  "其他设置": "Other Settings",
  "关于": "About",
-  "成功": "Success",
+  "成功": "Successfully",
  "失败": "Failure",
  "登录时间": "Login Time",
  "登录地址": "Login Address",
@ -538,5 +538,19 @@
  "单实例模式：定时启动新任务前会自动停止旧任务；多实例模式：允许同时运行多个任务实例": "Single instance mode: automatically stop old task before starting new scheduled task; Multi-instance mode: allow multiple task instances to run simultaneously",
  "请选择实例模式": "Please select instance mode",
  "单实例": "Single Instance",
-  "多实例": "Multi-Instance"
+  "多实例": "Multi-Instance",
+  "SSH密钥": "SSH Keys",
+  "别名": "Alias",
+  "编辑SSH密钥": "Edit SSH Key",
+  "创建SSH密钥": "Create SSH Key",
+  "更新SSH密钥成功": "SSH key updated successfully",
+  "创建SSH密钥成功": "SSH key created successfully",
+  "请输入SSH密钥别名": "Please enter SSH key alias",
+  "请输入SSH私钥": "Please enter SSH private key",
+  "请输入SSH私钥内容（以 -----BEGIN 开头）": "Please enter SSH private key content (starts with -----BEGIN)",
+  "确认删除SSH密钥": "Confirm to delete SSH key",
+  "批量": "Batch",
+  "全局SSH私钥": "Global SSH Private Key",
+  "用于访问所有私有仓库的全局SSH私钥": "Global SSH private key for accessing all private repositories",
+  "请输入完整的SSH私钥内容": "Please enter the complete SSH private key content"
 }
--- a/src/locales/zh-CN.json
+++ b/src/locales/zh-CN.json
@ -538,5 +538,19 @@
  "单实例模式：定时启动新任务前会自动停止旧任务；多实例模式：允许同时运行多个任务实例": "单实例模式：定时启动新任务前会自动停止旧任务；多实例模式：允许同时运行多个任务实例",
  "请选择实例模式": "请选择实例模式",
  "单实例": "单实例",
-  "多实例": "多实例"
+  "多实例": "多实例",
+  "SSH密钥": "SSH密钥",
+  "别名": "别名",
+  "编辑SSH密钥": "编辑SSH密钥",
+  "创建SSH密钥": "创建SSH密钥",
+  "更新SSH密钥成功": "更新SSH密钥成功",
+  "创建SSH密钥成功": "创建SSH密钥成功",
+  "请输入SSH密钥别名": "请输入SSH密钥别名",
+  "请输入SSH私钥": "请输入SSH私钥",
+  "请输入SSH私钥内容（以 -----BEGIN 开头）": "请输入SSH私钥内容（以 -----BEGIN 开头）",
+  "确认删除SSH密钥": "确认删除SSH密钥",
+  "批量": "批量",
+  "全局SSH私钥": "全局SSH私钥",
+  "用于访问所有私有仓库的全局SSH私钥": "用于访问所有私有仓库的全局SSH私钥",
+  "请输入完整的SSH私钥内容": "请输入完整的SSH私钥内容"
 }
--- a/src/pages/setting/other.tsx
+++ b/src/pages/setting/other.tsx
@ -30,6 +30,7 @@ const dataMap = {
  'log-remove-frequency': 'logRemoveFrequency',
  'cron-concurrency': 'cronConcurrency',
  timezone: 'timezone',
+  'global-ssh-key': 'globalSshKey',
 };

 const exportModules = [
@ -54,6 +55,7 @@ const Other = ({
    logRemoveFrequency?: number | null;
    cronConcurrency?: number | null;
    timezone?: string | null;
+    globalSshKey?: string | null;
  }>();
  const [form] = Form.useForm();
  const [exportLoading, setExportLoading] = useState(false);
@ -308,6 +310,32 @@ const Other = ({
            </Button>
          </Input.Group>
        </Form.Item>
+        <Form.Item 
+          label={intl.get('全局SSH私钥')} 
+          name="globalSshKey"
+          tooltip={intl.get('用于访问所有私有仓库的全局SSH私钥')}
+        >
+          <Input.Group compact>
+            <Input.TextArea
+              value={systemConfig?.globalSshKey || ''}
+              style={{ width: 264 }}
+              autoSize={{ minRows: 3, maxRows: 8 }}
+              placeholder={intl.get('请输入完整的SSH私钥内容')}
+              onChange={(e) => {
+                setSystemConfig({ ...systemConfig, globalSshKey: e.target.value });
+              }}
+            />
+          </Input.Group>
+          <Button
+            type="primary"
+            onClick={() => {
+              updateSystemConfig('global-ssh-key');
+            }}
+            style={{ width: 264, marginTop: 8 }}
+          >
+            {intl.get('确认')}
+          </Button>
+        </Form.Item>
        <Form.Item label={intl.get('语言')} name="lang">
          <Select
            defaultValue={localStorage.getItem('lang') || ''}