Hexor/khm
1
0
Fork 0
mirror of https://github.com/house-of-vanity/khm.git synced 2025-08-22 06:27:15 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Compare commits

base: Hexor:v0.5.0
Branches Tags
Hexor:master Hexor:UI Hexor:UI-test
Hexor:v0.7.1 Hexor:v0.7.0 Hexor:v0.6.3 Hexor:v0.6.2 Hexor:v0.6.1 Hexor:v0.6.0 Hexor:v0.5.0 Hexor:v0.4.2 Hexor:v0.4.1 Hexor:v0.4.0 Hexor:v0.2.3 Hexor:v0.2.2 Hexor:v0.2.1 Hexor:v0.2.0 Hexor:v0.1.0
...
compare: Hexor:master
Branches Tags
Hexor:UI Hexor:UI-test Hexor:master
Hexor:v0.7.1 Hexor:v0.7.0 Hexor:v0.6.3 Hexor:v0.6.2 Hexor:v0.6.1 Hexor:v0.6.0 Hexor:v0.5.0 Hexor:v0.4.2 Hexor:v0.4.1 Hexor:v0.4.0 Hexor:v0.2.3 Hexor:v0.2.2 Hexor:v0.2.1 Hexor:v0.2.0 Hexor:v0.1.0

9 Commits
v0.5.0 ... master

Author SHA1 Message Date
AB from home.homenet
58f63671d8 Bump 0.7.0 2025-07-22 23:24:41 +03:00
Alexandr Bogomyakov
99a277088a UI tray app added 
* Works with egui

---------

Co-authored-by: Ultradesu <ultradesu@hexor.cy>
 2025-07-22 23:23:18 +03:00
Ultradesu
af6c4d7e61 Added auto deprecation feature 2025-07-20 17:37:46 +03:00
Ultradesu
9c5518b39e Added auto deprecation feature 2025-07-20 17:26:44 +03:00
Ultradesu
1eccc0e0f7 Fixed client mode flow args 2025-07-19 15:51:17 +03:00
Ultradesu
45ac3fca51 Fixed web ui. Added deprecation feature 2025-07-19 12:56:25 +03:00
Ultradesu
e33910a2db Added web ui 2025-07-19 12:20:52 +03:00
Ultradesu
c5d8ebd89f Added web ui 2025-07-19 12:20:37 +03:00
Ultradesu
1534d88300 Added web ui 2025-07-18 18:35:04 +03:00
28 changed files with 9065 additions and 540 deletions
Expand all files Collapse all files

BIN
.DS_Store vendored Normal file
View File

Binary file not shown.

3806
Cargo.lock generated
View File

File diff suppressed because it is too large Load Diff

28
Cargo.toml
View File

@@ -1,22 +1,44 @@
[package] [package]
name = "khm" name = "khm"
version = "0.5.0" version = "0.7.0"
edition = "2021" edition = "2021"
authors = ["AB <ab@hexor.cy>"] authors = ["AB <ab@hexor.cy>"]
description = "KHM - Known Hosts Manager for SSH key management and synchronization"
homepage = "https://github.com/house-of-vanity/khm"
repository = "https://github.com/house-of-vanity/khm"
license = "WTFPL"
keywords = ["ssh", "known-hosts", "security", "system-admin", "automation"]
categories = ["command-line-utilities", "network-programming"]
[dependencies] [dependencies]
actix-web = "4" actix-web = "4"
serde = { version = "1.0", features = ["derive"] } serde = { version = "1.0", features = ["derive"] }
serde_json = "1.0" serde_json = "1.0"
env_logger = "0.11.3"
log = "0.4" log = "0.4"
regex = "1.10.5" regex = "1.10.5"
base64 = "0.21" base64 = "0.21"
tokio = { version = "1", features = ["full"] } tokio = { version = "1", features = ["full", "sync"] }
tokio-postgres = { version = "0.7", features = ["with-chrono-0_4"] } tokio-postgres = { version = "0.7", features = ["with-chrono-0_4"] }
tokio-util = { version = "0.7", features = ["codec"] } tokio-util = { version = "0.7", features = ["codec"] }
clap = { version = "4", features = ["derive"] } clap = { version = "4", features = ["derive"] }
chrono = "0.4.38" chrono = "0.4.38"
reqwest = { version = "0.12", features = ["json"] } reqwest = { version = "0.12", features = ["json"] }
trust-dns-resolver = "0.23"
futures = "0.3"
hostname = "0.3" hostname = "0.3"
rust-embed = "8.0" rust-embed = "8.0"
tray-icon = { version = "0.19", optional = true }
notify = { version = "6.1", optional = true }
notify-debouncer-mini = { version = "0.4", optional = true }
dirs = "5.0"
eframe = { version = "0.29", optional = true }
egui = { version = "0.29", optional = true }
winit = { version = "0.30", optional = true }
env_logger = "0.11"
urlencoding = "2.1"
[features]
default = ["gui"]
gui = ["tray-icon", "eframe", "egui", "winit", "notify", "notify-debouncer-mini"]
server = []

47
src/client.rs
View File

@@ -8,12 +8,14 @@ use std::io::{self, BufRead, Write};
use std::path::Path; use std::path::Path;
#[derive(Serialize, Deserialize, Clone, Debug)] #[derive(Serialize, Deserialize, Clone, Debug)]
struct SshKey { pub struct SshKey {
server: String, server: String,
public_key: String, public_key: String,
#[serde(default)]
deprecated: bool,
} }
fn read_known_hosts(file_path: &str) -> io::Result<Vec<SshKey>> { pub fn read_known_hosts(file_path: &str) -> io::Result<Vec<SshKey>> {
let path = Path::new(file_path); let path = Path::new(file_path);
let file = File::open(&path)?; let file = File::open(&path)?;
let reader = io::BufReader::new(file); let reader = io::BufReader::new(file);
@@ -26,7 +28,11 @@ fn read_known_hosts(file_path: &str) -> io::Result<Vec<SshKey>> {
if parts.len() >= 2 { if parts.len() >= 2 {
let server = parts[0].to_string(); let server = parts[0].to_string();
let public_key = parts[1..].join(" "); let public_key = parts[1..].join(" ");
keys.push(SshKey { server, public_key }); keys.push(SshKey {
server,
public_key,
deprecated: false, // Keys from known_hosts are not deprecated
});
} }
} }
Err(e) => { Err(e) => {
@@ -42,10 +48,17 @@ fn write_known_hosts(file_path: &str, keys: &[SshKey]) -> io::Result<()> {
let path = Path::new(file_path); let path = Path::new(file_path);
let mut file = File::create(&path)?; let mut file = File::create(&path)?;
for key in keys { // Filter out deprecated keys - they should not be written to known_hosts
let active_keys: Vec<&SshKey> = keys.iter().filter(|key| !key.deprecated).collect();
let active_count = active_keys.len();
for key in active_keys {
writeln!(file, "{} {}", key.server, key.public_key)?; writeln!(file, "{} {}", key.server, key.public_key)?;
} }
info!("Wrote {} keys to known_hosts file", keys.len()); info!(
"Wrote {} active keys to known_hosts file (filtered out deprecated keys)",
active_count
);
Ok(()) Ok(())
} }
@@ -167,7 +180,10 @@ pub async fn run_client(args: crate::Args) -> std::io::Result<()> {
Ok(keys) => keys, Ok(keys) => keys,
Err(e) => { Err(e) => {
if e.kind() == io::ErrorKind::NotFound { if e.kind() == io::ErrorKind::NotFound {
info!("known_hosts file not found: {}. Starting with empty key list.", args.known_hosts); info!(
"known_hosts file not found: {}. Starting with empty key list.",
args.known_hosts
);
Vec::new() Vec::new()
} else { } else {
error!("Failed to read known_hosts file: {}", e); error!("Failed to read known_hosts file: {}", e);
@@ -177,20 +193,29 @@ pub async fn run_client(args: crate::Args) -> std::io::Result<()> {
}; };
let host = args.host.expect("host is required in client mode"); let host = args.host.expect("host is required in client mode");
info!("Client mode: Sending keys to server at {}", host); let flow = args.flow.expect("flow is required in client mode");
let url = format!("{}/{}", host, flow);
if let Err(e) = send_keys_to_server(&host, keys, &args.basic_auth).await { info!("Client mode: Sending keys to server at {}", url);
if let Err(e) = send_keys_to_server(&url, keys, &args.basic_auth).await {
error!("Failed to send keys to server: {}", e); error!("Failed to send keys to server: {}", e);
return Err(io::Error::new(io::ErrorKind::Other, format!("Network error: {}", e))); return Err(io::Error::new(
io::ErrorKind::Other,
format!("Network error: {}", e),
));
} }
if args.in_place { if args.in_place {
info!("Client mode: In-place update is enabled. Fetching keys from server."); info!("Client mode: In-place update is enabled. Fetching keys from server.");
let server_keys = match get_keys_from_server(&host, &args.basic_auth).await { let server_keys = match get_keys_from_server(&url, &args.basic_auth).await {
Ok(keys) => keys, Ok(keys) => keys,
Err(e) => { Err(e) => {
error!("Failed to get keys from server: {}", e); error!("Failed to get keys from server: {}", e);
return Err(io::Error::new(io::ErrorKind::Other, format!("Network error: {}", e))); return Err(io::Error::new(
io::ErrorKind::Other,
format!("Network error: {}", e),
));
} }
}; };

526
src/db.rs
View File

@@ -1,8 +1,10 @@
use crate::server::SshKey; use crate::server::SshKey;
use log::info; use log::{error, info};
use std::collections::HashMap; use std::collections::HashMap;
use std::collections::HashSet; use std::collections::HashSet;
use tokio_postgres::Client; use tokio_postgres::tls::NoTlsStream;
use tokio_postgres::Socket;
use tokio_postgres::{Client, Connection, NoTls};
// Structure for storing key processing statistics // Structure for storing key processing statistics
pub struct KeyInsertStats { pub struct KeyInsertStats {
@@ -12,11 +14,59 @@ pub struct KeyInsertStats {
pub key_id_map: Vec<(SshKey, i32)>, // Mapping of keys to their IDs in the database pub key_id_map: Vec<(SshKey, i32)>, // Mapping of keys to their IDs in the database
} }
pub async fn initialize_db_schema(client: &Client) -> Result<(), tokio_postgres::Error> { // Simple database client that exits on connection errors
pub struct DbClient {
client: Client,
}
impl DbClient {
pub async fn connect(
connection_string: &str,
) -> Result<(Self, Connection<Socket, NoTlsStream>), tokio_postgres::Error> {
info!("Connecting to database...");
let (client, connection) = tokio_postgres::connect(connection_string, NoTls).await?;
info!("Successfully connected to database");
Ok((DbClient { client }, connection))
}
// Helper function to handle database errors - exits the application on connection errors
fn handle_db_error<T>(
result: Result<T, tokio_postgres::Error>,
operation: &str,
) -> Result<T, tokio_postgres::Error> {
match result {
Ok(value) => Ok(value),
Err(e) => {
if Self::is_connection_error(&e) {
error!("Database connection lost during {}: {}", operation, e);
error!("Exiting application due to database connection failure");
std::process::exit(1);
} else {
// For non-connection errors, just return the error
Err(e)
}
}
}
}
fn is_connection_error(error: &tokio_postgres::Error) -> bool {
// Check if the error is related to connection issues
let error_str = error.to_string();
error_str.contains("connection closed")
|| error_str.contains("connection reset")
|| error_str.contains("broken pipe")
|| error_str.contains("Connection refused")
|| error_str.contains("connection terminated")
|| error.as_db_error().is_none() // Non-database errors are often connection issues
}
pub async fn initialize_schema(&self) -> Result<(), tokio_postgres::Error> {
info!("Checking and initializing database schema if needed"); info!("Checking and initializing database schema if needed");
// Check if tables exist by querying information_schema // Check if tables exist by querying information_schema
let tables_exist = client let result = self
.client
.query( .query(
"SELECT EXISTS ( "SELECT EXISTS (
SELECT FROM information_schema.tables SELECT FROM information_schema.tables
@@ -29,7 +79,9 @@ pub async fn initialize_db_schema(client: &Client) -> Result<(), tokio_postgres:
)", )",
&[], &[],
) )
.await? .await;
let tables_exist = Self::handle_db_error(result, "checking table existence")?
.get(0) .get(0)
.map(|row| row.get::<_, bool>(0)) .map(|row| row.get::<_, bool>(0))
.unwrap_or(false); .unwrap_or(false);
@@ -38,21 +90,25 @@ pub async fn initialize_db_schema(client: &Client) -> Result<(), tokio_postgres:
info!("Database schema doesn't exist. Creating tables..."); info!("Database schema doesn't exist. Creating tables...");
// Create the keys table // Create the keys table
client let result = self
.client
.execute( .execute(
"CREATE TABLE IF NOT EXISTS public.keys ( "CREATE TABLE IF NOT EXISTS public.keys (
key_id SERIAL PRIMARY KEY, key_id SERIAL PRIMARY KEY,
host VARCHAR(255) NOT NULL, host VARCHAR(255) NOT NULL,
key TEXT NOT NULL, key TEXT NOT NULL,
updated TIMESTAMP WITH TIME ZONE NOT NULL, updated TIMESTAMP WITH TIME ZONE NOT NULL,
deprecated BOOLEAN NOT NULL DEFAULT FALSE,
CONSTRAINT unique_host_key UNIQUE (host, key) CONSTRAINT unique_host_key UNIQUE (host, key)
)", )",
&[], &[],
) )
.await?; .await;
Self::handle_db_error(result, "creating keys table")?;
// Create the flows table // Create the flows table
client let result = self
.client
.execute( .execute(
"CREATE TABLE IF NOT EXISTS public.flows ( "CREATE TABLE IF NOT EXISTS public.flows (
flow_id SERIAL PRIMARY KEY, flow_id SERIAL PRIMARY KEY,
@@ -66,26 +122,60 @@ pub async fn initialize_db_schema(client: &Client) -> Result<(), tokio_postgres:
)", )",
&[], &[],
) )
.await?; .await;
Self::handle_db_error(result, "creating flows table")?;
// Create an index for faster lookups // Create an index for faster lookups
client let result = self
.client
.execute( .execute(
"CREATE INDEX IF NOT EXISTS idx_flows_name ON public.flows(name)", "CREATE INDEX IF NOT EXISTS idx_flows_name ON public.flows(name)",
&[], &[],
) )
.await?; .await;
Self::handle_db_error(result, "creating index")?;
info!("Database schema created successfully"); info!("Database schema created successfully");
} else { } else {
info!("Database schema already exists"); info!("Database schema already exists");
// Check if deprecated column exists, add it if missing (migration)
let result = self
.client
.query(
"SELECT EXISTS (
SELECT FROM information_schema.columns
WHERE table_schema = 'public'
AND table_name = 'keys'
AND column_name = 'deprecated'
)",
&[],
)
.await;
let column_exists = Self::handle_db_error(result, "checking deprecated column")?
.get(0)
.map(|row| row.get::<_, bool>(0))
.unwrap_or(false);
if !column_exists {
info!("Adding deprecated column to existing keys table...");
let result = self.client
.execute(
"ALTER TABLE public.keys ADD COLUMN deprecated BOOLEAN NOT NULL DEFAULT FALSE",
&[],
)
.await;
Self::handle_db_error(result, "adding deprecated column")?;
info!("Migration completed: deprecated column added");
}
} }
Ok(()) Ok(())
} }
pub async fn batch_insert_keys( pub async fn batch_insert_keys(
client: &Client, &self,
keys: &[SshKey], keys: &[SshKey],
) -> Result<KeyInsertStats, tokio_postgres::Error> { ) -> Result<KeyInsertStats, tokio_postgres::Error> {
if keys.is_empty() { if keys.is_empty() {
@@ -106,9 +196,10 @@ pub async fn batch_insert_keys(
key_values.push(&key.public_key); key_values.push(&key.public_key);
} }
// First, check which keys already exist in the database // First, check which keys already exist in the database (including deprecated status)
let mut existing_keys = HashMap::new(); let mut existing_keys = HashMap::new();
let mut key_query = String::from("SELECT host, key, key_id FROM public.keys WHERE "); let mut key_query =
String::from("SELECT host, key, key_id, deprecated FROM public.keys WHERE ");
for i in 0..keys.len() { for i in 0..keys.len() {
if i > 0 { if i > 0 {
@@ -124,24 +215,34 @@ pub async fn batch_insert_keys(
params.push(&key_values[i]); params.push(&key_values[i]);
} }
let rows = client.query(&key_query, &params[..]).await?; let result = self.client.query(&key_query, &params[..]).await;
let rows = Self::handle_db_error(result, "checking existing keys")?;
for row in rows { for row in rows {
let host: String = row.get(0); let host: String = row.get(0);
let key: String = row.get(1); let key: String = row.get(1);
let key_id: i32 = row.get(2); let key_id: i32 = row.get(2);
existing_keys.insert((host, key), key_id); let deprecated: bool = row.get(3);
existing_keys.insert((host, key), (key_id, deprecated));
} }
// Determine which keys need to be inserted and which already exist // Determine which keys need to be inserted and which already exist
let mut keys_to_insert = Vec::new(); let mut keys_to_insert = Vec::new();
let mut unchanged_keys = Vec::new(); let mut unchanged_keys = Vec::new();
let mut ignored_deprecated = 0;
for key in keys { for key in keys {
let key_tuple = (key.server.clone(), key.public_key.clone()); let key_tuple = (key.server.clone(), key.public_key.clone());
if existing_keys.contains_key(&key_tuple) { if let Some((key_id, is_deprecated)) = existing_keys.get(&key_tuple) {
unchanged_keys.push((key.clone(), *existing_keys.get(&key_tuple).unwrap())); if *is_deprecated {
// Ignore deprecated keys - don't add them to any flow
ignored_deprecated += 1;
} else { } else {
// Key exists and is not deprecated - add to unchanged
unchanged_keys.push((key.clone(), *key_id));
}
} else {
// Key doesn't exist - add to insert list
keys_to_insert.push(key.clone()); keys_to_insert.push(key.clone());
} }
} }
@@ -150,7 +251,8 @@ pub async fn batch_insert_keys(
// If there are keys to insert, perform the insertion // If there are keys to insert, perform the insertion
if !keys_to_insert.is_empty() { if !keys_to_insert.is_empty() {
let mut insert_sql = String::from("INSERT INTO public.keys (host, key, updated) VALUES "); let mut insert_sql =
String::from("INSERT INTO public.keys (host, key, updated) VALUES ");
let mut insert_params: Vec<&(dyn tokio_postgres::types::ToSql + Sync)> = Vec::new(); let mut insert_params: Vec<&(dyn tokio_postgres::types::ToSql + Sync)> = Vec::new();
let mut param_count = 1; let mut param_count = 1;
@@ -167,7 +269,8 @@ pub async fn batch_insert_keys(
insert_sql.push_str(" RETURNING key_id, host, key"); insert_sql.push_str(" RETURNING key_id, host, key");
let inserted_rows = client.query(&insert_sql, &insert_params[..]).await?; let result = self.client.query(&insert_sql, &insert_params[..]).await;
let inserted_rows = Self::handle_db_error(result, "inserting keys")?;
for row in inserted_rows { for row in inserted_rows {
let host: String = row.get(1); let host: String = row.get(1);
@@ -200,15 +303,15 @@ pub async fn batch_insert_keys(
}; };
info!( info!(
"Keys stats: received={}, new={}, unchanged={}", "Keys stats: received={}, new={}, unchanged={}, ignored_deprecated={}",
stats.total, stats.inserted, stats.unchanged stats.total, stats.inserted, stats.unchanged, ignored_deprecated
); );
Ok(stats) Ok(stats)
} }
pub async fn batch_insert_flow_keys( pub async fn batch_insert_flow_keys(
client: &Client, &self,
flow_name: &str, flow_name: &str,
key_ids: &[i32], key_ids: &[i32],
) -> Result<usize, tokio_postgres::Error> { ) -> Result<usize, tokio_postgres::Error> {
@@ -236,7 +339,8 @@ pub async fn batch_insert_flow_keys(
params.push(key_id); params.push(key_id);
} }
let rows = client.query(&existing_query, &params[..]).await?; let result = self.client.query(&existing_query, &params[..]).await;
let rows = Self::handle_db_error(result, "checking existing flow associations")?;
let mut existing_associations = HashSet::new(); let mut existing_associations = HashSet::new();
for row in rows { for row in rows {
@@ -280,7 +384,8 @@ pub async fn batch_insert_flow_keys(
} }
// Execute query // Execute query
let affected = client.execute(&sql, &insert_params[..]).await?; let result = self.client.execute(&sql, &insert_params[..]).await;
let affected = Self::handle_db_error(result, "inserting flow associations")?;
let affected_usize = affected as usize; let affected_usize = affected as usize;
@@ -293,3 +398,374 @@ pub async fn batch_insert_flow_keys(
Ok(affected_usize) Ok(affected_usize)
} }
pub async fn get_keys_from_db(
&self,
) -> Result<Vec<crate::server::Flow>, tokio_postgres::Error> {
let result = self.client.query(
"SELECT k.host, k.key, k.deprecated, f.name FROM public.keys k INNER JOIN public.flows f ON k.key_id = f.key_id",
&[]
).await;
let rows = Self::handle_db_error(result, "getting keys from database")?;
let mut flows_map: HashMap<String, crate::server::Flow> = HashMap::new();
for row in rows {
let host: String = row.get(0);
let key: String = row.get(1);
let deprecated: bool = row.get(2);
let flow: String = row.get(3);
let ssh_key = SshKey {
server: host,
public_key: key,
deprecated,
};
if let Some(flow_entry) = flows_map.get_mut(&flow) {
flow_entry.servers.push(ssh_key);
} else {
flows_map.insert(
flow.clone(),
crate::server::Flow {
name: flow,
servers: vec![ssh_key],
},
);
}
}
info!("Retrieved {} flows from database", flows_map.len());
Ok(flows_map.into_values().collect())
}
pub async fn deprecate_key_by_server(
&self,
server_name: &str,
flow_name: &str,
) -> Result<u64, tokio_postgres::Error> {
// Update keys to deprecated status for the given server
let result = self
.client
.execute(
"UPDATE public.keys
SET deprecated = TRUE, updated = NOW()
WHERE host = $1
AND key_id IN (
SELECT key_id FROM public.flows WHERE name = $2
)",
&[&server_name, &flow_name],
)
.await;
let affected = Self::handle_db_error(result, "deprecating key")?;
info!(
"Deprecated {} key(s) for server '{}' in flow '{}'",
affected, server_name, flow_name
);
Ok(affected)
}
pub async fn bulk_deprecate_keys_by_servers(
&self,
server_names: &[String],
flow_name: &str,
) -> Result<u64, tokio_postgres::Error> {
if server_names.is_empty() {
return Ok(0);
}
// Update keys to deprecated status for multiple servers in one query
let result = self
.client
.execute(
"UPDATE public.keys
SET deprecated = TRUE, updated = NOW()
WHERE host = ANY($1)
AND key_id IN (
SELECT key_id FROM public.flows WHERE name = $2
)",
&[&server_names, &flow_name],
)
.await;
let affected = Self::handle_db_error(result, "bulk deprecating keys")?;
info!(
"Bulk deprecated {} key(s) for {} servers in flow '{}'",
affected, server_names.len(), flow_name
);
Ok(affected)
}
pub async fn bulk_restore_keys_by_servers(
&self,
server_names: &[String],
flow_name: &str,
) -> Result<u64, tokio_postgres::Error> {
if server_names.is_empty() {
return Ok(0);
}
// Update keys to active status for multiple servers in one query
let result = self
.client
.execute(
"UPDATE public.keys
SET deprecated = FALSE, updated = NOW()
WHERE host = ANY($1)
AND deprecated = TRUE
AND key_id IN (
SELECT key_id FROM public.flows WHERE name = $2
)",
&[&server_names, &flow_name],
)
.await;
let affected = Self::handle_db_error(result, "bulk restoring keys")?;
info!(
"Bulk restored {} key(s) for {} servers in flow '{}'",
affected, server_names.len(), flow_name
);
Ok(affected)
}
pub async fn restore_key_by_server(
&self,
server_name: &str,
flow_name: &str,
) -> Result<u64, tokio_postgres::Error> {
// Update keys to active status for the given server in the flow
let result = self
.client
.execute(
"UPDATE public.keys
SET deprecated = FALSE, updated = NOW()
WHERE host = $1
AND deprecated = TRUE
AND key_id IN (
SELECT key_id FROM public.flows WHERE name = $2
)",
&[&server_name, &flow_name],
)
.await;
let affected = Self::handle_db_error(result, "restoring key")?;
info!(
"Restored {} key(s) for server '{}' in flow '{}'",
affected, server_name, flow_name
);
Ok(affected)
}
pub async fn permanently_delete_key_by_server(
&self,
server_name: &str,
flow_name: &str,
) -> Result<u64, tokio_postgres::Error> {
// First, find the key_ids for the given server in the flow
let result = self
.client
.query(
"SELECT k.key_id FROM public.keys k
INNER JOIN public.flows f ON k.key_id = f.key_id
WHERE k.host = $1 AND f.name = $2",
&[&server_name, &flow_name],
)
.await;
let key_rows = Self::handle_db_error(result, "finding keys to delete")?;
if key_rows.is_empty() {
return Ok(0);
}
let key_ids: Vec<i32> = key_rows.iter().map(|row| row.get::<_, i32>(0)).collect();
// Delete flow associations first
let mut flow_delete_count = 0;
for key_id in &key_ids {
let result = self
.client
.execute(
"DELETE FROM public.flows WHERE name = $1 AND key_id = $2",
&[&flow_name, key_id],
)
.await;
let deleted = Self::handle_db_error(result, "deleting flow association")?;
flow_delete_count += deleted;
}
// Check if any of these keys are used in other flows
let mut keys_to_delete = Vec::new();
for key_id in &key_ids {
let result = self
.client
.query_one(
"SELECT COUNT(*) FROM public.flows WHERE key_id = $1",
&[key_id],
)
.await;
let count: i64 = Self::handle_db_error(result, "checking key references")?.get(0);
if count == 0 {
keys_to_delete.push(*key_id);
}
}
// Permanently delete keys that are no longer referenced by any flow
let mut total_deleted = 0;
for key_id in keys_to_delete {
let result = self
.client
.execute("DELETE FROM public.keys WHERE key_id = $1", &[&key_id])
.await;
let deleted = Self::handle_db_error(result, "deleting key")?;
total_deleted += deleted;
}
info!(
"Permanently deleted {} flow associations and {} orphaned keys for server '{}' in flow '{}'",
flow_delete_count, total_deleted, server_name, flow_name
);
Ok(std::cmp::max(flow_delete_count, total_deleted))
}
}
// Compatibility wrapper for transition
pub struct ReconnectingDbClient {
inner: Option<DbClient>,
}
impl ReconnectingDbClient {
pub fn new(_connection_string: String) -> Self {
Self { inner: None }
}
pub async fn connect(&mut self, connection_string: &str) -> Result<(), tokio_postgres::Error> {
let (client, connection) = DbClient::connect(connection_string).await?;
// Spawn connection handler that will exit on error
tokio::spawn(async move {
if let Err(e) = connection.await {
error!("Database connection error: {}", e);
error!("Exiting application due to database connection failure");
std::process::exit(1);
}
});
self.inner = Some(client);
Ok(())
}
pub async fn initialize_schema(&self) -> Result<(), tokio_postgres::Error> {
match &self.inner {
Some(client) => client.initialize_schema().await,
None => panic!("Database client not initialized"),
}
}
pub async fn batch_insert_keys_reconnecting(
&self,
keys: Vec<SshKey>,
) -> Result<KeyInsertStats, tokio_postgres::Error> {
match &self.inner {
Some(client) => client.batch_insert_keys(&keys).await,
None => panic!("Database client not initialized"),
}
}
pub async fn batch_insert_flow_keys_reconnecting(
&self,
flow_name: String,
key_ids: Vec<i32>,
) -> Result<usize, tokio_postgres::Error> {
match &self.inner {
Some(client) => client.batch_insert_flow_keys(&flow_name, &key_ids).await,
None => panic!("Database client not initialized"),
}
}
pub async fn get_keys_from_db_reconnecting(
&self,
) -> Result<Vec<crate::server::Flow>, tokio_postgres::Error> {
match &self.inner {
Some(client) => client.get_keys_from_db().await,
None => panic!("Database client not initialized"),
}
}
pub async fn deprecate_key_by_server_reconnecting(
&self,
server_name: String,
flow_name: String,
) -> Result<u64, tokio_postgres::Error> {
match &self.inner {
Some(client) => {
client
.deprecate_key_by_server(&server_name, &flow_name)
.await
}
None => panic!("Database client not initialized"),
}
}
pub async fn bulk_deprecate_keys_by_servers_reconnecting(
&self,
server_names: Vec<String>,
flow_name: String,
) -> Result<u64, tokio_postgres::Error> {
match &self.inner {
Some(client) => {
client
.bulk_deprecate_keys_by_servers(&server_names, &flow_name)
.await
}
None => panic!("Database client not initialized"),
}
}
pub async fn bulk_restore_keys_by_servers_reconnecting(
&self,
server_names: Vec<String>,
flow_name: String,
) -> Result<u64, tokio_postgres::Error> {
match &self.inner {
Some(client) => {
client
.bulk_restore_keys_by_servers(&server_names, &flow_name)
.await
}
None => panic!("Database client not initialized"),
}
}
pub async fn restore_key_by_server_reconnecting(
&self,
server_name: String,
flow_name: String,
) -> Result<u64, tokio_postgres::Error> {
match &self.inner {
Some(client) => client.restore_key_by_server(&server_name, &flow_name).await,
None => panic!("Database client not initialized"),
}
}
pub async fn permanently_delete_key_by_server_reconnecting(
&self,
server_name: String,
flow_name: String,
) -> Result<u64, tokio_postgres::Error> {
match &self.inner {
Some(client) => {
client
.permanently_delete_key_by_server(&server_name, &flow_name)
.await
}
None => panic!("Database client not initialized"),
}
}
}

5
src/gui/admin/mod.rs Normal file
View File

@@ -0,0 +1,5 @@
mod state;
mod ui;
pub use state::*;
pub use ui::*;

178
src/gui/admin/state.rs Normal file
View File

@@ -0,0 +1,178 @@
use eframe::egui;
use log::{error, info};
use std::collections::HashMap;
use std::sync::mpsc;
use crate::gui::api::{SshKey, fetch_keys};
use crate::gui::common::KhmSettings;
#[derive(Debug, Clone)]
pub enum AdminOperation {
LoadingKeys,
DeprecatingKey,
RestoringKey,
DeletingKey,
BulkDeprecating,
BulkRestoring,
None,
}
#[derive(Debug, Clone)]
pub struct AdminState {
pub keys: Vec<SshKey>,
pub filtered_keys: Vec<SshKey>,
pub search_term: String,
pub show_deprecated_only: bool,
pub selected_servers: HashMap<String, bool>,
pub expanded_servers: HashMap<String, bool>,
pub current_operation: AdminOperation,
pub last_load_time: Option<std::time::Instant>,
}
impl Default for AdminState {
fn default() -> Self {
Self {
keys: Vec::new(),
filtered_keys: Vec::new(),
search_term: String::new(),
show_deprecated_only: false,
selected_servers: HashMap::new(),
expanded_servers: HashMap::new(),
current_operation: AdminOperation::None,
last_load_time: None,
}
}
}
impl AdminState {
/// Filter keys based on current search term and deprecated filter
pub fn filter_keys(&mut self) {
let mut filtered = self.keys.clone();
// Apply deprecated filter
if self.show_deprecated_only {
filtered.retain(|key| key.deprecated);
}
// Apply search filter
if !self.search_term.is_empty() {
let search_term = self.search_term.to_lowercase();
filtered.retain(|key| {
key.server.to_lowercase().contains(&search_term) ||
key.public_key.to_lowercase().contains(&search_term)
});
}
self.filtered_keys = filtered;
}
/// Load keys from server
pub fn load_keys(&mut self, settings: &KhmSettings, ctx: &egui::Context) -> Option<mpsc::Receiver<Result<Vec<SshKey>, String>>> {
if settings.host.is_empty() || settings.flow.is_empty() {
return None;
}
self.current_operation = AdminOperation::LoadingKeys;
let (tx, rx) = mpsc::channel();
let host = settings.host.clone();
let flow = settings.flow.clone();
let basic_auth = settings.basic_auth.clone();
let ctx_clone = ctx.clone();
std::thread::spawn(move || {
let rt = tokio::runtime::Runtime::new().unwrap();
let result = rt.block_on(async {
fetch_keys(host, flow, basic_auth).await
});
let _ = tx.send(result);
ctx_clone.request_repaint();
});
Some(rx)
}
/// Handle keys load result
pub fn handle_keys_loaded(&mut self, result: Result<Vec<SshKey>, String>) {
match result {
Ok(keys) => {
self.keys = keys;
self.last_load_time = Some(std::time::Instant::now());
self.filter_keys();
self.current_operation = AdminOperation::None;
info!("Keys loaded successfully: {} keys", self.keys.len());
}
Err(error) => {
self.current_operation = AdminOperation::None;
error!("Failed to load keys: {}", error);
}
}
}
/// Get selected servers list
pub fn get_selected_servers(&self) -> Vec<String> {
self.selected_servers
.iter()
.filter_map(|(server, &selected)| if selected { Some(server.clone()) } else { None })
.collect()
}
/// Clear selected servers
pub fn clear_selection(&mut self) {
self.selected_servers.clear();
}
/// Get statistics
pub fn get_statistics(&self) -> AdminStatistics {
let total_keys = self.keys.len();
let active_keys = self.keys.iter().filter(|k| !k.deprecated).count();
let deprecated_keys = total_keys - active_keys;
let unique_servers = self.keys.iter().map(|k| &k.server).collect::<std::collections::HashSet<_>>().len();
AdminStatistics {
total_keys,
active_keys,
deprecated_keys,
unique_servers,
}
}
}
#[derive(Debug, Clone)]
pub struct AdminStatistics {
pub total_keys: usize,
pub active_keys: usize,
pub deprecated_keys: usize,
pub unique_servers: usize,
}
/// Get SSH key type from public key string
pub fn get_key_type(public_key: &str) -> String {
if public_key.starts_with("ssh-rsa") {
"RSA".to_string()
} else if public_key.starts_with("ssh-ed25519") {
"ED25519".to_string()
} else if public_key.starts_with("ecdsa-sha2-nistp") {
"ECDSA".to_string()
} else if public_key.starts_with("ssh-dss") {
"DSA".to_string()
} else {
"Unknown".to_string()
}
}
/// Get preview of SSH key (first 12 characters of key part)
pub fn get_key_preview(public_key: &str) -> String {
let parts: Vec<&str> = public_key.split_whitespace().collect();
if parts.len() >= 2 {
let key_part = parts[1];
if key_part.len() > 12 {
format!("{}...", &key_part[..12])
} else {
key_part.to_string()
}
} else {
format!("{}...", &public_key[..std::cmp::min(12, public_key.len())])
}
}

451
src/gui/admin/ui.rs Normal file
View File

@@ -0,0 +1,451 @@
use eframe::egui;
use std::collections::BTreeMap;
use super::state::{AdminState, get_key_type, get_key_preview};
use crate::gui::api::SshKey;
/// Render statistics cards
pub fn render_statistics(ui: &mut egui::Ui, admin_state: &AdminState) {
let stats = admin_state.get_statistics();
ui.group(|ui| {
ui.set_min_width(ui.available_width());
ui.vertical(|ui| {
ui.label(egui::RichText::new("📊 Statistics").size(16.0).strong());
ui.add_space(8.0);
ui.horizontal(|ui| {
ui.columns(4, |cols| {
// Total keys
cols[0].vertical_centered_justified(|ui| {
ui.label(egui::RichText::new("📊").size(20.0));
ui.label(egui::RichText::new(stats.total_keys.to_string()).size(24.0).strong());
ui.label(egui::RichText::new("Total Keys").size(11.0).color(egui::Color32::GRAY));
});
// Active keys
cols[1].vertical_centered_justified(|ui| {
ui.label(egui::RichText::new("").size(20.0));
ui.label(egui::RichText::new(stats.active_keys.to_string()).size(24.0).strong().color(egui::Color32::LIGHT_GREEN));
ui.label(egui::RichText::new("Active").size(11.0).color(egui::Color32::GRAY));
});
// Deprecated keys
cols[2].vertical_centered_justified(|ui| {
ui.label(egui::RichText::new("").size(20.0));
ui.label(egui::RichText::new(stats.deprecated_keys.to_string()).size(24.0).strong().color(egui::Color32::LIGHT_RED));
ui.label(egui::RichText::new("Deprecated").size(11.0).color(egui::Color32::GRAY));
});
// Servers
cols[3].vertical_centered_justified(|ui| {
ui.label(egui::RichText::new("💻").size(20.0));
ui.label(egui::RichText::new(stats.unique_servers.to_string()).size(24.0).strong().color(egui::Color32::LIGHT_BLUE));
ui.label(egui::RichText::new("Servers").size(11.0).color(egui::Color32::GRAY));
});
});
});
});
});
}
/// Render search and filter controls
pub fn render_search_controls(ui: &mut egui::Ui, admin_state: &mut AdminState) -> bool {
let mut changed = false;
ui.group(|ui| {
ui.set_min_width(ui.available_width());
ui.vertical(|ui| {
ui.label(egui::RichText::new("🔍 Search").size(16.0).strong());
ui.add_space(8.0);
// Search field with full width
ui.horizontal(|ui| {
ui.label(egui::RichText::new("🔍").size(14.0));
let search_response = ui.add_sized(
[ui.available_width() * 0.6, 20.0],
egui::TextEdit::singleline(&mut admin_state.search_term)
.hint_text("Search servers or keys...")
);
if admin_state.search_term.is_empty() {
ui.label(egui::RichText::new("Type to search").size(11.0).color(egui::Color32::GRAY));
} else {
ui.label(egui::RichText::new(format!("{} results", admin_state.filtered_keys.len())).size(11.0));
if ui.add(egui::Button::new(egui::RichText::new("").color(egui::Color32::WHITE))
.fill(egui::Color32::from_rgb(170, 170, 170))
.stroke(egui::Stroke::new(1.0, egui::Color32::from_rgb(89, 89, 89)))
.rounding(egui::Rounding::same(3.0))
.min_size(egui::vec2(18.0, 18.0))
).on_hover_text("Clear search").clicked() {
admin_state.search_term.clear();
changed = true;
}
}
// Handle search text changes
if search_response.changed() {
changed = true;
}
});
ui.add_space(5.0);
// Filter controls
ui.horizontal(|ui| {
ui.label("Filter:");
let show_deprecated = admin_state.show_deprecated_only;
if ui.selectable_label(!show_deprecated, "✅ Active").clicked() {
admin_state.show_deprecated_only = false;
changed = true;
}
if ui.selectable_label(show_deprecated, "❗ Deprecated").clicked() {
admin_state.show_deprecated_only = true;
changed = true;
}
});
});
});
if changed {
admin_state.filter_keys();
}
changed
}
/// Render bulk actions controls
pub fn render_bulk_actions(ui: &mut egui::Ui, admin_state: &mut AdminState) -> BulkAction {
let selected_count = admin_state.selected_servers.values().filter(|&&v| v).count();
if selected_count == 0 {
return BulkAction::None;
}
let mut action = BulkAction::None;
ui.group(|ui| {
ui.set_min_width(ui.available_width());
ui.vertical(|ui| {
ui.horizontal(|ui| {
ui.label(egui::RichText::new("📋").size(14.0));
ui.label(egui::RichText::new(format!("Selected {} servers", selected_count))
.size(14.0)
.strong()
.color(egui::Color32::LIGHT_BLUE));
});
ui.add_space(5.0);
ui.horizontal(|ui| {
if ui.add(egui::Button::new(egui::RichText::new("❗ Deprecate Selected").color(egui::Color32::BLACK))
.fill(egui::Color32::from_rgb(255, 200, 0))
.stroke(egui::Stroke::new(1.0, egui::Color32::from_rgb(102, 94, 72)))
.rounding(egui::Rounding::same(6.0))
.min_size(egui::vec2(130.0, 28.0))
).clicked() {
action = BulkAction::DeprecateSelected;
}
if ui.add(egui::Button::new(egui::RichText::new("✅ Restore Selected").color(egui::Color32::WHITE))
.fill(egui::Color32::from_rgb(101, 199, 40))
.stroke(egui::Stroke::new(1.0, egui::Color32::from_rgb(94, 105, 25)))
.rounding(egui::Rounding::same(6.0))
.min_size(egui::vec2(120.0, 28.0))
).clicked() {
action = BulkAction::RestoreSelected;
}
if ui.add(egui::Button::new(egui::RichText::new("X Clear Selection").color(egui::Color32::WHITE))
.fill(egui::Color32::from_rgb(170, 170, 170))
.stroke(egui::Stroke::new(1.0, egui::Color32::from_rgb(89, 89, 89)))
.rounding(egui::Rounding::same(6.0))
.min_size(egui::vec2(110.0, 28.0))
).clicked() {
admin_state.clear_selection();
action = BulkAction::ClearSelection;
}
});
});
});
action
}
/// Render keys table grouped by servers
pub fn render_keys_table(ui: &mut egui::Ui, admin_state: &mut AdminState) -> KeyAction {
if admin_state.filtered_keys.is_empty() {
render_empty_state(ui, admin_state);
return KeyAction::None;
}
let mut action = KeyAction::None;
// Group keys by server
let mut servers: BTreeMap<String, Vec<SshKey>> = BTreeMap::new();
for key in &admin_state.filtered_keys {
servers.entry(key.server.clone()).or_insert_with(Vec::new).push(key.clone());
}
// Render each server group
for (server_name, server_keys) in servers {
let is_expanded = admin_state.expanded_servers.get(&server_name).copied().unwrap_or(false);
let active_count = server_keys.iter().filter(|k| !k.deprecated).count();
let deprecated_count = server_keys.len() - active_count;
// Server header
ui.group(|ui| {
ui.horizontal(|ui| {
// Server selection checkbox
let mut selected = admin_state.selected_servers.get(&server_name).copied().unwrap_or(false);
if ui.add(egui::Checkbox::new(&mut selected, "")
.indeterminate(false)
).changed() {
admin_state.selected_servers.insert(server_name.clone(), selected);
}
// Expand/collapse button
let expand_icon = if is_expanded { "" } else { "" };
if ui.add(egui::Button::new(expand_icon)
.fill(egui::Color32::TRANSPARENT)
.stroke(egui::Stroke::NONE)
.min_size(egui::vec2(20.0, 20.0))
).clicked() {
admin_state.expanded_servers.insert(server_name.clone(), !is_expanded);
}
// Server icon and name
ui.label(egui::RichText::new("💻").size(16.0));
ui.label(egui::RichText::new(&server_name)
.size(15.0)
.strong()
.color(egui::Color32::WHITE));
// Keys count badge
render_badge(ui, &format!("{} keys", server_keys.len()), egui::Color32::from_rgb(52, 152, 219), egui::Color32::WHITE);
ui.add_space(5.0);
// Deprecated count badge
if deprecated_count > 0 {
render_badge(ui, &format!("{} depr", deprecated_count), egui::Color32::from_rgb(231, 76, 60), egui::Color32::WHITE);
}
ui.with_layout(egui::Layout::right_to_left(egui::Align::Center), |ui| {
// Server action buttons
if deprecated_count > 0 {
if ui.add(egui::Button::new(egui::RichText::new("✅ Restore").color(egui::Color32::WHITE))
.fill(egui::Color32::from_rgb(101, 199, 40))
.stroke(egui::Stroke::new(1.0, egui::Color32::from_rgb(94, 105, 25)))
.rounding(egui::Rounding::same(4.0))
.min_size(egui::vec2(70.0, 24.0))
).clicked() {
action = KeyAction::RestoreServer(server_name.clone());
}
}
if active_count > 0 {
if ui.add(egui::Button::new(egui::RichText::new("❗ Deprecate").color(egui::Color32::BLACK))
.fill(egui::Color32::from_rgb(255, 200, 0))
.stroke(egui::Stroke::new(1.0, egui::Color32::from_rgb(102, 94, 72)))
.rounding(egui::Rounding::same(4.0))
.min_size(egui::vec2(85.0, 24.0))
).clicked() {
action = KeyAction::DeprecateServer(server_name.clone());
}
}
});
});
});
// Expanded key details
if is_expanded {
ui.indent("server_keys", |ui| {
for key in &server_keys {
if let Some(key_action) = render_key_item(ui, key, &server_name) {
action = key_action;
}
}
});
}
ui.add_space(5.0);
}
action
}
/// Render empty state when no keys are available
fn render_empty_state(ui: &mut egui::Ui, admin_state: &AdminState) {
ui.vertical_centered(|ui| {
ui.add_space(60.0);
if admin_state.keys.is_empty() {
ui.label(egui::RichText::new("🔑").size(48.0).color(egui::Color32::GRAY));
ui.label(egui::RichText::new("No SSH keys available")
.size(18.0)
.color(egui::Color32::GRAY));
ui.label(egui::RichText::new("Keys will appear here once loaded from the server")
.size(14.0)
.color(egui::Color32::DARK_GRAY));
} else if !admin_state.search_term.is_empty() {
ui.label(egui::RichText::new("🔍").size(48.0).color(egui::Color32::GRAY));
ui.label(egui::RichText::new("No results found")
.size(18.0)
.color(egui::Color32::GRAY));
ui.label(egui::RichText::new(format!("Try adjusting your search: '{}'", admin_state.search_term))
.size(14.0)
.color(egui::Color32::DARK_GRAY));
} else {
ui.label(egui::RichText::new("").size(48.0).color(egui::Color32::GRAY));
ui.label(egui::RichText::new("No keys match current filters")
.size(18.0)
.color(egui::Color32::GRAY));
ui.label(egui::RichText::new("Try adjusting your search or filter settings")
.size(14.0)
.color(egui::Color32::DARK_GRAY));
}
});
}
/// Render individual key item
fn render_key_item(ui: &mut egui::Ui, key: &SshKey, server_name: &str) -> Option<KeyAction> {
let mut action = None;
ui.group(|ui| {
ui.horizontal(|ui| {
// Key type badge
let key_type = get_key_type(&key.public_key);
let (badge_color, text_color) = match key_type.as_str() {
"RSA" => (egui::Color32::from_rgb(52, 144, 220), egui::Color32::WHITE),
"ED25519" => (egui::Color32::from_rgb(46, 204, 113), egui::Color32::WHITE),
"ECDSA" => (egui::Color32::from_rgb(241, 196, 15), egui::Color32::BLACK),
"DSA" => (egui::Color32::from_rgb(230, 126, 34), egui::Color32::WHITE),
_ => (egui::Color32::GRAY, egui::Color32::WHITE),
};
render_small_badge(ui, &key_type, badge_color, text_color);
ui.add_space(5.0);
// Status badge
if key.deprecated {
ui.label(egui::RichText::new("❗ DEPR")
.size(10.0)
.color(egui::Color32::from_rgb(231, 76, 60))
.strong());
} else {
ui.label(egui::RichText::new("[OK] ACTIVE")
.size(10.0)
.color(egui::Color32::from_rgb(46, 204, 113))
.strong());
}
ui.add_space(5.0);
// Key preview
ui.label(egui::RichText::new(get_key_preview(&key.public_key))
.font(egui::FontId::monospace(10.0))
.color(egui::Color32::LIGHT_GRAY));
ui.with_layout(egui::Layout::right_to_left(egui::Align::Center), |ui| {
// Key action buttons
if key.deprecated {
if ui.add(egui::Button::new(egui::RichText::new("[R]").color(egui::Color32::WHITE))
.fill(egui::Color32::from_rgb(101, 199, 40))
.stroke(egui::Stroke::new(1.0, egui::Color32::from_rgb(94, 105, 25)))
.rounding(egui::Rounding::same(3.0))
.min_size(egui::vec2(22.0, 18.0))
).on_hover_text("Restore key").clicked() {
action = Some(KeyAction::RestoreKey(server_name.to_string()));
}
if ui.add(egui::Button::new(egui::RichText::new("Del").color(egui::Color32::WHITE))
.fill(egui::Color32::from_rgb(246, 36, 71))
.stroke(egui::Stroke::new(1.0, egui::Color32::from_rgb(129, 18, 17)))
.rounding(egui::Rounding::same(3.0))
.min_size(egui::vec2(26.0, 18.0))
).on_hover_text("Delete key").clicked() {
action = Some(KeyAction::DeleteKey(server_name.to_string()));
}
} else {
if ui.add(egui::Button::new(egui::RichText::new("").color(egui::Color32::BLACK))
.fill(egui::Color32::from_rgb(255, 200, 0))
.stroke(egui::Stroke::new(1.0, egui::Color32::from_rgb(102, 94, 72)))
.rounding(egui::Rounding::same(3.0))
.min_size(egui::vec2(22.0, 18.0))
).on_hover_text("Deprecate key").clicked() {
action = Some(KeyAction::DeprecateKey(server_name.to_string()));
}
}
if ui.add(egui::Button::new(egui::RichText::new("Copy").color(egui::Color32::WHITE))
.fill(egui::Color32::from_rgb(0, 111, 230))
.stroke(egui::Stroke::new(1.0, egui::Color32::from_rgb(35, 84, 97)))
.rounding(egui::Rounding::same(3.0))
.min_size(egui::vec2(30.0, 18.0))
).on_hover_text("Copy to clipboard").clicked() {
ui.output_mut(|o| o.copied_text = key.public_key.clone());
}
});
});
});
action
}
/// Render a badge with text
fn render_badge(ui: &mut egui::Ui, text: &str, bg_color: egui::Color32, text_color: egui::Color32) {
let (rect, _) = ui.allocate_exact_size(
egui::vec2(50.0, 18.0),
egui::Sense::hover()
);
ui.painter().rect_filled(
rect,
egui::Rounding::same(8.0),
bg_color
);
ui.painter().text(
rect.center(),
egui::Align2::CENTER_CENTER,
text,
egui::FontId::proportional(10.0),
text_color,
);
}
/// Render a small badge with text
fn render_small_badge(ui: &mut egui::Ui, text: &str, bg_color: egui::Color32, text_color: egui::Color32) {
let (rect, _) = ui.allocate_exact_size(
egui::vec2(40.0, 16.0),
egui::Sense::hover()
);
ui.painter().rect_filled(
rect,
egui::Rounding::same(3.0),
bg_color
);
ui.painter().text(
rect.center(),
egui::Align2::CENTER_CENTER,
text,
egui::FontId::proportional(9.0),
text_color,
);
}
/// Actions that can be performed on keys
#[derive(Debug, Clone)]
pub enum KeyAction {
None,
DeprecateKey(String),
RestoreKey(String),
DeleteKey(String),
DeprecateServer(String),
RestoreServer(String),
}
/// Bulk actions that can be performed
#[derive(Debug, Clone)]
pub enum BulkAction {
None,
DeprecateSelected,
RestoreSelected,
ClearSelection,
}

254
src/gui/api/client.rs Normal file
View File

@@ -0,0 +1,254 @@
use reqwest::Client;
use log::info;
use serde::{Deserialize, Serialize};
use crate::gui::common::{KhmSettings, perform_sync};
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct SshKey {
pub server: String,
pub public_key: String,
#[serde(default)]
pub deprecated: bool,
}
/// Test connection to KHM server
pub async fn test_connection(host: String, flow: String, basic_auth: String) -> Result<String, String> {
if host.is_empty() || flow.is_empty() {
return Err("Host and flow must be specified".to_string());
}
let url = format!("{}/{}/keys", host.trim_end_matches('/'), flow);
info!("Testing connection to: {}", url);
let client = create_http_client()?;
let mut request = client.get(&url);
request = add_auth_if_needed(request, &basic_auth)?;
let response = request.send().await
.map_err(|e| format!("Request failed: {}", e))?;
check_response_status(&response)?;
let body = response.text().await
.map_err(|e| format!("Failed to read response: {}", e))?;
check_html_response(&body)?;
let keys: Vec<SshKey> = serde_json::from_str(&body)
.map_err(|e| format!("Failed to parse response: {}", e))?;
let message = format!("Found {} SSH keys from flow '{}'", keys.len(), flow);
info!("Connection test successful: {}", message);
Ok(message)
}
/// Fetch all SSH keys including deprecated ones
pub async fn fetch_keys(host: String, flow: String, basic_auth: String) -> Result<Vec<SshKey>, String> {
if host.is_empty() || flow.is_empty() {
return Err("Host and flow must be specified".to_string());
}
let url = format!("{}/{}/keys?include_deprecated=true", host.trim_end_matches('/'), flow);
info!("Fetching keys from: {}", url);
let client = create_http_client()?;
let mut request = client.get(&url);
request = add_auth_if_needed(request, &basic_auth)?;
let response = request.send().await
.map_err(|e| format!("Request failed: {}", e))?;
check_response_status(&response)?;
let body = response.text().await
.map_err(|e| format!("Failed to read response: {}", e))?;
check_html_response(&body)?;
let keys: Vec<SshKey> = serde_json::from_str(&body)
.map_err(|e| format!("Failed to parse response: {}", e))?;
info!("Fetched {} SSH keys", keys.len());
Ok(keys)
}
/// Deprecate a key for a specific server
pub async fn deprecate_key(host: String, flow: String, basic_auth: String, server: String) -> Result<String, String> {
let url = format!("{}/{}/keys/{}", host.trim_end_matches('/'), flow, urlencoding::encode(&server));
info!("Deprecating key for server '{}' at: {}", server, url);
let client = create_http_client()?;
let mut request = client.delete(&url);
request = add_auth_if_needed(request, &basic_auth)?;
let response = request.send().await
.map_err(|e| format!("Request failed: {}", e))?;
check_response_status(&response)?;
let body = response.text().await
.map_err(|e| format!("Failed to read response: {}", e))?;
parse_api_response(&body, &format!("Successfully deprecated key for server '{}'", server))
}
/// Restore a key for a specific server
pub async fn restore_key(host: String, flow: String, basic_auth: String, server: String) -> Result<String, String> {
let url = format!("{}/{}/keys/{}/restore", host.trim_end_matches('/'), flow, urlencoding::encode(&server));
info!("Restoring key for server '{}' at: {}", server, url);
let client = create_http_client()?;
let mut request = client.post(&url);
request = add_auth_if_needed(request, &basic_auth)?;
let response = request.send().await
.map_err(|e| format!("Request failed: {}", e))?;
check_response_status(&response)?;
let body = response.text().await
.map_err(|e| format!("Failed to read response: {}", e))?;
parse_api_response(&body, &format!("Successfully restored key for server '{}'", server))
}
/// Delete a key permanently for a specific server
pub async fn delete_key(host: String, flow: String, basic_auth: String, server: String) -> Result<String, String> {
let url = format!("{}/{}/keys/{}/delete", host.trim_end_matches('/'), flow, urlencoding::encode(&server));
info!("Permanently deleting key for server '{}' at: {}", server, url);
let client = create_http_client()?;
let mut request = client.delete(&url);
request = add_auth_if_needed(request, &basic_auth)?;
let response = request.send().await
.map_err(|e| format!("Request failed: {}", e))?;
check_response_status(&response)?;
let body = response.text().await
.map_err(|e| format!("Failed to read response: {}", e))?;
parse_api_response(&body, &format!("Successfully deleted key for server '{}'", server))
}
/// Bulk deprecate multiple servers
pub async fn bulk_deprecate_servers(host: String, flow: String, basic_auth: String, servers: Vec<String>) -> Result<String, String> {
let url = format!("{}/{}/bulk-deprecate", host.trim_end_matches('/'), flow);
info!("Bulk deprecating {} servers at: {}", servers.len(), url);
let client = create_http_client()?;
let mut request = client.post(&url)
.json(&serde_json::json!({
"servers": servers
}));
request = add_auth_if_needed(request, &basic_auth)?;
let response = request.send().await
.map_err(|e| format!("Request failed: {}", e))?;
check_response_status(&response)?;
let body = response.text().await
.map_err(|e| format!("Failed to read response: {}", e))?;
parse_api_response(&body, "Successfully deprecated servers")
}
/// Bulk restore multiple servers
pub async fn bulk_restore_servers(host: String, flow: String, basic_auth: String, servers: Vec<String>) -> Result<String, String> {
let url = format!("{}/{}/bulk-restore", host.trim_end_matches('/'), flow);
info!("Bulk restoring {} servers at: {}", servers.len(), url);
let client = create_http_client()?;
let mut request = client.post(&url)
.json(&serde_json::json!({
"servers": servers
}));
request = add_auth_if_needed(request, &basic_auth)?;
let response = request.send().await
.map_err(|e| format!("Request failed: {}", e))?;
check_response_status(&response)?;
let body = response.text().await
.map_err(|e| format!("Failed to read response: {}", e))?;
parse_api_response(&body, "Successfully restored servers")
}
/// Perform manual sync operation
pub async fn perform_manual_sync(settings: KhmSettings) -> Result<String, String> {
match perform_sync(&settings).await {
Ok(keys_count) => Ok(format!("Sync completed successfully with {} keys", keys_count)),
Err(e) => Err(e.to_string()),
}
}
// Helper functions
fn create_http_client() -> Result<Client, String> {
Client::builder()
.timeout(std::time::Duration::from_secs(30))
.redirect(reqwest::redirect::Policy::none())
.build()
.map_err(|e| format!("Failed to create HTTP client: {}", e))
}
fn add_auth_if_needed(request: reqwest::RequestBuilder, basic_auth: &str) -> Result<reqwest::RequestBuilder, String> {
if basic_auth.is_empty() {
return Ok(request);
}
let auth_parts: Vec<&str> = basic_auth.splitn(2, ':').collect();
if auth_parts.len() == 2 {
Ok(request.basic_auth(auth_parts[0], Some(auth_parts[1])))
} else {
Err("Basic auth format should be 'username:password'".to_string())
}
}
fn check_response_status(response: &reqwest::Response) -> Result<(), String> {
let status = response.status().as_u16();
if status == 401 {
return Err("Authentication required. Please provide valid basic auth credentials.".to_string());
}
if status >= 300 && status < 400 {
return Err("Server redirects to login page. Authentication may be required.".to_string());
}
if !response.status().is_success() {
return Err(format!("Server returned error: {} {}", status, response.status().canonical_reason().unwrap_or("Unknown")));
}
Ok(())
}
fn check_html_response(body: &str) -> Result<(), String> {
if body.trim_start().starts_with("<!DOCTYPE") || body.trim_start().starts_with("<html") {
return Err("Server returned HTML page instead of JSON. This usually means authentication is required or the endpoint is incorrect.".to_string());
}
Ok(())
}
fn parse_api_response(body: &str, default_message: &str) -> Result<String, String> {
if let Ok(json_response) = serde_json::from_str::<serde_json::Value>(body) {
if let Some(message) = json_response.get("message").and_then(|v| v.as_str()) {
Ok(message.to_string())
} else {
Ok(default_message.to_string())
}
} else {
Ok(default_message.to_string())
}
}

3
src/gui/api/mod.rs Normal file
View File

@@ -0,0 +1,3 @@
mod client;
pub use client::*;

3
src/gui/common/mod.rs Normal file
View File

@@ -0,0 +1,3 @@
mod settings;
pub use settings::*;

143
src/gui/common/settings.rs Normal file
View File

@@ -0,0 +1,143 @@
use dirs::home_dir;
use log::{debug, error, info};
use serde::{Deserialize, Serialize};
use std::fs;
use std::path::PathBuf;
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct KhmSettings {
pub host: String,
pub flow: String,
pub known_hosts: String,
pub basic_auth: String,
pub in_place: bool,
pub auto_sync_interval_minutes: u32,
}
impl Default for KhmSettings {
fn default() -> Self {
Self {
host: String::new(),
flow: String::new(),
known_hosts: get_default_known_hosts_path(),
basic_auth: String::new(),
in_place: true,
auto_sync_interval_minutes: 60,
}
}
}
/// Get default known_hosts file path based on OS
fn get_default_known_hosts_path() -> String {
#[cfg(target_os = "windows")]
{
if let Ok(user_profile) = std::env::var("USERPROFILE") {
format!("{}/.ssh/known_hosts", user_profile)
} else {
"~/.ssh/known_hosts".to_string()
}
}
#[cfg(not(target_os = "windows"))]
{
"~/.ssh/known_hosts".to_string()
}
}
/// Get configuration file path
pub fn get_config_path() -> PathBuf {
let mut path = home_dir().expect("Could not find home directory");
path.push(".khm");
fs::create_dir_all(&path).ok();
path.push("khm_config.json");
path
}
/// Load settings from configuration file
pub fn load_settings() -> KhmSettings {
let path = get_config_path();
match fs::read_to_string(&path) {
Ok(contents) => {
let mut settings: KhmSettings = serde_json::from_str(&contents).unwrap_or_else(|e| {
error!("Failed to parse KHM config: {}", e);
KhmSettings::default()
});
// Fill in default known_hosts path if empty
if settings.known_hosts.is_empty() {
settings.known_hosts = get_default_known_hosts_path();
}
settings
}
Err(_) => {
debug!("KHM config file not found, using defaults");
KhmSettings::default()
}
}
}
/// Save settings to configuration file
pub fn save_settings(settings: &KhmSettings) -> Result<(), std::io::Error> {
let path = get_config_path();
let json = serde_json::to_string_pretty(settings)?;
fs::write(&path, json)?;
info!("KHM settings saved");
Ok(())
}
/// Expand path with ~ substitution
pub fn expand_path(path: &str) -> String {
if path.starts_with("~/") {
if let Some(home) = home_dir() {
return home.join(&path[2..]).to_string_lossy().to_string();
}
}
path.to_string()
}
/// Perform sync operation using KHM client logic
pub async fn perform_sync(settings: &KhmSettings) -> Result<usize, std::io::Error> {
use crate::Args;
info!("Starting sync with settings: host={}, flow={}, known_hosts={}, in_place={}",
settings.host, settings.flow, settings.known_hosts, settings.in_place);
// Convert KhmSettings to Args for client module
let args = Args {
server: false,
gui: false,
settings_ui: false,
in_place: settings.in_place,
flows: vec!["default".to_string()], // Not used in client mode
ip: "127.0.0.1".to_string(), // Not used in client mode
port: 8080, // Not used in client mode
db_host: "127.0.0.1".to_string(), // Not used in client mode
db_name: "khm".to_string(), // Not used in client mode
db_user: None, // Not used in client mode
db_password: None, // Not used in client mode
host: Some(settings.host.clone()),
flow: Some(settings.flow.clone()),
known_hosts: expand_path(&settings.known_hosts),
basic_auth: settings.basic_auth.clone(),
};
info!("Expanded known_hosts path: {}", args.known_hosts);
// Get keys count before and after sync
let keys_before = crate::client::read_known_hosts(&args.known_hosts)
.unwrap_or_else(|_| Vec::new())
.len();
crate::client::run_client(args.clone()).await?;
let keys_after = if args.in_place {
crate::client::read_known_hosts(&args.known_hosts)
.unwrap_or_else(|_| Vec::new())
.len()
} else {
keys_before
};
info!("Sync completed: {} keys before, {} keys after", keys_before, keys_after);
Ok(keys_after)
}

43
src/gui/mod.rs Normal file
View File

@@ -0,0 +1,43 @@
use log::info;
// Modules
mod api;
mod admin;
mod common;
#[cfg(feature = "gui")]
mod settings;
#[cfg(feature = "gui")]
mod tray;
// Re-exports for backward compatibility and external usage
#[cfg(feature = "gui")]
pub use settings::run_settings_window;
#[cfg(feature = "gui")]
pub use tray::run_tray_app;
// User events for GUI communication
#[cfg(feature = "gui")]
#[derive(Debug)]
pub enum UserEvent {
TrayIconEvent,
MenuEvent(tray_icon::menu::MenuEvent),
ConfigFileChanged,
UpdateMenu,
}
/// Run GUI application in tray mode
#[cfg(feature = "gui")]
pub async fn run_gui() -> std::io::Result<()> {
info!("Starting KHM tray application");
run_tray_app().await
}
/// Stub function when GUI is disabled
#[cfg(not(feature = "gui"))]
pub async fn run_gui() -> std::io::Result<()> {
return Err(std::io::Error::new(
std::io::ErrorKind::Unsupported,
"GUI features not compiled. Install system dependencies and rebuild with --features gui"
));
}

202
src/gui/settings/connection.rs Normal file
View File

@@ -0,0 +1,202 @@
use eframe::egui;
use log::{error, info};
use std::sync::mpsc;
use crate::gui::api::{test_connection, perform_manual_sync};
use crate::gui::common::{KhmSettings, save_settings};
#[derive(Debug, Clone)]
pub enum ConnectionStatus {
Unknown,
Connected { keys_count: usize, flow: String },
Error(String),
}
#[derive(Debug, Clone)]
pub enum SyncStatus {
Unknown,
Success { keys_count: usize },
Error(String),
}
#[derive(Debug, Clone, PartialEq)]
pub enum SettingsTab {
Connection,
Admin,
}
pub struct ConnectionTab {
pub connection_status: ConnectionStatus,
pub is_testing_connection: bool,
pub test_result_receiver: Option<mpsc::Receiver<Result<String, String>>>,
pub is_syncing: bool,
pub sync_result_receiver: Option<mpsc::Receiver<Result<String, String>>>,
pub sync_status: SyncStatus,
}
impl Default for ConnectionTab {
fn default() -> Self {
Self {
connection_status: ConnectionStatus::Unknown,
is_testing_connection: false,
test_result_receiver: None,
is_syncing: false,
sync_result_receiver: None,
sync_status: SyncStatus::Unknown,
}
}
}
impl ConnectionTab {
/// Start connection test
pub fn start_test(&mut self, settings: &KhmSettings, ctx: &egui::Context) {
if self.is_testing_connection {
return;
}
self.is_testing_connection = true;
self.connection_status = ConnectionStatus::Unknown;
let (tx, rx) = mpsc::channel();
self.test_result_receiver = Some(rx);
let host = settings.host.clone();
let flow = settings.flow.clone();
let basic_auth = settings.basic_auth.clone();
let ctx_clone = ctx.clone();
std::thread::spawn(move || {
let rt = tokio::runtime::Runtime::new().unwrap();
let result = rt.block_on(async {
test_connection(host, flow, basic_auth).await
});
let _ = tx.send(result);
ctx_clone.request_repaint();
});
}
/// Start manual sync
pub fn start_sync(&mut self, settings: &KhmSettings, ctx: &egui::Context) {
if self.is_syncing {
return;
}
self.is_syncing = true;
self.sync_status = SyncStatus::Unknown;
let (tx, rx) = mpsc::channel();
self.sync_result_receiver = Some(rx);
let settings = settings.clone();
let ctx_clone = ctx.clone();
std::thread::spawn(move || {
let rt = tokio::runtime::Runtime::new().unwrap();
let result = rt.block_on(async {
perform_manual_sync(settings).await
});
let _ = tx.send(result);
ctx_clone.request_repaint();
});
}
/// Check for test/sync results
pub fn check_results(&mut self, ctx: &egui::Context, settings: &KhmSettings, operation_log: &mut Vec<String>) {
// Check for test connection result
if let Some(receiver) = &self.test_result_receiver {
if let Ok(result) = receiver.try_recv() {
self.is_testing_connection = false;
match result {
Ok(message) => {
// Parse keys count from message
let keys_count = if let Some(start) = message.find("Found ") {
if let Some(end) = message[start + 6..].find(" SSH keys") {
message[start + 6..start + 6 + end].parse::<usize>().unwrap_or(0)
} else { 0 }
} else { 0 };
self.connection_status = ConnectionStatus::Connected {
keys_count,
flow: settings.flow.clone()
};
info!("Connection test successful: {}", message);
// Add to UI log
super::ui::add_log_entry(operation_log, format!("✅ Connection test successful: {}", message));
}
Err(error) => {
self.connection_status = ConnectionStatus::Error(error.clone());
error!("Connection test failed");
// Add to UI log
super::ui::add_log_entry(operation_log, format!("❌ Connection test failed: {}", error));
}
}
self.test_result_receiver = None;
ctx.request_repaint();
}
}
// Check for sync result
if let Some(receiver) = &self.sync_result_receiver {
if let Ok(result) = receiver.try_recv() {
self.is_syncing = false;
match result {
Ok(message) => {
// Parse keys count from message
let keys_count = parse_keys_count(&message);
self.sync_status = SyncStatus::Success { keys_count };
info!("Sync successful: {}", message);
// Add to UI log
super::ui::add_log_entry(operation_log, format!("✅ Sync completed: {}", message));
}
Err(error) => {
self.sync_status = SyncStatus::Error(error.clone());
error!("Sync failed");
// Add to UI log
super::ui::add_log_entry(operation_log, format!("❌ Sync failed: {}", error));
}
}
self.sync_result_receiver = None;
ctx.request_repaint();
}
}
}
}
/// Parse keys count from sync result message
fn parse_keys_count(message: &str) -> usize {
if let Some(start) = message.find("updated with ") {
let search_start = start + "updated with ".len();
if let Some(end) = message[search_start..].find(" keys") {
let number_str = &message[search_start..search_start + end];
return number_str.parse::<usize>().unwrap_or(0);
}
} else if let Some(start) = message.find("Retrieved ") {
let search_start = start + "Retrieved ".len();
if let Some(end) = message[search_start..].find(" keys") {
let number_str = &message[search_start..search_start + end];
return number_str.parse::<usize>().unwrap_or(0);
}
} else if let Some(keys_pos) = message.find(" keys") {
let before_keys = &message[..keys_pos];
if let Some(space_pos) = before_keys.rfind(' ') {
let number_str = &before_keys[space_pos + 1..];
return number_str.parse::<usize>().unwrap_or(0);
}
}
0
}
/// Save settings with validation
pub fn save_settings_validated(settings: &KhmSettings) -> Result<(), String> {
if settings.host.is_empty() || settings.flow.is_empty() {
return Err("Host URL and Flow Name are required".to_string());
}
save_settings(settings).map_err(|e| format!("Failed to save settings: {}", e))
}

5
src/gui/settings/mod.rs Normal file
View File

@@ -0,0 +1,5 @@
mod connection;
mod ui;
mod window;
pub use window::*;

549
src/gui/settings/ui.rs Normal file
View File

@@ -0,0 +1,549 @@
use eframe::egui;
use crate::gui::common::{KhmSettings, get_config_path};
use super::connection::{ConnectionTab, ConnectionStatus, SyncStatus, save_settings_validated};
/// Render connection settings tab with modern horizontal UI design
pub fn render_connection_tab(
ui: &mut egui::Ui,
ctx: &egui::Context,
settings: &mut KhmSettings,
auto_sync_interval_str: &mut String,
connection_tab: &mut ConnectionTab,
operation_log: &mut Vec<String>
) {
// Check for connection test and sync results
connection_tab.check_results(ctx, settings, operation_log);
// Use scrollable area for the entire content
egui::ScrollArea::vertical()
.auto_shrink([false; 2])
.show(ui, |ui| {
ui.spacing_mut().item_spacing = egui::vec2(6.0, 8.0);
ui.spacing_mut().button_padding = egui::vec2(12.0, 6.0);
ui.spacing_mut().indent = 16.0;
// Connection Status Card at top (full width)
render_connection_status_card(ui, connection_tab);
// Main configuration area - horizontal layout
ui.horizontal_top(|ui| {
let available_width = ui.available_width();
let left_panel_width = available_width * 0.6;
let right_panel_width = available_width * 0.38;
// Left panel - Connection and Local config
ui.allocate_ui_with_layout(
[left_panel_width, ui.available_height()].into(),
egui::Layout::top_down(egui::Align::Min),
|ui| {
// Connection Configuration Card
render_connection_config_card(ui, settings);
// Local Configuration Card
render_local_config_card(ui, settings);
}
);
ui.add_space(8.0);
// Right panel - Auto-sync and System info
ui.allocate_ui_with_layout(
[right_panel_width, ui.available_height()].into(),
egui::Layout::top_down(egui::Align::Min),
|ui| {
// Auto-sync Configuration Card
render_auto_sync_card(ui, settings, auto_sync_interval_str);
// System Information Card
render_system_info_card(ui);
}
);
});
ui.add_space(12.0);
// Action buttons at bottom
render_action_section(ui, ctx, settings, connection_tab, operation_log);
});
}
/// Connection status card with modern visual design
fn render_connection_status_card(ui: &mut egui::Ui, connection_tab: &ConnectionTab) {
let frame = egui::Frame::group(ui.style())
.fill(ui.visuals().faint_bg_color)
.stroke(egui::Stroke::new(1.0, ui.visuals().widgets.noninteractive.bg_stroke.color))
.rounding(6.0)
.inner_margin(egui::Margin::same(12.0));
frame.show(ui, |ui| {
// Header with status indicator
ui.horizontal(|ui| {
let (status_icon, status_text, status_color) = match &connection_tab.connection_status {
ConnectionStatus::Connected { keys_count, flow } => {
let text = if flow.is_empty() {
format!("Connected • {} keys", keys_count)
} else {
format!("Connected to '{}' • {} keys", flow, keys_count)
};
("🟢", text, egui::Color32::GREEN)
}
ConnectionStatus::Error(error_msg) => {
("🔴", format!("Connection Error: {}", error_msg), egui::Color32::RED)
}
ConnectionStatus::Unknown => {
("", "Not Connected".to_string(), ui.visuals().text_color())
}
};
ui.label(egui::RichText::new(status_icon).size(14.0));
ui.label(egui::RichText::new("Connection Status").size(14.0).strong());
ui.with_layout(egui::Layout::right_to_left(egui::Align::Center), |ui| {
if connection_tab.is_testing_connection {
ui.spinner();
ui.label(egui::RichText::new("Testing...").italics().color(ui.visuals().weak_text_color()));
} else {
ui.label(egui::RichText::new(&status_text).size(13.0).color(status_color));
}
});
});
// Sync status - always visible
ui.add_space(6.0);
ui.separator();
ui.add_space(6.0);
ui.horizontal(|ui| {
ui.label("🔄");
ui.label("Last Sync:");
match &connection_tab.sync_status {
SyncStatus::Success { keys_count } => {
ui.label(egui::RichText::new(format!("{} keys synced", keys_count))
.size(13.0).color(egui::Color32::GREEN));
}
SyncStatus::Error(error_msg) => {
ui.label(egui::RichText::new("❌ Failed")
.size(13.0).color(egui::Color32::RED))
.on_hover_text(error_msg);
}
SyncStatus::Unknown => {
ui.label(egui::RichText::new("No sync performed yet")
.size(13.0).color(ui.visuals().weak_text_color()));
}
}
});
});
ui.add_space(8.0);
}
/// Connection configuration card with input fields
fn render_connection_config_card(ui: &mut egui::Ui, settings: &mut KhmSettings) {
let frame = egui::Frame::group(ui.style())
.fill(ui.visuals().faint_bg_color)
.stroke(egui::Stroke::new(1.0, ui.visuals().widgets.noninteractive.bg_stroke.color))
.rounding(6.0)
.inner_margin(egui::Margin::same(12.0));
frame.show(ui, |ui| {
// Header
ui.horizontal(|ui| {
ui.label("🌐");
ui.label(egui::RichText::new("Server Configuration").size(14.0).strong());
});
ui.add_space(8.0);
// Input fields with better spacing
ui.vertical(|ui| {
ui.spacing_mut().item_spacing.y = 8.0;
// Host URL
ui.vertical(|ui| {
ui.label(egui::RichText::new("Host URL").size(13.0).strong());
ui.add_space(3.0);
ui.add_sized(
[ui.available_width(), 28.0], // Smaller height for better centering
egui::TextEdit::singleline(&mut settings.host)
.hint_text("https://your-khm-server.com")
.font(egui::FontId::new(14.0, egui::FontFamily::Monospace))
.margin(egui::Margin::symmetric(8.0, 6.0)) // Better vertical centering
);
});
// Flow Name
ui.vertical(|ui| {
ui.label(egui::RichText::new("Flow Name").size(13.0).strong());
ui.add_space(3.0);
ui.add_sized(
[ui.available_width(), 28.0],
egui::TextEdit::singleline(&mut settings.flow)
.hint_text("production, staging, development")
.font(egui::FontId::new(14.0, egui::FontFamily::Proportional))
.margin(egui::Margin::symmetric(8.0, 6.0))
);
});
// Basic Auth (optional)
ui.vertical(|ui| {
ui.horizontal(|ui| {
ui.label(egui::RichText::new("Basic Authentication").size(13.0).strong());
ui.label(egui::RichText::new("(optional)").size(12.0).weak().italics());
});
ui.add_space(3.0);
ui.add_sized(
[ui.available_width(), 28.0],
egui::TextEdit::singleline(&mut settings.basic_auth)
.hint_text("username:password")
.password(true)
.font(egui::FontId::new(14.0, egui::FontFamily::Monospace))
.margin(egui::Margin::symmetric(8.0, 6.0))
);
});
});
});
ui.add_space(8.0);
}
/// Local configuration card
fn render_local_config_card(ui: &mut egui::Ui, settings: &mut KhmSettings) {
let frame = egui::Frame::group(ui.style())
.fill(ui.visuals().faint_bg_color)
.stroke(egui::Stroke::new(1.0, ui.visuals().widgets.noninteractive.bg_stroke.color))
.rounding(6.0)
.inner_margin(egui::Margin::same(12.0));
frame.show(ui, |ui| {
// Header
ui.horizontal(|ui| {
ui.label("📁");
ui.label(egui::RichText::new("Local Configuration").size(14.0).strong());
});
ui.add_space(8.0);
// Known hosts file
ui.vertical(|ui| {
ui.label(egui::RichText::new("Known Hosts File Path").size(13.0).strong());
ui.add_space(3.0);
ui.add_sized(
[ui.available_width(), 28.0],
egui::TextEdit::singleline(&mut settings.known_hosts)
.hint_text("~/.ssh/known_hosts")
.font(egui::FontId::new(14.0, egui::FontFamily::Monospace))
.margin(egui::Margin::symmetric(8.0, 6.0))
);
ui.add_space(8.0);
// In-place update option with better styling
ui.horizontal(|ui| {
ui.checkbox(&mut settings.in_place, "");
ui.vertical(|ui| {
ui.label(egui::RichText::new("Update file in-place after sync").size(13.0).strong());
ui.label(egui::RichText::new("Automatically modify the known_hosts file when synchronizing").size(12.0).weak().italics());
});
});
});
});
ui.add_space(8.0);
}
/// Auto-sync configuration card
fn render_auto_sync_card(ui: &mut egui::Ui, settings: &mut KhmSettings, auto_sync_interval_str: &mut String) {
let frame = egui::Frame::group(ui.style())
.fill(ui.visuals().faint_bg_color)
.stroke(egui::Stroke::new(1.0, ui.visuals().widgets.noninteractive.bg_stroke.color))
.rounding(6.0)
.inner_margin(egui::Margin::same(12.0));
frame.show(ui, |ui| {
let is_auto_sync_enabled = !settings.host.is_empty()
&& !settings.flow.is_empty()
&& settings.in_place;
// Header with status
ui.horizontal(|ui| {
ui.label("🔄");
ui.label(egui::RichText::new("Auto Sync").size(14.0).strong());
ui.with_layout(egui::Layout::right_to_left(egui::Align::Center), |ui| {
let (status_text, status_color) = if is_auto_sync_enabled {
("● Active", egui::Color32::GREEN)
} else {
("○ Inactive", egui::Color32::from_gray(128))
};
ui.label(egui::RichText::new(status_text).size(12.0).color(status_color));
});
});
ui.add_space(8.0);
// Interval setting
ui.horizontal(|ui| {
ui.label(egui::RichText::new("Interval").size(13.0).strong());
ui.add_space(6.0);
ui.add_sized(
[80.0, 26.0], // Smaller height
egui::TextEdit::singleline(auto_sync_interval_str)
.font(egui::FontId::new(14.0, egui::FontFamily::Monospace))
.margin(egui::Margin::symmetric(6.0, 5.0))
);
ui.label("min");
// Update the actual setting
if let Ok(value) = auto_sync_interval_str.parse::<u32>() {
if value > 0 {
settings.auto_sync_interval_minutes = value;
}
}
});
// Requirements - always visible
ui.add_space(8.0);
ui.separator();
ui.add_space(8.0);
ui.vertical(|ui| {
ui.label(egui::RichText::new("Requirements:").size(12.0).strong());
ui.add_space(3.0);
let host_ok = !settings.host.is_empty();
let flow_ok = !settings.flow.is_empty();
let in_place_ok = settings.in_place;
ui.horizontal(|ui| {
let (icon, color) = if host_ok { ("", egui::Color32::GREEN) } else { ("", egui::Color32::RED) };
ui.label(egui::RichText::new(icon).color(color));
ui.label(egui::RichText::new("Host URL").size(11.0));
});
ui.horizontal(|ui| {
let (icon, color) = if flow_ok { ("", egui::Color32::GREEN) } else { ("", egui::Color32::RED) };
ui.label(egui::RichText::new(icon).color(color));
ui.label(egui::RichText::new("Flow name").size(11.0));
});
ui.horizontal(|ui| {
let (icon, color) = if in_place_ok { ("", egui::Color32::GREEN) } else { ("", egui::Color32::RED) };
ui.label(egui::RichText::new(icon).color(color));
ui.label(egui::RichText::new("In-place update").size(11.0));
});
});
});
ui.add_space(8.0);
}
/// System information card
fn render_system_info_card(ui: &mut egui::Ui) {
let frame = egui::Frame::group(ui.style())
.fill(ui.visuals().extreme_bg_color)
.stroke(egui::Stroke::new(1.0, ui.visuals().widgets.noninteractive.bg_stroke.color))
.rounding(6.0)
.inner_margin(egui::Margin::same(12.0));
frame.show(ui, |ui| {
// Header
ui.horizontal(|ui| {
ui.label("⚙️");
ui.label(egui::RichText::new("System Info").size(14.0).strong());
});
ui.add_space(8.0);
// Config file location
ui.vertical(|ui| {
ui.label(egui::RichText::new("Config File").size(13.0).strong());
ui.add_space(3.0);
let config_path = get_config_path();
let path_str = config_path.display().to_string();
ui.vertical(|ui| {
ui.add_sized(
[ui.available_width(), 26.0], // Smaller height
egui::TextEdit::singleline(&mut path_str.clone())
.interactive(false)
.font(egui::FontId::new(12.0, egui::FontFamily::Monospace))
.margin(egui::Margin::symmetric(8.0, 5.0))
);
ui.add_space(4.0);
if ui.small_button("📋 Copy Path").clicked() {
ui.output_mut(|o| o.copied_text = path_str);
}
});
});
});
ui.add_space(8.0);
}
/// Action section with buttons only (Activity Log moved to bottom panel)
fn render_action_section(
ui: &mut egui::Ui,
ctx: &egui::Context,
settings: &KhmSettings,
connection_tab: &mut ConnectionTab,
operation_log: &mut Vec<String>
) {
ui.add_space(8.0);
// Validation message
let save_enabled = !settings.host.is_empty() && !settings.flow.is_empty();
if !save_enabled {
ui.horizontal(|ui| {
ui.label("⚠️");
ui.label(egui::RichText::new("Complete server configuration to enable saving")
.size(12.0)
.color(egui::Color32::LIGHT_YELLOW)
.italics());
});
ui.add_space(8.0);
}
// Action buttons with modern styling
render_modern_action_buttons(ui, ctx, settings, connection_tab, save_enabled, operation_log);
}
/// Modern action buttons with improved styling and layout
fn render_modern_action_buttons(
ui: &mut egui::Ui,
ctx: &egui::Context,
settings: &KhmSettings,
connection_tab: &mut ConnectionTab,
save_enabled: bool,
operation_log: &mut Vec<String>
) {
ui.horizontal(|ui| {
ui.spacing_mut().item_spacing.x = 8.0;
// Primary actions (left side)
if ui.add_enabled(
save_enabled,
egui::Button::new(
egui::RichText::new("💾 Save & Close")
.size(13.0)
.color(egui::Color32::WHITE)
)
.fill(if save_enabled {
egui::Color32::from_rgb(0, 120, 212)
} else {
ui.visuals().widgets.inactive.bg_fill
})
.min_size(egui::vec2(120.0, 32.0))
.rounding(6.0)
).clicked() {
match save_settings_validated(settings) {
Ok(()) => {
add_log_entry(operation_log, "✅ Settings saved successfully".to_string());
ctx.send_viewport_cmd(egui::ViewportCommand::Close);
}
Err(e) => {
add_log_entry(operation_log, format!("❌ Failed to save settings: {}", e));
}
}
}
if ui.add(
egui::Button::new(
egui::RichText::new("✖ Cancel")
.size(13.0)
.color(ui.visuals().text_color())
)
.stroke(egui::Stroke::new(1.0, ui.visuals().text_color()))
.fill(egui::Color32::TRANSPARENT)
.min_size(egui::vec2(80.0, 32.0))
.rounding(6.0)
).clicked() {
ctx.send_viewport_cmd(egui::ViewportCommand::Close);
}
// Spacer
ui.add_space(ui.available_width() - 220.0);
// Secondary actions (right side)
let can_test = !settings.host.is_empty() && !settings.flow.is_empty() && !connection_tab.is_testing_connection;
let can_sync = !settings.host.is_empty() && !settings.flow.is_empty() && !connection_tab.is_syncing;
if ui.add_enabled(
can_test,
egui::Button::new(
egui::RichText::new(
if connection_tab.is_testing_connection {
"🔄 Testing..."
} else {
"🔍 Test"
}
)
.size(13.0)
.color(egui::Color32::WHITE)
)
.fill(if can_test {
egui::Color32::from_rgb(16, 124, 16)
} else {
ui.visuals().widgets.inactive.bg_fill
})
.min_size(egui::vec2(80.0, 32.0))
.rounding(6.0)
).on_hover_text("Test server connection").clicked() {
add_log_entry(operation_log, "🔍 Testing connection...".to_string());
connection_tab.start_test(settings, ctx);
}
if ui.add_enabled(
can_sync,
egui::Button::new(
egui::RichText::new(
if connection_tab.is_syncing {
"🔄 Syncing..."
} else {
"🔄 Sync"
}
)
.size(13.0)
.color(egui::Color32::WHITE)
)
.fill(if can_sync {
egui::Color32::from_rgb(255, 140, 0)
} else {
ui.visuals().widgets.inactive.bg_fill
})
.min_size(egui::vec2(80.0, 32.0))
.rounding(6.0)
).on_hover_text("Synchronize SSH keys now").clicked() {
add_log_entry(operation_log, "🔄 Starting sync...".to_string());
connection_tab.start_sync(settings, ctx);
}
});
}
/// Add entry to operation log with timestamp
pub fn add_log_entry(operation_log: &mut Vec<String>, message: String) {
let now = std::time::SystemTime::now()
.duration_since(std::time::UNIX_EPOCH)
.unwrap();
let secs = now.as_secs();
let millis = now.subsec_millis();
// Format as HH:MM:SS.mmm
let hours = (secs / 3600) % 24;
let minutes = (secs / 60) % 60;
let seconds = secs % 60;
let timestamp = format!("{:02}:{:02}:{:02}.{:03}", hours, minutes, seconds, millis);
let log_entry = format!("{} {}", timestamp, message);
operation_log.push(log_entry);
// Keep only last 20 entries to prevent memory growth
if operation_log.len() > 20 {
operation_log.remove(0);
}
}

584
src/gui/settings/window.rs Normal file
View File

@@ -0,0 +1,584 @@
use eframe::egui;
use log::info;
use std::sync::mpsc;
use crate::gui::common::{load_settings, KhmSettings};
use crate::gui::admin::{AdminState, AdminOperation, render_statistics, render_search_controls,
render_bulk_actions, render_keys_table, KeyAction, BulkAction};
use crate::gui::api::{SshKey, bulk_deprecate_servers, bulk_restore_servers,
deprecate_key, restore_key, delete_key};
use super::connection::{ConnectionTab, SettingsTab};
use super::ui::{render_connection_tab, add_log_entry};
pub struct SettingsWindow {
settings: KhmSettings,
auto_sync_interval_str: String,
current_tab: SettingsTab,
connection_tab: ConnectionTab,
admin_state: AdminState,
admin_receiver: Option<mpsc::Receiver<Result<Vec<SshKey>, String>>>,
operation_receiver: Option<mpsc::Receiver<Result<String, String>>>,
operation_log: Vec<String>,
}
impl SettingsWindow {
pub fn new() -> Self {
let settings = load_settings();
let auto_sync_interval_str = settings.auto_sync_interval_minutes.to_string();
Self {
settings,
auto_sync_interval_str,
current_tab: SettingsTab::Connection,
connection_tab: ConnectionTab::default(),
admin_state: AdminState::default(),
admin_receiver: None,
operation_receiver: None,
operation_log: Vec::new(),
}
}
}
impl eframe::App for SettingsWindow {
fn update(&mut self, ctx: &egui::Context, _frame: &mut eframe::Frame) {
// Check for admin operation results
self.check_admin_results(ctx);
// Apply enhanced modern dark theme
apply_modern_theme(ctx);
// Bottom panel for Activity Log (fixed at bottom)
egui::TopBottomPanel::bottom("activity_log_panel")
.resizable(false)
.min_height(140.0)
.max_height(140.0)
.frame(egui::Frame::none()
.fill(egui::Color32::from_gray(12))
.stroke(egui::Stroke::new(1.0, egui::Color32::from_gray(60)))
)
.show(ctx, |ui| {
render_bottom_activity_log(ui, &mut self.operation_log);
});
egui::CentralPanel::default()
.frame(egui::Frame::none()
.fill(egui::Color32::from_gray(18))
.inner_margin(egui::Margin::same(20.0))
)
.show(ctx, |ui| {
// Modern header with gradient-like styling
let header_frame = egui::Frame::none()
.fill(ui.visuals().panel_fill)
.rounding(egui::Rounding::same(8.0))
.inner_margin(egui::Margin::same(12.0))
.stroke(egui::Stroke::new(1.0, ui.visuals().widgets.noninteractive.bg_stroke.color));
header_frame.show(ui, |ui| {
ui.horizontal(|ui| {
ui.add_space(4.0);
ui.label("🔑");
ui.heading(egui::RichText::new("KHM Settings").size(20.0).strong());
ui.label(egui::RichText::new(
"(Known Hosts Manager for SSH key management and synchronization)"
).size(11.0).weak().italics());
ui.with_layout(egui::Layout::right_to_left(egui::Align::Center), |ui| {
// Version from Cargo.toml
let version = env!("CARGO_PKG_VERSION");
if ui.small_button(format!("v{}", version))
.on_hover_text(format!(
"{}\n{}\nRepository: {}\nLicense: {}",
env!("CARGO_PKG_DESCRIPTION"),
env!("CARGO_PKG_AUTHORS"),
env!("CARGO_PKG_REPOSITORY"),
"WTFPL"
))
.clicked()
{
// Open repository URL
if let Err(_) = std::process::Command::new("open")
.arg(env!("CARGO_PKG_REPOSITORY"))
.spawn()
{
// Fallback for non-macOS systems
let _ = std::process::Command::new("xdg-open")
.arg(env!("CARGO_PKG_REPOSITORY"))
.spawn();
}
}
});
});
});
ui.add_space(12.0);
// Modern tab selector with card styling
ui.horizontal(|ui| {
ui.spacing_mut().item_spacing.x = 6.0;
// Connection/Settings Tab
let connection_selected = matches!(self.current_tab, SettingsTab::Connection);
let connection_button = egui::Button::new(
egui::RichText::new("🌐 Connection").size(13.0)
)
.fill(if connection_selected {
egui::Color32::from_rgb(0, 120, 212)
} else {
ui.visuals().widgets.inactive.bg_fill
})
.stroke(if connection_selected {
egui::Stroke::new(1.0, egui::Color32::from_rgb(0, 120, 212))
} else {
egui::Stroke::new(1.0, ui.visuals().widgets.noninteractive.bg_stroke.color)
})
.rounding(6.0)
.min_size(egui::vec2(110.0, 32.0));
if ui.add(connection_button).clicked() {
self.current_tab = SettingsTab::Connection;
}
// Admin Tab
let admin_selected = matches!(self.current_tab, SettingsTab::Admin);
let admin_button = egui::Button::new(
egui::RichText::new("🔧 Admin Panel").size(13.0)
)
.fill(if admin_selected {
egui::Color32::from_rgb(120, 80, 0)
} else {
ui.visuals().widgets.inactive.bg_fill
})
.stroke(if admin_selected {
egui::Stroke::new(1.0, egui::Color32::from_rgb(120, 80, 0))
} else {
egui::Stroke::new(1.0, ui.visuals().widgets.noninteractive.bg_stroke.color)
})
.rounding(6.0)
.min_size(egui::vec2(110.0, 32.0));
if ui.add(admin_button).clicked() {
self.current_tab = SettingsTab::Admin;
}
});
ui.add_space(16.0);
// Content area with proper spacing
match self.current_tab {
SettingsTab::Connection => {
render_connection_tab(
ui,
ctx,
&mut self.settings,
&mut self.auto_sync_interval_str,
&mut self.connection_tab,
&mut self.operation_log
);
}
SettingsTab::Admin => {
self.render_admin_tab(ui, ctx);
}
}
});
}
}
impl SettingsWindow {
fn check_admin_results(&mut self, ctx: &egui::Context) {
// Check for admin keys loading result
if let Some(receiver) = &self.admin_receiver {
if let Ok(result) = receiver.try_recv() {
self.admin_state.handle_keys_loaded(result);
self.admin_receiver = None;
ctx.request_repaint();
}
}
// Check for operation results
if let Some(receiver) = &self.operation_receiver {
if let Ok(result) = receiver.try_recv() {
match result {
Ok(message) => {
info!("Operation completed: {}", message);
add_log_entry(&mut self.operation_log, format!("{}", message));
// Reload keys after operation
self.load_admin_keys(ctx);
}
Err(error) => {
add_log_entry(&mut self.operation_log, format!("❌ Operation failed: {}", error));
}
}
self.admin_state.current_operation = AdminOperation::None;
self.operation_receiver = None;
ctx.request_repaint();
}
}
}
fn render_admin_tab(&mut self, ui: &mut egui::Ui, ctx: &egui::Context) {
// Admin tab header
ui.horizontal(|ui| {
ui.label(egui::RichText::new("🔧 Admin Panel").size(18.0).strong());
ui.with_layout(egui::Layout::right_to_left(egui::Align::Center), |ui| {
if ui.button("🔁 Refresh").clicked() {
self.load_admin_keys(ctx);
}
if let Some(last_load) = self.admin_state.last_load_time {
let elapsed = last_load.elapsed().as_secs();
ui.label(format!("Updated {}s ago", elapsed));
}
});
});
ui.separator();
ui.add_space(10.0);
// Check if connection is configured
if self.settings.host.is_empty() || self.settings.flow.is_empty() {
ui.vertical_centered(|ui| {
ui.label(egui::RichText::new("❗ Please configure connection settings first")
.size(16.0)
.color(egui::Color32::YELLOW));
ui.add_space(10.0);
if ui.button("Go to Connection Settings").clicked() {
self.current_tab = SettingsTab::Connection;
}
});
return;
}
// Load keys automatically on first view
if self.admin_state.keys.is_empty() && !matches!(self.admin_state.current_operation, AdminOperation::LoadingKeys) {
self.load_admin_keys(ctx);
}
// Show loading state
if matches!(self.admin_state.current_operation, AdminOperation::LoadingKeys) {
ui.vertical_centered(|ui| {
ui.spinner();
ui.label("Loading keys...");
});
return;
}
// Statistics section
render_statistics(ui, &self.admin_state);
ui.add_space(10.0);
// Search and filters
render_search_controls(ui, &mut self.admin_state);
ui.add_space(10.0);
// Bulk actions
let bulk_action = render_bulk_actions(ui, &mut self.admin_state);
self.handle_bulk_action(bulk_action, ctx);
if self.admin_state.selected_servers.values().any(|&v| v) {
ui.add_space(8.0);
}
// Keys table
egui::ScrollArea::vertical()
.max_height(450.0)
.auto_shrink([false; 2])
.show(ui, |ui| {
let key_action = render_keys_table(ui, &mut self.admin_state);
self.handle_key_action(key_action, ctx);
});
}
fn load_admin_keys(&mut self, ctx: &egui::Context) {
if let Some(receiver) = self.admin_state.load_keys(&self.settings, ctx) {
self.admin_receiver = Some(receiver);
}
}
fn handle_bulk_action(&mut self, action: BulkAction, ctx: &egui::Context) {
match action {
BulkAction::DeprecateSelected => {
let selected = self.admin_state.get_selected_servers();
if !selected.is_empty() {
self.start_bulk_deprecate(selected, ctx);
}
}
BulkAction::RestoreSelected => {
let selected = self.admin_state.get_selected_servers();
if !selected.is_empty() {
self.start_bulk_restore(selected, ctx);
}
}
BulkAction::ClearSelection => {
// Selection already cleared in UI
}
BulkAction::None => {}
}
}
fn handle_key_action(&mut self, action: KeyAction, ctx: &egui::Context) {
match action {
KeyAction::DeprecateKey(server) | KeyAction::DeprecateServer(server) => {
self.start_deprecate_key(&server, ctx);
}
KeyAction::RestoreKey(server) | KeyAction::RestoreServer(server) => {
self.start_restore_key(&server, ctx);
}
KeyAction::DeleteKey(server) => {
self.start_delete_key(&server, ctx);
}
KeyAction::None => {}
}
}
fn start_bulk_deprecate(&mut self, servers: Vec<String>, ctx: &egui::Context) {
self.admin_state.current_operation = AdminOperation::BulkDeprecating;
add_log_entry(&mut self.operation_log, format!("Deprecating {} servers...", servers.len()));
let (tx, rx) = mpsc::channel();
self.operation_receiver = Some(rx);
let host = self.settings.host.clone();
let flow = self.settings.flow.clone();
let basic_auth = self.settings.basic_auth.clone();
let ctx_clone = ctx.clone();
std::thread::spawn(move || {
let rt = tokio::runtime::Runtime::new().unwrap();
let result = rt.block_on(async {
bulk_deprecate_servers(host, flow, basic_auth, servers).await
});
let _ = tx.send(result);
ctx_clone.request_repaint();
});
}
fn start_bulk_restore(&mut self, servers: Vec<String>, ctx: &egui::Context) {
self.admin_state.current_operation = AdminOperation::BulkRestoring;
add_log_entry(&mut self.operation_log, format!("Restoring {} servers...", servers.len()));
let (tx, rx) = mpsc::channel();
self.operation_receiver = Some(rx);
let host = self.settings.host.clone();
let flow = self.settings.flow.clone();
let basic_auth = self.settings.basic_auth.clone();
let ctx_clone = ctx.clone();
std::thread::spawn(move || {
let rt = tokio::runtime::Runtime::new().unwrap();
let result = rt.block_on(async {
bulk_restore_servers(host, flow, basic_auth, servers).await
});
let _ = tx.send(result);
ctx_clone.request_repaint();
});
}
fn start_deprecate_key(&mut self, server: &str, ctx: &egui::Context) {
self.admin_state.current_operation = AdminOperation::DeprecatingKey;
add_log_entry(&mut self.operation_log, format!("Deprecating key for server: {}", server));
let (tx, rx) = mpsc::channel();
self.operation_receiver = Some(rx);
let host = self.settings.host.clone();
let flow = self.settings.flow.clone();
let basic_auth = self.settings.basic_auth.clone();
let server_name = server.to_string();
let ctx_clone = ctx.clone();
std::thread::spawn(move || {
let rt = tokio::runtime::Runtime::new().unwrap();
let result = rt.block_on(async {
deprecate_key(host, flow, basic_auth, server_name).await
});
let _ = tx.send(result);
ctx_clone.request_repaint();
});
}
fn start_restore_key(&mut self, server: &str, ctx: &egui::Context) {
self.admin_state.current_operation = AdminOperation::RestoringKey;
add_log_entry(&mut self.operation_log, format!("Restoring key for server: {}", server));
let (tx, rx) = mpsc::channel();
self.operation_receiver = Some(rx);
let host = self.settings.host.clone();
let flow = self.settings.flow.clone();
let basic_auth = self.settings.basic_auth.clone();
let server_name = server.to_string();
let ctx_clone = ctx.clone();
std::thread::spawn(move || {
let rt = tokio::runtime::Runtime::new().unwrap();
let result = rt.block_on(async {
restore_key(host, flow, basic_auth, server_name).await
});
let _ = tx.send(result);
ctx_clone.request_repaint();
});
}
fn start_delete_key(&mut self, server: &str, ctx: &egui::Context) {
self.admin_state.current_operation = AdminOperation::DeletingKey;
add_log_entry(&mut self.operation_log, format!("Deleting key for server: {}", server));
let (tx, rx) = mpsc::channel();
self.operation_receiver = Some(rx);
let host = self.settings.host.clone();
let flow = self.settings.flow.clone();
let basic_auth = self.settings.basic_auth.clone();
let server_name = server.to_string();
let ctx_clone = ctx.clone();
std::thread::spawn(move || {
let rt = tokio::runtime::Runtime::new().unwrap();
let result = rt.block_on(async {
delete_key(host, flow, basic_auth, server_name).await
});
let _ = tx.send(result);
ctx_clone.request_repaint();
});
}
}
/// Apply modern dark theme for the settings window with enhanced styling
fn apply_modern_theme(ctx: &egui::Context) {
let mut visuals = egui::Visuals::dark();
// Modern color palette
visuals.window_fill = egui::Color32::from_gray(18); // Darker background
visuals.panel_fill = egui::Color32::from_gray(24); // Panel background
visuals.faint_bg_color = egui::Color32::from_gray(32); // Card background
visuals.extreme_bg_color = egui::Color32::from_gray(12); // Darkest areas
// Enhanced widget styling
visuals.button_frame = true;
visuals.collapsing_header_frame = true;
visuals.indent_has_left_vline = true;
visuals.striped = true;
// Modern rounded corners
let rounding = egui::Rounding::same(8.0);
visuals.menu_rounding = rounding;
visuals.window_rounding = egui::Rounding::same(16.0);
visuals.widgets.noninteractive.rounding = rounding;
visuals.widgets.inactive.rounding = rounding;
visuals.widgets.hovered.rounding = rounding;
visuals.widgets.active.rounding = rounding;
// Better widget colors
visuals.widgets.noninteractive.bg_fill = egui::Color32::from_gray(40);
visuals.widgets.inactive.bg_fill = egui::Color32::from_gray(45);
visuals.widgets.hovered.bg_fill = egui::Color32::from_gray(55);
visuals.widgets.active.bg_fill = egui::Color32::from_gray(60);
// Subtle borders
let border_color = egui::Color32::from_gray(60);
visuals.widgets.noninteractive.bg_stroke = egui::Stroke::new(1.0, border_color);
visuals.widgets.inactive.bg_stroke = egui::Stroke::new(1.0, border_color);
visuals.widgets.hovered.bg_stroke = egui::Stroke::new(1.5, egui::Color32::from_gray(80));
visuals.widgets.active.bg_stroke = egui::Stroke::new(1.5, egui::Color32::from_gray(100));
ctx.set_visuals(visuals);
}
/// Render bottom activity log panel
fn render_bottom_activity_log(ui: &mut egui::Ui, operation_log: &mut Vec<String>) {
ui.add_space(18.0); // Larger top padding
ui.horizontal(|ui| {
ui.add_space(8.0);
ui.label("📋");
ui.label(egui::RichText::new("Activity Log").size(13.0).strong());
ui.with_layout(egui::Layout::right_to_left(egui::Align::Min), |ui| {
ui.add_space(8.0);
if ui.small_button("🗑 Clear").clicked() {
operation_log.clear();
}
});
});
ui.add_space(8.0);
// Add horizontal margin for the text area
ui.horizontal(|ui| {
ui.add_space(8.0); // Left margin
// Show last 5 log entries in multiline text
let log_text = if operation_log.is_empty() {
"No recent activity".to_string()
} else {
let start_idx = if operation_log.len() > 5 {
operation_log.len() - 5
} else {
0
};
operation_log[start_idx..].join("\n")
};
ui.add_sized(
[ui.available_width() - 8.0, 80.0], // Account for right margin
egui::TextEdit::multiline(&mut log_text.clone())
.font(egui::FontId::new(11.0, egui::FontFamily::Monospace))
.interactive(false)
);
ui.add_space(8.0); // Right margin
});
}
/// Create window icon for settings window
pub fn create_window_icon() -> egui::IconData {
// Create a simple programmatic icon (blue square with white border)
let icon_size = 32;
let icon_data: Vec<u8> = (0..icon_size * icon_size)
.flat_map(|i| {
let y = i / icon_size;
let x = i % icon_size;
if x < 2 || x >= 30 || y < 2 || y >= 30 {
[255, 255, 255, 255] // White border
} else {
[64, 128, 255, 255] // Blue center
}
})
.collect();
egui::IconData {
rgba: icon_data,
width: icon_size as u32,
height: icon_size as u32,
}
}
/// Run the settings window application with modern horizontal styling
pub fn run_settings_window() {
let options = eframe::NativeOptions {
viewport: egui::ViewportBuilder::default()
.with_title("KHM Settings")
.with_inner_size([900.0, 905.0]) // Decreased height by another 15px
.with_min_inner_size([900.0, 905.0]) // Fixed size
.with_max_inner_size([900.0, 905.0]) // Same as min - fixed size
.with_resizable(false) // Disable resizing since window is fixed size
.with_icon(create_window_icon())
.with_decorations(true)
.with_transparent(false),
centered: true,
..Default::default()
};
let _ = eframe::run_native(
"KHM Settings",
options,
Box::new(|_cc| Ok(Box::new(SettingsWindow::new()))),
);
}

275
src/gui/tray/app.rs Normal file
View File

@@ -0,0 +1,275 @@
use log::{error, info};
#[cfg(feature = "gui")]
use notify::RecursiveMode;
#[cfg(feature = "gui")]
use notify_debouncer_mini::{new_debouncer, DebounceEventResult};
use std::sync::{Arc, Mutex};
use std::time::Duration;
use tray_icon::{
menu::MenuEvent,
TrayIcon,
};
use winit::{
application::ApplicationHandler,
event_loop::{EventLoop, EventLoopProxy},
};
#[cfg(target_os = "macos")]
use winit::platform::macos::EventLoopBuilderExtMacOS;
use super::{SyncStatus, TrayMenuIds, create_tray_icon, update_tray_menu,
create_tooltip, start_auto_sync_task, update_sync_status};
use crate::gui::common::{load_settings, get_config_path, perform_sync, KhmSettings};
pub struct TrayApplication {
tray_icon: Option<TrayIcon>,
menu_ids: Option<TrayMenuIds>,
settings: Arc<Mutex<KhmSettings>>,
sync_status: Arc<Mutex<SyncStatus>>,
#[cfg(feature = "gui")]
_debouncer: Option<notify_debouncer_mini::Debouncer<notify::RecommendedWatcher>>,
proxy: EventLoopProxy<crate::gui::UserEvent>,
auto_sync_handle: Option<std::thread::JoinHandle<()>>,
}
impl TrayApplication {
pub fn new(proxy: EventLoopProxy<crate::gui::UserEvent>) -> Self {
Self {
tray_icon: None,
menu_ids: None,
settings: Arc::new(Mutex::new(load_settings())),
sync_status: Arc::new(Mutex::new(SyncStatus::default())),
#[cfg(feature = "gui")]
_debouncer: None,
proxy,
auto_sync_handle: None,
}
}
#[cfg(feature = "gui")]
fn setup_file_watcher(&mut self) {
let config_path = get_config_path();
let (tx, rx) = std::sync::mpsc::channel::<DebounceEventResult>();
let proxy = self.proxy.clone();
std::thread::spawn(move || {
while let Ok(result) = rx.recv() {
if let Ok(events) = result {
if events.iter().any(|e| e.path.to_string_lossy().contains("khm_config.json")) {
let _ = proxy.send_event(crate::gui::UserEvent::ConfigFileChanged);
}
}
}
});
if let Ok(mut debouncer) = new_debouncer(Duration::from_millis(500), tx) {
if let Some(config_dir) = config_path.parent() {
if debouncer.watcher().watch(config_dir, RecursiveMode::NonRecursive).is_ok() {
info!("File watcher started");
self._debouncer = Some(debouncer);
} else {
error!("Failed to start file watcher");
}
}
}
}
fn handle_config_change(&mut self) {
info!("Config file changed");
let new_settings = load_settings();
let old_interval = self.settings.lock().unwrap().auto_sync_interval_minutes;
let new_interval = new_settings.auto_sync_interval_minutes;
*self.settings.lock().unwrap() = new_settings;
// Update menu
if let Some(tray_icon) = &self.tray_icon {
let settings = self.settings.lock().unwrap();
let new_menu_ids = update_tray_menu(tray_icon, &settings);
self.menu_ids = Some(new_menu_ids);
}
// Update tooltip
self.update_tooltip();
// Restart auto sync if interval changed
if old_interval != new_interval {
info!("Auto sync interval changed from {} to {} minutes, restarting auto sync", old_interval, new_interval);
self.start_auto_sync();
}
}
fn start_auto_sync(&mut self) {
if let Some(handle) = self.auto_sync_handle.take() {
// Note: In a real implementation, you'd want to properly signal the thread to stop
drop(handle);
}
self.auto_sync_handle = start_auto_sync_task(
Arc::clone(&self.settings),
Arc::clone(&self.sync_status),
self.proxy.clone()
);
}
fn update_tooltip(&self) {
if let Some(tray_icon) = &self.tray_icon {
let settings = self.settings.lock().unwrap();
let sync_status = self.sync_status.lock().unwrap();
let tooltip = create_tooltip(&settings, &sync_status);
let _ = tray_icon.set_tooltip(Some(&tooltip));
}
}
fn handle_menu_event(&mut self, event: MenuEvent, event_loop: &winit::event_loop::ActiveEventLoop) {
if let Some(menu_ids) = &self.menu_ids {
if event.id == menu_ids.settings_id {
info!("Settings menu clicked");
self.launch_settings_window();
} else if event.id == menu_ids.quit_id {
info!("Quitting KHM application");
event_loop.exit();
} else if event.id == menu_ids.sync_id {
info!("Starting manual sync operation");
self.start_manual_sync();
}
}
}
fn launch_settings_window(&self) {
if let Ok(exe_path) = std::env::current_exe() {
std::thread::spawn(move || {
if let Err(e) = std::process::Command::new(&exe_path)
.arg("--gui")
.arg("--settings-ui")
.spawn()
{
error!("Failed to launch settings window: {}", e);
}
});
}
}
fn start_manual_sync(&self) {
let settings = self.settings.lock().unwrap().clone();
let sync_status_clone: Arc<Mutex<SyncStatus>> = Arc::clone(&self.sync_status);
let proxy_clone = self.proxy.clone();
// Check if settings are valid
if settings.host.is_empty() || settings.flow.is_empty() {
error!("Cannot sync: host or flow not configured");
return;
}
info!("Syncing with host: {}, flow: {}", settings.host, settings.flow);
// Run sync in separate thread with its own tokio runtime
std::thread::spawn(move || {
let rt = tokio::runtime::Runtime::new().unwrap();
rt.block_on(async {
match perform_sync(&settings).await {
Ok(keys_count) => {
info!("Sync completed successfully with {} keys", keys_count);
let mut status = sync_status_clone.lock().unwrap();
status.last_sync_time = Some(std::time::Instant::now());
status.last_sync_keys = Some(keys_count);
let _ = proxy_clone.send_event(crate::gui::UserEvent::UpdateMenu);
}
Err(e) => {
error!("Sync failed: {}", e);
}
}
});
});
}
fn handle_update_menu(&mut self) {
let settings = self.settings.lock().unwrap();
if !settings.host.is_empty() && !settings.flow.is_empty() && settings.in_place {
let mut sync_status = self.sync_status.lock().unwrap();
update_sync_status(&settings, &mut sync_status);
}
drop(settings);
self.update_tooltip();
}
}
impl ApplicationHandler<crate::gui::UserEvent> for TrayApplication {
fn window_event(
&mut self,
_event_loop: &winit::event_loop::ActiveEventLoop,
_window_id: winit::window::WindowId,
_event: winit::event::WindowEvent,
) {}
fn resumed(&mut self, _event_loop: &winit::event_loop::ActiveEventLoop) {
if self.tray_icon.is_none() {
info!("Creating tray icon");
let settings = self.settings.lock().unwrap();
let sync_status = self.sync_status.lock().unwrap();
let (tray_icon, menu_ids) = create_tray_icon(&settings, &sync_status);
drop(settings);
drop(sync_status);
self.tray_icon = Some(tray_icon);
self.menu_ids = Some(menu_ids);
self.setup_file_watcher();
self.start_auto_sync();
info!("KHM tray application ready");
}
}
fn user_event(&mut self, event_loop: &winit::event_loop::ActiveEventLoop, event: crate::gui::UserEvent) {
match event {
crate::gui::UserEvent::TrayIconEvent => {}
crate::gui::UserEvent::UpdateMenu => {
self.handle_update_menu();
}
crate::gui::UserEvent::MenuEvent(event) => {
self.handle_menu_event(event, event_loop);
}
crate::gui::UserEvent::ConfigFileChanged => {
self.handle_config_change();
}
}
}
}
/// Run tray application
pub async fn run_tray_app() -> std::io::Result<()> {
#[cfg(target_os = "macos")]
let event_loop = {
use winit::platform::macos::ActivationPolicy;
EventLoop::<crate::gui::UserEvent>::with_user_event()
.with_activation_policy(ActivationPolicy::Accessory)
.build()
.map_err(|e| std::io::Error::new(std::io::ErrorKind::Other, format!("Failed to create event loop: {}", e)))?
};
#[cfg(not(target_os = "macos"))]
let event_loop = EventLoop::<crate::gui::UserEvent>::with_user_event().build()
.map_err(|e| std::io::Error::new(std::io::ErrorKind::Other, format!("Failed to create event loop: {}", e)))?;
let proxy = event_loop.create_proxy();
// Setup event handlers
let proxy_clone = proxy.clone();
tray_icon::TrayIconEvent::set_event_handler(Some(move |_event| {
let _ = proxy_clone.send_event(crate::gui::UserEvent::TrayIconEvent);
}));
let proxy_clone = proxy.clone();
MenuEvent::set_event_handler(Some(move |event: MenuEvent| {
let _ = proxy_clone.send_event(crate::gui::UserEvent::MenuEvent(event));
}));
let mut app = TrayApplication::new(proxy);
event_loop.run_app(&mut app)
.map_err(|e| std::io::Error::new(std::io::ErrorKind::Other, format!("Event loop error: {:?}", e)))?;
Ok(())
}

281
src/gui/tray/icon.rs Normal file
View File

@@ -0,0 +1,281 @@
use log::{error, info};
use std::sync::{Arc, Mutex};
use tray_icon::{
menu::{Menu, MenuItem, MenuId},
TrayIcon, TrayIconBuilder,
};
use crate::gui::common::{KhmSettings, perform_sync};
#[derive(Debug, Clone)]
pub struct SyncStatus {
pub last_sync_time: Option<std::time::Instant>,
pub last_sync_keys: Option<usize>,
pub next_sync_in_seconds: Option<u64>,
}
impl Default for SyncStatus {
fn default() -> Self {
Self {
last_sync_time: None,
last_sync_keys: None,
next_sync_in_seconds: None,
}
}
}
pub struct TrayMenuIds {
pub settings_id: MenuId,
pub quit_id: MenuId,
pub sync_id: MenuId,
}
/// Create tray icon with menu
pub fn create_tray_icon(settings: &KhmSettings, sync_status: &SyncStatus) -> (TrayIcon, TrayMenuIds) {
// Create simple blue icon
let icon_data: Vec<u8> = (0..32*32).flat_map(|i| {
let y = i / 32;
let x = i % 32;
if x < 2 || x >= 30 || y < 2 || y >= 30 {
[255, 255, 255, 255] // White border
} else {
[64, 128, 255, 255] // Blue center
}
}).collect();
let icon = tray_icon::Icon::from_rgba(icon_data, 32, 32).unwrap();
let menu = Menu::new();
// Show current configuration status (static)
let host_text = if settings.host.is_empty() {
"Host: Not configured"
} else {
&format!("Host: {}", settings.host)
};
menu.append(&MenuItem::new(host_text, false, None)).unwrap();
let flow_text = if settings.flow.is_empty() {
"Flow: Not configured"
} else {
&format!("Flow: {}", settings.flow)
};
menu.append(&MenuItem::new(flow_text, false, None)).unwrap();
let is_auto_sync_enabled = !settings.host.is_empty() && !settings.flow.is_empty() && settings.in_place;
let sync_text = format!("Auto sync: {} ({}min)",
if is_auto_sync_enabled { "On" } else { "Off" },
settings.auto_sync_interval_minutes);
menu.append(&MenuItem::new(&sync_text, false, None)).unwrap();
menu.append(&tray_icon::menu::PredefinedMenuItem::separator()).unwrap();
// Sync Now menu item
let sync_item = MenuItem::new("Sync Now", !settings.host.is_empty() && !settings.flow.is_empty(), None);
let sync_id = sync_item.id().clone();
menu.append(&sync_item).unwrap();
menu.append(&tray_icon::menu::PredefinedMenuItem::separator()).unwrap();
// Settings menu item
let settings_item = MenuItem::new("Settings", true, None);
let settings_id = settings_item.id().clone();
menu.append(&settings_item).unwrap();
menu.append(&tray_icon::menu::PredefinedMenuItem::separator()).unwrap();
// Quit menu item
let quit_item = MenuItem::new("Quit", true, None);
let quit_id = quit_item.id().clone();
menu.append(&quit_item).unwrap();
// Create initial tooltip
let tooltip = create_tooltip(settings, sync_status);
let tray_icon = TrayIconBuilder::new()
.with_tooltip(&tooltip)
.with_icon(icon)
.with_menu(Box::new(menu))
.build()
.unwrap();
let menu_ids = TrayMenuIds {
settings_id,
quit_id,
sync_id,
};
(tray_icon, menu_ids)
}
/// Update tray menu with new settings
pub fn update_tray_menu(tray_icon: &TrayIcon, settings: &KhmSettings) -> TrayMenuIds {
let menu = Menu::new();
// Show current configuration status (static)
let host_text = if settings.host.is_empty() {
"Host: Not configured"
} else {
&format!("Host: {}", settings.host)
};
menu.append(&MenuItem::new(host_text, false, None)).unwrap();
let flow_text = if settings.flow.is_empty() {
"Flow: Not configured"
} else {
&format!("Flow: {}", settings.flow)
};
menu.append(&MenuItem::new(flow_text, false, None)).unwrap();
let is_auto_sync_enabled = !settings.host.is_empty() && !settings.flow.is_empty() && settings.in_place;
let sync_text = format!("Auto sync: {} ({}min)",
if is_auto_sync_enabled { "On" } else { "Off" },
settings.auto_sync_interval_minutes);
menu.append(&MenuItem::new(&sync_text, false, None)).unwrap();
menu.append(&tray_icon::menu::PredefinedMenuItem::separator()).unwrap();
// Sync Now menu item
let sync_item = MenuItem::new("Sync Now", !settings.host.is_empty() && !settings.flow.is_empty(), None);
let sync_id = sync_item.id().clone();
menu.append(&sync_item).unwrap();
menu.append(&tray_icon::menu::PredefinedMenuItem::separator()).unwrap();
// Settings menu item
let settings_item = MenuItem::new("Settings", true, None);
let settings_id = settings_item.id().clone();
menu.append(&settings_item).unwrap();
menu.append(&tray_icon::menu::PredefinedMenuItem::separator()).unwrap();
// Quit menu item
let quit_item = MenuItem::new("Quit", true, None);
let quit_id = quit_item.id().clone();
menu.append(&quit_item).unwrap();
tray_icon.set_menu(Some(Box::new(menu)));
TrayMenuIds {
settings_id,
quit_id,
sync_id,
}
}
/// Create tooltip text for tray icon
pub fn create_tooltip(settings: &KhmSettings, sync_status: &SyncStatus) -> String {
let mut tooltip = format!("KHM - SSH Key Manager\nHost: {}\nFlow: {}", settings.host, settings.flow);
if let Some(keys_count) = sync_status.last_sync_keys {
tooltip.push_str(&format!("\nLast sync: {} keys", keys_count));
} else {
tooltip.push_str("\nLast sync: Never");
}
if let Some(seconds) = sync_status.next_sync_in_seconds {
if seconds > 60 {
tooltip.push_str(&format!("\nNext sync: {}m {}s", seconds / 60, seconds % 60));
} else {
tooltip.push_str(&format!("\nNext sync: {}s", seconds));
}
}
tooltip
}
/// Start auto sync background task
pub fn start_auto_sync_task(
settings: Arc<Mutex<KhmSettings>>,
sync_status: Arc<Mutex<SyncStatus>>,
event_sender: winit::event_loop::EventLoopProxy<crate::gui::UserEvent>
) -> Option<std::thread::JoinHandle<()>> {
let initial_settings = settings.lock().unwrap().clone();
// Only start auto sync if settings are valid and in_place is enabled
if initial_settings.host.is_empty() || initial_settings.flow.is_empty() || !initial_settings.in_place {
info!("Auto sync disabled or settings invalid");
return None;
}
info!("Starting auto sync with interval {} minutes", initial_settings.auto_sync_interval_minutes);
let handle = std::thread::spawn(move || {
// Initial sync on startup
info!("Performing initial sync on startup");
let current_settings = settings.lock().unwrap().clone();
if !current_settings.host.is_empty() && !current_settings.flow.is_empty() {
let rt = tokio::runtime::Runtime::new().unwrap();
rt.block_on(async {
match perform_sync(&current_settings).await {
Ok(keys_count) => {
info!("Initial sync completed successfully with {} keys", keys_count);
let mut status = sync_status.lock().unwrap();
status.last_sync_time = Some(std::time::Instant::now());
status.last_sync_keys = Some(keys_count);
let _ = event_sender.send_event(crate::gui::UserEvent::UpdateMenu);
}
Err(e) => {
error!("Initial sync failed: {}", e);
}
}
});
}
// Start menu update timer
let timer_sender = event_sender.clone();
std::thread::spawn(move || {
loop {
std::thread::sleep(std::time::Duration::from_secs(1));
let _ = timer_sender.send_event(crate::gui::UserEvent::UpdateMenu);
}
});
// Periodic sync
loop {
let interval_minutes = current_settings.auto_sync_interval_minutes;
std::thread::sleep(std::time::Duration::from_secs(interval_minutes as u64 * 60));
let current_settings = settings.lock().unwrap().clone();
if current_settings.host.is_empty() || current_settings.flow.is_empty() || !current_settings.in_place {
info!("Auto sync stopped due to invalid settings or disabled in_place");
break;
}
info!("Performing scheduled auto sync");
let rt = tokio::runtime::Runtime::new().unwrap();
rt.block_on(async {
match perform_sync(&current_settings).await {
Ok(keys_count) => {
info!("Auto sync completed successfully with {} keys", keys_count);
let mut status = sync_status.lock().unwrap();
status.last_sync_time = Some(std::time::Instant::now());
status.last_sync_keys = Some(keys_count);
let _ = event_sender.send_event(crate::gui::UserEvent::UpdateMenu);
}
Err(e) => {
error!("Auto sync failed: {}", e);
}
}
});
}
});
Some(handle)
}
/// Update sync status for tooltip
pub fn update_sync_status(settings: &KhmSettings, sync_status: &mut SyncStatus) {
if !settings.host.is_empty() && !settings.flow.is_empty() && settings.in_place {
if let Some(last_sync) = sync_status.last_sync_time {
let elapsed = last_sync.elapsed().as_secs();
let interval_seconds = settings.auto_sync_interval_minutes as u64 * 60;
if elapsed < interval_seconds {
sync_status.next_sync_in_seconds = Some(interval_seconds - elapsed);
} else {
sync_status.next_sync_in_seconds = Some(0);
}
} else {
sync_status.next_sync_in_seconds = None;
}
}
}

6
src/gui/tray/mod.rs Normal file
View File

@@ -0,0 +1,6 @@
mod app;
mod icon;
pub use app::*;
pub use icon::{SyncStatus, TrayMenuIds, create_tray_icon, update_tray_menu,
create_tooltip, start_auto_sync_task, update_sync_status};

119
src/main.rs
View File

@@ -2,6 +2,7 @@ mod client;
mod db; mod db;
mod server; mod server;
mod web; mod web;
mod gui;
use clap::Parser; use clap::Parser;
use env_logger; use env_logger;
@@ -10,7 +11,7 @@ use log::{error, info};
/// This application manages SSH keys and flows, either as a server or client. /// This application manages SSH keys and flows, either as a server or client.
/// In server mode, it stores keys and flows in a PostgreSQL database. /// In server mode, it stores keys and flows in a PostgreSQL database.
/// In client mode, it sends keys to the server and can update the known_hosts file with keys from the server. /// In client mode, it sends keys to the server and can update the known_hosts file with keys from the server.
#[derive(Parser, Debug)] #[derive(Parser, Debug, Clone)]
#[command( #[command(
author = env!("CARGO_PKG_AUTHORS"), author = env!("CARGO_PKG_AUTHORS"),
version = env!("CARGO_PKG_VERSION"), version = env!("CARGO_PKG_VERSION"),
@@ -22,25 +23,33 @@ use log::{error, info};
khm --server --ip 0.0.0.0 --port 1337 --db-host psql.psql.svc --db-name khm --db-user admin --db-password <SECRET> --flows work,home\n\ khm --server --ip 0.0.0.0 --port 1337 --db-host psql.psql.svc --db-name khm --db-user admin --db-password <SECRET> --flows work,home\n\
\n\ \n\
Running in client mode to send diff and sync ~/.ssh/known_hosts with remote flow `work` in place:\n\ Running in client mode to send diff and sync ~/.ssh/known_hosts with remote flow `work` in place:\n\
khm --host https://khm.example.com/work --known-hosts ~/.ssh/known_hosts --in-place\n\ khm --host https://khm.example.com --flow work --known-hosts ~/.ssh/known_hosts --in-place\n\
\n\ \n\
" "
)] )]
struct Args { pub struct Args {
/// Run in server mode (default: false) /// Run in server mode (default: false)
#[arg(long, help = "Run in server mode")] #[arg(long, help = "Run in server mode")]
server: bool, pub server: bool,
/// Run with GUI tray interface (default: false)
#[arg(long, help = "Run with GUI tray interface")]
pub gui: bool,
/// Run settings UI window (used with --gui)
#[arg(long, help = "Run settings UI window (used with --gui)")]
pub settings_ui: bool,
/// Update the known_hosts file with keys from the server after sending keys (default: false) /// Update the known_hosts file with keys from the server after sending keys (default: false)
#[arg( #[arg(
long, long,
help = "Server mode: Sync the known_hosts file with keys from the server" help = "Server mode: Sync the known_hosts file with keys from the server"
)] )]
in_place: bool, pub in_place: bool,
/// Comma-separated list of flows to manage (default: default) /// Comma-separated list of flows to manage (default: default)
#[arg(long, default_value = "default", value_parser, num_args = 1.., value_delimiter = ',', help = "Server mode: Comma-separated list of flows to manage")] #[arg(long, default_value = "default", value_parser, num_args = 1.., value_delimiter = ',', help = "Server mode: Comma-separated list of flows to manage")]
flows: Vec<String>, pub flows: Vec<String>,
/// IP address to bind the server or client to (default: 127.0.0.1) /// IP address to bind the server or client to (default: 127.0.0.1)
#[arg( #[arg(
@@ -49,7 +58,7 @@ struct Args {
default_value = "127.0.0.1", default_value = "127.0.0.1",
help = "Server mode: IP address to bind the server to" help = "Server mode: IP address to bind the server to"
)] )]
ip: String, pub ip: String,
/// Port to bind the server or client to (default: 8080) /// Port to bind the server or client to (default: 8080)
#[arg( #[arg(
@@ -58,7 +67,7 @@ struct Args {
default_value = "8080", default_value = "8080",
help = "Server mode: Port to bind the server to" help = "Server mode: Port to bind the server to"
)] )]
port: u16, pub port: u16,
/// Hostname or IP address of the PostgreSQL database (default: 127.0.0.1) /// Hostname or IP address of the PostgreSQL database (default: 127.0.0.1)
#[arg( #[arg(
@@ -66,7 +75,7 @@ struct Args {
default_value = "127.0.0.1", default_value = "127.0.0.1",
help = "Server mode: Hostname or IP address of the PostgreSQL database" help = "Server mode: Hostname or IP address of the PostgreSQL database"
)] )]
db_host: String, pub db_host: String,
/// Name of the PostgreSQL database (default: khm) /// Name of the PostgreSQL database (default: khm)
#[arg( #[arg(
@@ -74,7 +83,7 @@ struct Args {
default_value = "khm", default_value = "khm",
help = "Server mode: Name of the PostgreSQL database" help = "Server mode: Name of the PostgreSQL database"
)] )]
db_name: String, pub db_name: String,
/// Username for the PostgreSQL database (required in server mode) /// Username for the PostgreSQL database (required in server mode)
#[arg( #[arg(
@@ -82,7 +91,7 @@ struct Args {
required_if_eq("server", "true"), required_if_eq("server", "true"),
help = "Server mode: Username for the PostgreSQL database" help = "Server mode: Username for the PostgreSQL database"
)] )]
db_user: Option<String>, pub db_user: Option<String>,
/// Password for the PostgreSQL database (required in server mode) /// Password for the PostgreSQL database (required in server mode)
#[arg( #[arg(
@@ -90,15 +99,23 @@ struct Args {
required_if_eq("server", "true"), required_if_eq("server", "true"),
help = "Server mode: Password for the PostgreSQL database" help = "Server mode: Password for the PostgreSQL database"
)] )]
db_password: Option<String>, pub db_password: Option<String>,
/// Host address of the server to connect to in client mode (required in client mode) /// Host address of the server to connect to in client mode (required in client mode)
#[arg( #[arg(
long, long,
required_if_eq("server", "false"), required_if_eq("server", "false"),
help = "Client mode: Full host address of the server to connect to. Like https://khm.example.com/<FLOW_NAME>" help = "Client mode: Full host address of the server to connect to. Like https://khm.example.com"
)] )]
host: Option<String>, pub host: Option<String>,
/// Flow name to use on the server
#[arg(
long,
required_if_eq("server", "false"),
help = "Client mode: Flow name to use on the server"
)]
pub flow: Option<String>,
/// Path to the known_hosts file (default: ~/.ssh/known_hosts) /// Path to the known_hosts file (default: ~/.ssh/known_hosts)
#[arg( #[arg(
@@ -106,28 +123,84 @@ struct Args {
default_value = "~/.ssh/known_hosts", default_value = "~/.ssh/known_hosts",
help = "Client mode: Path to the known_hosts file" help = "Client mode: Path to the known_hosts file"
)] )]
known_hosts: String, pub known_hosts: String,
/// Basic auth string for client mode. Format: user:pass /// Basic auth string for client mode. Format: user:pass
#[arg(long, default_value = "", help = "Client mode: Basic Auth credentials")] #[arg(long, default_value = "", help = "Client mode: Basic Auth credentials")]
basic_auth: String, pub basic_auth: String,
} }
#[actix_web::main] #[actix_web::main]
async fn main() -> std::io::Result<()> { async fn main() -> std::io::Result<()> {
env_logger::init(); // Configure logging to show only khm logs, filtering out noisy library logs
env_logger::Builder::from_default_env()
.filter_level(log::LevelFilter::Warn) // Default level for all modules
.filter_module("khm", log::LevelFilter::Debug) // Our app logs
.filter_module("actix_web", log::LevelFilter::Info) // Server logs
.filter_module("reqwest", log::LevelFilter::Warn) // HTTP client
.filter_module("winit", log::LevelFilter::Error) // Window management
.filter_module("egui", log::LevelFilter::Error) // GUI framework
.filter_module("eframe", log::LevelFilter::Error) // GUI framework
.filter_module("tray_icon", log::LevelFilter::Error) // Tray icon
.filter_module("wgpu", log::LevelFilter::Error) // Graphics
.filter_module("naga", log::LevelFilter::Error) // Graphics
.filter_module("glow", log::LevelFilter::Error) // Graphics
.filter_module("tracing", log::LevelFilter::Error) // Tracing spans
.init();
info!("Starting SSH Key Manager"); info!("Starting SSH Key Manager");
let args = Args::parse(); let args = Args::parse();
// Check if we have the minimum required arguments // Settings UI mode - just show settings window and exit
if !args.server && args.host.is_none() { if args.settings_ui {
// Neither server mode nor client mode properly configured #[cfg(feature = "gui")]
eprintln!("Error: You must specify either server mode (--server) or client mode (--host)"); {
info!("Running settings UI window");
gui::run_settings_window();
return Ok(());
}
#[cfg(not(feature = "gui"))]
{
error!("GUI features not compiled. Install system dependencies and rebuild with --features gui");
return Err(std::io::Error::new(
std::io::ErrorKind::Unsupported,
"GUI features not compiled"
));
}
}
// GUI mode has priority
if args.gui {
info!("Running in GUI mode");
if let Err(e) = gui::run_gui().await {
error!("Failed to run GUI: {}", e);
}
return Ok(());
}
// Check if we have the minimum required arguments for server/client mode
if !args.server && !args.gui && (args.host.is_none() || args.flow.is_none()) {
// Neither server mode nor client mode nor GUI mode properly configured
eprintln!("Error: You must specify either server mode (--server), client mode (--host and --flow), or GUI mode (--gui)");
eprintln!(); eprintln!();
eprintln!("Examples:"); eprintln!("Examples:");
eprintln!(" Server mode: {} --server --db-user admin --db-password pass --flows work,home", env!("CARGO_PKG_NAME")); eprintln!(
eprintln!(" Client mode: {} --host https://khm.example.com/work", env!("CARGO_PKG_NAME")); " Server mode: {} --server --db-user admin --db-password pass --flows work,home",
env!("CARGO_PKG_NAME")
);
eprintln!(
" Client mode: {} --host https://khm.example.com --flow work",
env!("CARGO_PKG_NAME")
);
eprintln!(
" GUI mode: {} --gui",
env!("CARGO_PKG_NAME")
);
eprintln!(
" Settings window: {} --gui --settings-ui",
env!("CARGO_PKG_NAME")
);
eprintln!(); eprintln!();
eprintln!("Use --help for more information."); eprintln!("Use --help for more information.");
std::process::exit(1); std::process::exit(1);

127
src/server.rs
View File

@@ -2,16 +2,16 @@ use actix_web::{web, App, HttpRequest, HttpResponse, HttpServer, Responder};
use log::{error, info}; use log::{error, info};
use regex::Regex; use regex::Regex;
use serde::{Deserialize, Serialize}; use serde::{Deserialize, Serialize};
use std::collections::HashMap;
use std::sync::{Arc, Mutex}; use std::sync::{Arc, Mutex};
use tokio_postgres::{Client, NoTls};
use crate::db; use crate::db::ReconnectingDbClient;
#[derive(Serialize, Deserialize, Clone, Debug)] #[derive(Serialize, Deserialize, Clone, Debug)]
pub struct SshKey { pub struct SshKey {
pub server: String, pub server: String,
pub public_key: String, pub public_key: String,
#[serde(default)]
pub deprecated: bool,
} }
#[derive(Serialize, Deserialize, Clone, Debug)] #[derive(Serialize, Deserialize, Clone, Debug)]
@@ -35,41 +35,6 @@ pub fn is_valid_ssh_key(key: &str) -> bool {
|| ed25519_re.is_match(key) || ed25519_re.is_match(key)
} }
pub async fn get_keys_from_db(client: &Client) -> Result<Vec<Flow>, tokio_postgres::Error> {
let rows = client.query(
"SELECT k.host, k.key, f.name FROM public.keys k INNER JOIN public.flows f ON k.key_id = f.key_id",
&[]
).await?;
let mut flows_map: HashMap<String, Flow> = HashMap::new();
for row in rows {
let host: String = row.get(0);
let key: String = row.get(1);
let flow: String = row.get(2);
let ssh_key = SshKey {
server: host,
public_key: key,
};
if let Some(flow_entry) = flows_map.get_mut(&flow) {
flow_entry.servers.push(ssh_key);
} else {
flows_map.insert(
flow.clone(),
Flow {
name: flow,
servers: vec![ssh_key],
},
);
}
}
info!("Retrieved {} flows from database", flows_map.len());
Ok(flows_map.into_values().collect())
}
// Extract client hostname from request headers // Extract client hostname from request headers
fn get_client_hostname(req: &HttpRequest) -> String { fn get_client_hostname(req: &HttpRequest) -> String {
if let Some(hostname) = req.headers().get("X-Client-Hostname") { if let Some(hostname) = req.headers().get("X-Client-Hostname") {
@@ -85,6 +50,7 @@ pub async fn get_keys(
flow_id: web::Path<String>, flow_id: web::Path<String>,
allowed_flows: web::Data<Vec<String>>, allowed_flows: web::Data<Vec<String>>,
req: HttpRequest, req: HttpRequest,
query: web::Query<std::collections::HashMap<String, String>>,
) -> impl Responder { ) -> impl Responder {
let client_hostname = get_client_hostname(&req); let client_hostname = get_client_hostname(&req);
let flow_id_str = flow_id.into_inner(); let flow_id_str = flow_id.into_inner();
@@ -104,10 +70,25 @@ pub async fn get_keys(
let flows = flows.lock().unwrap(); let flows = flows.lock().unwrap();
if let Some(flow) = flows.iter().find(|flow| flow.name == flow_id_str) { if let Some(flow) = flows.iter().find(|flow| flow.name == flow_id_str) {
let servers: Vec<&SshKey> = flow.servers.iter().collect(); // Check if we should include deprecated keys (default: false for CLI clients)
let include_deprecated = query
.get("include_deprecated")
.map(|v| v == "true")
.unwrap_or(false);
let servers: Vec<&SshKey> = if include_deprecated {
// Return all keys (for web interface)
flow.servers.iter().collect()
} else {
// Return only active keys (for CLI clients)
flow.servers.iter().filter(|key| !key.deprecated).collect()
};
info!( info!(
"Returning {} keys for flow '{}' to client '{}'", "Returning {} keys ({} total, deprecated filtered: {}) for flow '{}' to client '{}'",
servers.len(), servers.len(),
flow.servers.len(),
!include_deprecated,
flow_id_str, flow_id_str,
client_hostname client_hostname
); );
@@ -125,7 +106,7 @@ pub async fn add_keys(
flows: web::Data<Flows>, flows: web::Data<Flows>,
flow_id: web::Path<String>, flow_id: web::Path<String>,
new_keys: web::Json<Vec<SshKey>>, new_keys: web::Json<Vec<SshKey>>,
db_client: web::Data<Arc<Client>>, db_client: web::Data<Arc<ReconnectingDbClient>>,
allowed_flows: web::Data<Vec<String>>, allowed_flows: web::Data<Vec<String>>,
req: HttpRequest, req: HttpRequest,
) -> impl Responder { ) -> impl Responder {
@@ -171,7 +152,10 @@ pub async fn add_keys(
); );
// Batch insert keys with statistics // Batch insert keys with statistics
let key_stats = match crate::db::batch_insert_keys(&db_client, &valid_keys).await { let key_stats = match db_client
.batch_insert_keys_reconnecting(valid_keys.clone())
.await
{
Ok(stats) => stats, Ok(stats) => stats,
Err(e) => { Err(e) => {
error!( error!(
@@ -189,7 +173,9 @@ pub async fn add_keys(
let key_ids: Vec<i32> = key_stats.key_id_map.iter().map(|(_, id)| *id).collect(); let key_ids: Vec<i32> = key_stats.key_id_map.iter().map(|(_, id)| *id).collect();
// Batch insert key-flow associations // Batch insert key-flow associations
if let Err(e) = crate::db::batch_insert_flow_keys(&db_client, &flow_id_str, &key_ids).await if let Err(e) = db_client
.batch_insert_flow_keys_reconnecting(flow_id_str.clone(), key_ids.clone())
.await
{ {
error!( error!(
"Failed to batch insert flow keys from client '{}' into database: {}", "Failed to batch insert flow keys from client '{}' into database: {}",
@@ -213,7 +199,7 @@ pub async fn add_keys(
} }
// Get updated data // Get updated data
let updated_flows = match get_keys_from_db(&db_client).await { let updated_flows = match db_client.get_keys_from_db_reconnecting().await {
Ok(flows) => flows, Ok(flows) => flows,
Err(e) => { Err(e) => {
error!( error!(
@@ -268,28 +254,22 @@ pub async fn run_server(args: crate::Args) -> std::io::Result<()> {
args.db_host, db_user, db_password, args.db_name args.db_host, db_user, db_password, args.db_name
); );
info!("Connecting to database at {}", args.db_host); info!("Creating database client for {}", args.db_host);
let (db_client, connection) = match tokio_postgres::connect(&db_conn_str, NoTls).await { let mut db_client_temp = ReconnectingDbClient::new(db_conn_str.clone());
Ok((client, conn)) => (client, conn),
Err(e) => { // Initial connection
if let Err(e) = db_client_temp.connect(&db_conn_str).await {
error!("Failed to connect to the database: {}", e); error!("Failed to connect to the database: {}", e);
return Err(std::io::Error::new( return Err(std::io::Error::new(
std::io::ErrorKind::ConnectionRefused, std::io::ErrorKind::ConnectionRefused,
format!("Database connection error: {}", e), format!("Database connection error: {}", e),
)); ));
} }
};
let db_client = Arc::new(db_client);
// Spawn a new thread to run the database connection let db_client = Arc::new(db_client_temp);
tokio::spawn(async move {
if let Err(e) = connection.await {
error!("Connection error: {}", e);
}
});
// Initialize database schema if needed // Initialize database schema if needed
if let Err(e) = db::initialize_db_schema(&db_client).await { if let Err(e) = db_client.initialize_schema().await {
error!("Failed to initialize database schema: {}", e); error!("Failed to initialize database schema: {}", e);
return Err(std::io::Error::new( return Err(std::io::Error::new(
std::io::ErrorKind::Other, std::io::ErrorKind::Other,
@@ -297,7 +277,7 @@ pub async fn run_server(args: crate::Args) -> std::io::Result<()> {
)); ));
} }
let mut initial_flows = match get_keys_from_db(&db_client).await { let mut initial_flows = match db_client.get_keys_from_db_reconnecting().await {
Ok(flows) => flows, Ok(flows) => flows,
Err(e) => { Err(e) => {
error!("Failed to get initial flows from database: {}", e); error!("Failed to get initial flows from database: {}", e);
@@ -325,14 +305,41 @@ pub async fn run_server(args: crate::Args) -> std::io::Result<()> {
.app_data(web::Data::new(db_client.clone())) .app_data(web::Data::new(db_client.clone()))
.app_data(allowed_flows.clone()) .app_data(allowed_flows.clone())
// API routes // API routes
.route("/api/version", web::get().to(crate::web::get_version_api))
.route("/api/flows", web::get().to(crate::web::get_flows_api)) .route("/api/flows", web::get().to(crate::web::get_flows_api))
.route("/{flow_id}/keys/{server}", web::delete().to(crate::web::delete_key_by_server)) .route(
"/{flow_id}/scan-dns",
web::post().to(crate::web::scan_dns_resolution),
)
.route(
"/{flow_id}/bulk-deprecate",
web::post().to(crate::web::bulk_deprecate_servers),
)
.route(
"/{flow_id}/bulk-restore",
web::post().to(crate::web::bulk_restore_servers),
)
.route(
"/{flow_id}/keys/{server}",
web::delete().to(crate::web::delete_key_by_server),
)
.route(
"/{flow_id}/keys/{server}/restore",
web::post().to(crate::web::restore_key_by_server),
)
.route(
"/{flow_id}/keys/{server}/delete",
web::delete().to(crate::web::permanently_delete_key_by_server),
)
// Original API routes // Original API routes
.route("/{flow_id}/keys", web::get().to(get_keys)) .route("/{flow_id}/keys", web::get().to(get_keys))
.route("/{flow_id}/keys", web::post().to(add_keys)) .route("/{flow_id}/keys", web::post().to(add_keys))
// Web interface routes // Web interface routes
.route("/", web::get().to(crate::web::serve_web_interface)) .route("/", web::get().to(crate::web::serve_web_interface))
.route("/static/{filename:.*}", web::get().to(crate::web::serve_static_file)) .route(
"/static/{filename:.*}",
web::get().to(crate::web::serve_static_file),
)
}) })
.bind((args.ip.as_str(), args.port))? .bind((args.ip.as_str(), args.port))?
.run() .run()

478
src/web.rs
View File

@@ -1,21 +1,77 @@
use actix_web::{web, HttpResponse, Result}; use actix_web::{web, HttpResponse, Result};
use log::info; use log::info;
use rust_embed::RustEmbed; use rust_embed::RustEmbed;
use serde::{Deserialize, Serialize};
use serde_json::json; use serde_json::json;
use std::collections::HashSet; use std::sync::Arc;
use tokio_postgres::Client; use trust_dns_resolver::TokioAsyncResolver;
use trust_dns_resolver::config::*;
use serde::{Deserialize, Serialize};
use futures::future;
use tokio::sync::Semaphore;
use tokio::time::{timeout, Duration};
use crate::server::{get_keys_from_db, Flows}; use crate::db::ReconnectingDbClient;
use crate::server::Flows;
#[derive(RustEmbed)] #[derive(RustEmbed)]
#[folder = "static/"] #[folder = "static/"]
struct StaticAssets; struct StaticAssets;
#[derive(Deserialize)] #[derive(Serialize, Deserialize, Debug)]
struct DeleteKeyPath { pub struct DnsResolutionResult {
flow_id: String, pub server: String,
server: String, pub resolved: bool,
pub error: Option<String>,
}
#[derive(Serialize, Deserialize, Debug)]
pub struct BulkDeprecateRequest {
pub servers: Vec<String>,
}
async fn check_dns_resolution(hostname: String, semaphore: Arc<Semaphore>) -> DnsResolutionResult {
let _permit = match semaphore.acquire().await {
Ok(permit) => permit,
Err(_) => {
return DnsResolutionResult {
server: hostname,
resolved: false,
error: Some("Failed to acquire semaphore".to_string()),
};
}
};
let resolver = TokioAsyncResolver::tokio(
ResolverConfig::default(),
ResolverOpts::default(),
);
let lookup_result = timeout(Duration::from_secs(5), resolver.lookup_ip(&hostname)).await;
match lookup_result {
Ok(Ok(_)) => DnsResolutionResult {
server: hostname,
resolved: true,
error: None,
},
Ok(Err(e)) => DnsResolutionResult {
server: hostname,
resolved: false,
error: Some(e.to_string()),
},
Err(_) => DnsResolutionResult {
server: hostname,
resolved: false,
error: Some("DNS lookup timeout (5s)".to_string()),
},
}
}
// API endpoint to get application version
pub async fn get_version_api() -> Result<HttpResponse> {
Ok(HttpResponse::Ok().json(json!({
"version": env!("CARGO_PKG_VERSION")
})))
} }
// API endpoint to get list of available flows // API endpoint to get list of available flows
@@ -24,16 +80,15 @@ pub async fn get_flows_api(allowed_flows: web::Data<Vec<String>>) -> Result<Http
Ok(HttpResponse::Ok().json(&**allowed_flows)) Ok(HttpResponse::Ok().json(&**allowed_flows))
} }
// API endpoint to delete a specific key by server name // API endpoint to scan DNS resolution for all hosts in a flow
pub async fn delete_key_by_server( pub async fn scan_dns_resolution(
flows: web::Data<Flows>, flows: web::Data<Flows>,
path: web::Path<(String, String)>, path: web::Path<String>,
db_client: web::Data<std::sync::Arc<Client>>,
allowed_flows: web::Data<Vec<String>>, allowed_flows: web::Data<Vec<String>>,
) -> Result<HttpResponse> { ) -> Result<HttpResponse> {
let (flow_id_str, server_name) = path.into_inner(); let flow_id_str = path.into_inner();
info!("API request to delete key for server '{}' in flow '{}'", server_name, flow_id_str); info!("API request to scan DNS resolution for flow '{}'" , flow_id_str);
if !allowed_flows.contains(&flow_id_str) { if !allowed_flows.contains(&flow_id_str) {
return Ok(HttpResponse::Forbidden().json(json!({ return Ok(HttpResponse::Forbidden().json(json!({
@@ -41,14 +96,315 @@ pub async fn delete_key_by_server(
}))); })));
} }
// Delete from database let flows_guard = flows.lock().unwrap();
match delete_key_from_db(&db_client, &server_name, &flow_id_str).await { let flow = match flows_guard.iter().find(|flow| flow.name == flow_id_str) {
Ok(deleted_count) => { Some(flow) => flow,
if deleted_count > 0 { None => {
info!("Deleted {} key(s) for server '{}' in flow '{}'", deleted_count, server_name, flow_id_str); return Ok(HttpResponse::NotFound().json(json!({
"error": "Flow ID not found"
})));
}
};
// Get unique hostnames
let mut hostnames: std::collections::HashSet<String> = std::collections::HashSet::new();
for key in &flow.servers {
hostnames.insert(key.server.clone());
}
drop(flows_guard);
info!("Scanning DNS resolution for {} unique hosts", hostnames.len());
// Limit concurrent DNS requests to prevent "too many open files" error
let semaphore = Arc::new(Semaphore::new(20));
// Scan all hostnames concurrently with rate limiting
let mut scan_futures = Vec::new();
for hostname in hostnames {
scan_futures.push(check_dns_resolution(hostname, semaphore.clone()));
}
let results = future::join_all(scan_futures).await;
let unresolved_count = results.iter().filter(|r| !r.resolved).count();
info!("DNS scan complete: {} unresolved out of {} hosts", unresolved_count, results.len());
Ok(HttpResponse::Ok().json(json!({
"results": results,
"total": results.len(),
"unresolved": unresolved_count
})))
}
// API endpoint to bulk deprecate multiple servers
pub async fn bulk_deprecate_servers(
flows: web::Data<Flows>,
path: web::Path<String>,
request: web::Json<BulkDeprecateRequest>,
db_client: web::Data<Arc<ReconnectingDbClient>>,
allowed_flows: web::Data<Vec<String>>,
) -> Result<HttpResponse> {
let flow_id_str = path.into_inner();
info!("API request to bulk deprecate {} servers in flow '{}'", request.servers.len(), flow_id_str);
if !allowed_flows.contains(&flow_id_str) {
return Ok(HttpResponse::Forbidden().json(json!({
"error": "Flow ID not allowed"
})));
}
// Use single bulk operation instead of loop
let total_deprecated = match db_client
.bulk_deprecate_keys_by_servers_reconnecting(request.servers.clone(), flow_id_str.clone())
.await
{
Ok(count) => {
info!("Bulk deprecated {} key(s) for {} servers", count, request.servers.len());
count
}
Err(e) => {
return Ok(HttpResponse::InternalServerError().json(json!({
"error": format!("Failed to bulk deprecate keys: {}", e)
})));
}
};
// Refresh the in-memory flows // Refresh the in-memory flows
let updated_flows = match get_keys_from_db(&db_client).await { let updated_flows = match db_client.get_keys_from_db_reconnecting().await {
Ok(flows) => flows,
Err(e) => {
return Ok(HttpResponse::InternalServerError().json(json!({
"error": format!("Failed to refresh flows: {}", e)
})));
}
};
let mut flows_guard = flows.lock().unwrap();
*flows_guard = updated_flows;
let response = json!({
"message": format!("Successfully deprecated {} key(s) for {} server(s)", total_deprecated, request.servers.len()),
"deprecated_count": total_deprecated,
"servers_processed": request.servers.len()
});
Ok(HttpResponse::Ok().json(response))
}
// API endpoint to bulk restore multiple servers
pub async fn bulk_restore_servers(
flows: web::Data<Flows>,
path: web::Path<String>,
request: web::Json<BulkDeprecateRequest>,
db_client: web::Data<Arc<ReconnectingDbClient>>,
allowed_flows: web::Data<Vec<String>>,
) -> Result<HttpResponse> {
let flow_id_str = path.into_inner();
info!("API request to bulk restore {} servers in flow '{}'", request.servers.len(), flow_id_str);
if !allowed_flows.contains(&flow_id_str) {
return Ok(HttpResponse::Forbidden().json(json!({
"error": "Flow ID not allowed"
})));
}
// Use single bulk operation
let total_restored = match db_client
.bulk_restore_keys_by_servers_reconnecting(request.servers.clone(), flow_id_str.clone())
.await
{
Ok(count) => {
info!("Bulk restored {} key(s) for {} servers", count, request.servers.len());
count
}
Err(e) => {
return Ok(HttpResponse::InternalServerError().json(json!({
"error": format!("Failed to bulk restore keys: {}", e)
})));
}
};
// Refresh the in-memory flows
let updated_flows = match db_client.get_keys_from_db_reconnecting().await {
Ok(flows) => flows,
Err(e) => {
return Ok(HttpResponse::InternalServerError().json(json!({
"error": format!("Failed to refresh flows: {}", e)
})));
}
};
let mut flows_guard = flows.lock().unwrap();
*flows_guard = updated_flows;
let response = json!({
"message": format!("Successfully restored {} key(s) for {} server(s)", total_restored, request.servers.len()),
"restored_count": total_restored,
"servers_processed": request.servers.len()
});
Ok(HttpResponse::Ok().json(response))
}
// API endpoint to deprecate a specific key by server name
pub async fn delete_key_by_server(
flows: web::Data<Flows>,
path: web::Path<(String, String)>,
db_client: web::Data<Arc<ReconnectingDbClient>>,
allowed_flows: web::Data<Vec<String>>,
) -> Result<HttpResponse> {
let (flow_id_str, server_name) = path.into_inner();
info!(
"API request to deprecate key for server '{}' in flow '{}'",
server_name, flow_id_str
);
if !allowed_flows.contains(&flow_id_str) {
return Ok(HttpResponse::Forbidden().json(json!({
"error": "Flow ID not allowed"
})));
}
// Deprecate in database
match db_client
.deprecate_key_by_server_reconnecting(server_name.clone(), flow_id_str.clone())
.await
{
Ok(deprecated_count) => {
if deprecated_count > 0 {
info!(
"Deprecated {} key(s) for server '{}' in flow '{}'",
deprecated_count, server_name, flow_id_str
);
// Refresh the in-memory flows
let updated_flows = match db_client.get_keys_from_db_reconnecting().await {
Ok(flows) => flows,
Err(e) => {
return Ok(HttpResponse::InternalServerError().json(json!({
"error": format!("Failed to refresh flows: {}", e)
})));
}
};
let mut flows_guard = flows.lock().unwrap();
*flows_guard = updated_flows;
Ok(HttpResponse::Ok().json(json!({
"message": format!("Successfully deprecated {} key(s) for server '{}'", deprecated_count, server_name),
"deprecated_count": deprecated_count
})))
} else {
Ok(HttpResponse::NotFound().json(json!({
"error": format!("No keys found for server '{}'", server_name)
})))
}
}
Err(e) => Ok(HttpResponse::InternalServerError().json(json!({
"error": format!("Failed to deprecate key: {}", e)
}))),
}
}
// API endpoint to restore a deprecated key
pub async fn restore_key_by_server(
flows: web::Data<Flows>,
path: web::Path<(String, String)>,
db_client: web::Data<Arc<ReconnectingDbClient>>,
allowed_flows: web::Data<Vec<String>>,
) -> Result<HttpResponse> {
let (flow_id_str, server_name) = path.into_inner();
info!(
"API request to restore key for server '{}' in flow '{}'",
server_name, flow_id_str
);
if !allowed_flows.contains(&flow_id_str) {
return Ok(HttpResponse::Forbidden().json(json!({
"error": "Flow ID not allowed"
})));
}
// Restore in database
match db_client
.restore_key_by_server_reconnecting(server_name.clone(), flow_id_str.clone())
.await
{
Ok(restored_count) => {
if restored_count > 0 {
info!(
"Restored {} key(s) for server '{}' in flow '{}'",
restored_count, server_name, flow_id_str
);
// Refresh the in-memory flows
let updated_flows = match db_client.get_keys_from_db_reconnecting().await {
Ok(flows) => flows,
Err(e) => {
return Ok(HttpResponse::InternalServerError().json(json!({
"error": format!("Failed to refresh flows: {}", e)
})));
}
};
let mut flows_guard = flows.lock().unwrap();
*flows_guard = updated_flows;
Ok(HttpResponse::Ok().json(json!({
"message": format!("Successfully restored {} key(s) for server '{}'", restored_count, server_name),
"restored_count": restored_count
})))
} else {
Ok(HttpResponse::NotFound().json(json!({
"error": format!("No deprecated keys found for server '{}'", server_name)
})))
}
}
Err(e) => Ok(HttpResponse::InternalServerError().json(json!({
"error": format!("Failed to restore key: {}", e)
}))),
}
}
// API endpoint to permanently delete a key
pub async fn permanently_delete_key_by_server(
flows: web::Data<Flows>,
path: web::Path<(String, String)>,
db_client: web::Data<Arc<ReconnectingDbClient>>,
allowed_flows: web::Data<Vec<String>>,
) -> Result<HttpResponse> {
let (flow_id_str, server_name) = path.into_inner();
info!(
"API request to permanently delete key for server '{}' in flow '{}'",
server_name, flow_id_str
);
if !allowed_flows.contains(&flow_id_str) {
return Ok(HttpResponse::Forbidden().json(json!({
"error": "Flow ID not allowed"
})));
}
// Permanently delete from database
match db_client
.permanently_delete_key_by_server_reconnecting(server_name.clone(), flow_id_str.clone())
.await
{
Ok(deleted_count) => {
if deleted_count > 0 {
info!(
"Permanently deleted {} key(s) for server '{}' in flow '{}'",
deleted_count, server_name, flow_id_str
);
// Refresh the in-memory flows
let updated_flows = match db_client.get_keys_from_db_reconnecting().await {
Ok(flows) => flows, Ok(flows) => flows,
Err(e) => { Err(e) => {
return Ok(HttpResponse::InternalServerError().json(json!({ return Ok(HttpResponse::InternalServerError().json(json!({
@@ -70,75 +426,11 @@ pub async fn delete_key_by_server(
}))) })))
} }
} }
Err(e) => { Err(e) => Ok(HttpResponse::InternalServerError().json(json!({
Ok(HttpResponse::InternalServerError().json(json!({
"error": format!("Failed to delete key: {}", e) "error": format!("Failed to delete key: {}", e)
}))) }))),
} }
} }
}
// Helper function to delete a key from database
async fn delete_key_from_db(
client: &Client,
server_name: &str,
flow_name: &str,
) -> Result<u64, tokio_postgres::Error> {
// First, find the key_ids for the given server
let key_rows = client
.query("SELECT key_id FROM public.keys WHERE host = $1", &[&server_name])
.await?;
if key_rows.is_empty() {
return Ok(0);
}
let key_ids: Vec<i32> = key_rows.iter().map(|row| row.get::<_, i32>(0)).collect();
// Delete flow associations first
let mut flow_delete_count = 0;
for key_id in &key_ids {
let deleted = client
.execute(
"DELETE FROM public.flows WHERE name = $1 AND key_id = $2",
&[&flow_name, key_id],
)
.await?;
flow_delete_count += deleted;
}
// Check if any of these keys are used in other flows
let mut keys_to_delete = Vec::new();
for key_id in &key_ids {
let count: i64 = client
.query_one(
"SELECT COUNT(*) FROM public.flows WHERE key_id = $1",
&[key_id],
)
.await?
.get(0);
if count == 0 {
keys_to_delete.push(*key_id);
}
}
// Delete keys that are no longer referenced by any flow
let mut total_deleted = 0;
for key_id in keys_to_delete {
let deleted = client
.execute("DELETE FROM public.keys WHERE key_id = $1", &[&key_id])
.await?;
total_deleted += deleted;
}
info!(
"Deleted {} flow associations and {} orphaned keys for server '{}'",
flow_delete_count, total_deleted, server_name
);
Ok(std::cmp::max(flow_delete_count, total_deleted))
}
// Serve static files from embedded assets // Serve static files from embedded assets
pub async fn serve_static_file(path: web::Path<String>) -> Result<HttpResponse> { pub async fn serve_static_file(path: web::Path<String>) -> Result<HttpResponse> {
@@ -163,22 +455,16 @@ pub async fn serve_static_file(path: web::Path<String>) -> Result<HttpResponse>
.content_type(content_type) .content_type(content_type)
.body(content.data.as_ref().to_vec())) .body(content.data.as_ref().to_vec()))
} }
None => { None => Ok(HttpResponse::NotFound().body(format!("File not found: {}", file_path))),
Ok(HttpResponse::NotFound().body(format!("File not found: {}", file_path)))
}
} }
} }
// Serve the main web interface from embedded assets // Serve the main web interface from embedded assets
pub async fn serve_web_interface() -> Result<HttpResponse> { pub async fn serve_web_interface() -> Result<HttpResponse> {
match StaticAssets::get("index.html") { match StaticAssets::get("index.html") {
Some(content) => { Some(content) => Ok(HttpResponse::Ok()
Ok(HttpResponse::Ok()
.content_type("text/html; charset=utf-8") .content_type("text/html; charset=utf-8")
.body(content.data.as_ref().to_vec())) .body(content.data.as_ref().to_vec())),
} None => Ok(HttpResponse::NotFound().body("Web interface not found")),
None => {
Ok(HttpResponse::NotFound().body("Web interface not found"))
}
} }
} }

BIN
static/.DS_Store vendored Normal file
View File

Binary file not shown.

52
static/index.html
View File

@@ -10,7 +10,10 @@
<body> <body>
<div class="container"> <div class="container">
<header> <header>
<div class="header-title">
<h1>SSH Key Manager</h1> <h1>SSH Key Manager</h1>
<span class="version" id="appVersion">Loading...</span>
</div>
<div class="flow-selector"> <div class="flow-selector">
<label for="flowSelect">Flow:</label> <label for="flowSelect">Flow:</label>
<select id="flowSelect"> <select id="flowSelect">
@@ -26,6 +29,14 @@
<span class="stat-value" id="totalKeys">0</span> <span class="stat-value" id="totalKeys">0</span>
<span class="stat-label">Total Keys</span> <span class="stat-label">Total Keys</span>
</div> </div>
<div class="stat-item">
<span class="stat-value" id="activeKeys">0</span>
<span class="stat-label">Active Keys</span>
</div>
<div class="stat-item">
<span class="stat-value deprecated" id="deprecatedKeys">0</span>
<span class="stat-label">Deprecated Keys</span>
</div>
<div class="stat-item"> <div class="stat-item">
<span class="stat-value" id="uniqueServers">0</span> <span class="stat-value" id="uniqueServers">0</span>
<span class="stat-label">Unique Servers</span> <span class="stat-label">Unique Servers</span>
@@ -34,7 +45,18 @@
<div class="actions-panel"> <div class="actions-panel">
<button id="addKeyBtn" class="btn btn-primary">Add SSH Key</button> <button id="addKeyBtn" class="btn btn-primary">Add SSH Key</button>
<button id="bulkDeleteBtn" class="btn btn-danger" disabled>Delete Selected</button> <button id="scanDnsBtn" class="btn btn-secondary">Scan DNS Resolution</button>
<button id="bulkDeleteBtn" class="btn btn-danger" disabled>Deprecate Selected</button>
<button id="bulkRestoreBtn" class="btn btn-success" disabled style="display: none;">Restore Selected</button>
<button id="bulkPermanentDeleteBtn" class="btn btn-danger" disabled style="display: none;">Delete Selected</button>
<div class="filter-controls">
<label class="filter-label">
<input type="checkbox" id="showDeprecatedOnly">
<span>Show only deprecated keys</span>
</label>
</div>
<div class="search-box"> <div class="search-box">
<input type="text" id="searchInput" placeholder="Search servers or keys..."> <input type="text" id="searchInput" placeholder="Search servers or keys...">
</div> </div>
@@ -47,9 +69,9 @@
<th> <th>
<input type="checkbox" id="selectAll"> <input type="checkbox" id="selectAll">
</th> </th>
<th>Server</th> <th>Server/Type</th>
<th>Key Type</th>
<th>Key Preview</th> <th>Key Preview</th>
<th></th>
<th>Actions</th> <th>Actions</th>
</tr> </tr>
</thead> </thead>
@@ -120,6 +142,30 @@
</div> </div>
</div> </div>
<!-- DNS Scan Results Modal -->
<div id="dnsScanModal" class="modal">
<div class="modal-content modal-large">
<div class="modal-header">
<h2>DNS Resolution Scan Results</h2>
<span class="close">&times;</span>
</div>
<div class="modal-body">
<div id="dnsScanStats" class="scan-stats"></div>
<div id="unresolvedHosts" class="unresolved-hosts">
<div class="section-header">
<h3>Unresolved Hosts</h3>
<button id="selectAllUnresolved" class="btn btn-sm btn-secondary">Select All</button>
</div>
<div id="unresolvedList" class="host-list"></div>
</div>
<div class="form-actions">
<button type="button" class="btn btn-secondary" id="closeDnsScan">Close</button>
<button type="button" class="btn btn-danger" id="deprecateUnresolved" disabled>Deprecate Selected</button>
</div>
</div>
</div>
</div>
<!-- Loading Overlay --> <!-- Loading Overlay -->
<div id="loadingOverlay" class="loading-overlay"> <div id="loadingOverlay" class="loading-overlay">
<div class="loading-spinner"></div> <div class="loading-spinner"></div>

10
static/khm-icon.svg Normal file
View File

@@ -0,0 +1,10 @@
<?xml version="1.0" encoding="UTF-8"?>
<svg xmlns="http://www.w3.org/2000/svg" width="32" height="32" viewBox="0 0 32 32">
<rect width="32" height="32" rx="4" fill="#2c3e50"/>
<rect x="4" y="8" width="24" height="2" rx="1" fill="#3498db"/>
<rect x="4" y="12" width="20" height="2" rx="1" fill="#e74c3c"/>
<rect x="4" y="16" width="22" height="2" rx="1" fill="#2ecc71"/>
<rect x="4" y="20" width="18" height="2" rx="1" fill="#f39c12"/>
<circle cx="24" cy="6" r="3" fill="#e67e22"/>
<text x="24" y="9" text-anchor="middle" font-family="Arial, sans-serif" font-size="6" fill="white">K</text>
</svg>
Side by Side

After

Width:  |  Height:  |  Size: 610 B

666
static/script.js
View File

@@ -3,11 +3,16 @@ class SSHKeyManager {
this.currentFlow = null; this.currentFlow = null;
this.keys = []; this.keys = [];
this.filteredKeys = []; this.filteredKeys = [];
this.groupedKeys = {};
this.expandedGroups = new Set();
this.currentPage = 1; this.currentPage = 1;
this.keysPerPage = 20; this.keysPerPage = 20;
this.serversPerPage = 10;
this.selectedKeys = new Set(); this.selectedKeys = new Set();
this.showDeprecatedOnly = false;
this.initializeEventListeners(); this.initializeEventListeners();
this.loadVersion();
this.loadFlows(); this.loadFlows();
} }
@@ -35,16 +40,46 @@ class SSHKeyManager {
this.showAddKeyModal(); this.showAddKeyModal();
}); });
// Scan DNS button
document.getElementById('scanDnsBtn').addEventListener('click', () => {
this.scanDnsResolution();
});
// Bulk delete button // Bulk delete button
document.getElementById('bulkDeleteBtn').addEventListener('click', () => { document.getElementById('bulkDeleteBtn').addEventListener('click', () => {
this.deleteSelectedKeys(); this.deleteSelectedKeys();
}); });
// Bulk restore button
document.getElementById('bulkRestoreBtn').addEventListener('click', () => {
this.restoreSelectedKeys();
});
// Bulk permanent delete button
document.getElementById('bulkPermanentDeleteBtn').addEventListener('click', () => {
this.permanentlyDeleteSelectedKeys();
});
// Search input // Search input
document.getElementById('searchInput').addEventListener('input', (e) => { document.getElementById('searchInput').addEventListener('input', (e) => {
this.filterKeys(e.target.value); this.filterKeys(e.target.value);
}); });
// Deprecated filter checkbox
document.getElementById('showDeprecatedOnly').addEventListener('change', (e) => {
this.showDeprecatedOnly = e.target.checked;
// Update visual state
const filterLabel = e.target.closest('.filter-label');
if (e.target.checked) {
filterLabel.classList.add('active');
} else {
filterLabel.classList.remove('active');
}
this.filterKeys(document.getElementById('searchInput').value);
});
// Select all checkbox // Select all checkbox
document.getElementById('selectAll').addEventListener('change', (e) => { document.getElementById('selectAll').addEventListener('change', (e) => {
this.toggleSelectAll(e.target.checked); this.toggleSelectAll(e.target.checked);
@@ -86,6 +121,19 @@ class SSHKeyManager {
this.copyKeyToClipboard(); this.copyKeyToClipboard();
}); });
// DNS scan modal
document.getElementById('closeDnsScan').addEventListener('click', () => {
this.hideModal('dnsScanModal');
});
document.getElementById('selectAllUnresolved').addEventListener('click', () => {
this.toggleSelectAllUnresolved();
});
document.getElementById('deprecateUnresolved').addEventListener('click', () => {
this.deprecateSelectedUnresolved();
});
// Close modals when clicking on close button or outside // Close modals when clicking on close button or outside
document.querySelectorAll('.modal .close').forEach(closeBtn => { document.querySelectorAll('.modal .close').forEach(closeBtn => {
closeBtn.addEventListener('click', (e) => { closeBtn.addEventListener('click', (e) => {
@@ -102,6 +150,20 @@ class SSHKeyManager {
}); });
} }
async loadVersion() {
try {
const response = await fetch('/api/version');
if (response.ok) {
const data = await response.json();
document.getElementById('appVersion').textContent = `v${data.version}`;
} else {
document.getElementById('appVersion').textContent = 'Unknown';
}
} catch (error) {
document.getElementById('appVersion').textContent = 'Error';
}
}
async loadFlows() { async loadFlows() {
try { try {
this.showLoading(); this.showLoading();
@@ -127,6 +189,13 @@ class SSHKeyManager {
option.textContent = flow; option.textContent = flow;
select.appendChild(option); select.appendChild(option);
}); });
// Auto-select the first flow if available
if (flows.length > 0) {
select.value = flows[0];
this.currentFlow = flows[0];
this.loadKeys();
}
} }
async loadKeys() { async loadKeys() {
@@ -134,11 +203,12 @@ class SSHKeyManager {
try { try {
this.showLoading(); this.showLoading();
const response = await fetch(`/${this.currentFlow}/keys`); const response = await fetch(`/${this.currentFlow}/keys?include_deprecated=true`);
if (!response.ok) throw new Error('Failed to load keys'); if (!response.ok) throw new Error('Failed to load keys');
this.keys = await response.json(); this.keys = await response.json();
this.filteredKeys = [...this.keys]; this.groupKeys();
this.filterKeys();
this.updateStats(); this.updateStats();
this.renderTable(); this.renderTable();
this.selectedKeys.clear(); this.selectedKeys.clear();
@@ -151,27 +221,64 @@ class SSHKeyManager {
} }
} }
groupKeys() {
this.groupedKeys = {};
this.keys.forEach(key => {
if (!this.groupedKeys[key.server]) {
this.groupedKeys[key.server] = [];
}
this.groupedKeys[key.server].push(key);
});
// Groups are closed by default - no auto-expand
}
filterKeys(searchTerm) { filterKeys(searchTerm) {
if (!searchTerm.trim()) { let keys = [...this.keys];
this.filteredKeys = [...this.keys];
// Apply deprecated filter first
if (this.showDeprecatedOnly) {
keys = keys.filter(key => key.deprecated);
}
// Then apply search filter
if (!searchTerm || !searchTerm.trim()) {
this.filteredKeys = keys;
} else { } else {
const term = searchTerm.toLowerCase(); const term = searchTerm.toLowerCase();
this.filteredKeys = this.keys.filter(key => this.filteredKeys = keys.filter(key =>
key.server.toLowerCase().includes(term) || key.server.toLowerCase().includes(term) ||
key.public_key.toLowerCase().includes(term) key.public_key.toLowerCase().includes(term)
); );
} }
this.currentPage = 1; this.currentPage = 1;
this.renderTable(); this.renderTable();
} }
updateStats() { updateStats() {
document.getElementById('totalKeys').textContent = this.keys.length; const totalKeys = this.keys.length;
const deprecatedKeys = this.keys.filter(key => key.deprecated).length;
const activeKeys = totalKeys - deprecatedKeys;
const uniqueServers = new Set(this.keys.map(key => key.server)); const uniqueServers = new Set(this.keys.map(key => key.server));
document.getElementById('totalKeys').textContent = totalKeys;
document.getElementById('activeKeys').textContent = activeKeys;
document.getElementById('deprecatedKeys').textContent = deprecatedKeys;
document.getElementById('uniqueServers').textContent = uniqueServers.size; document.getElementById('uniqueServers').textContent = uniqueServers.size;
} }
getGroupedFilteredKeys() {
const groupedFilteredKeys = {};
this.filteredKeys.forEach(key => {
if (!groupedFilteredKeys[key.server]) {
groupedFilteredKeys[key.server] = [];
}
groupedFilteredKeys[key.server].push(key);
});
return groupedFilteredKeys;
}
renderTable() { renderTable() {
const tbody = document.getElementById('keysTableBody'); const tbody = document.getElementById('keysTableBody');
const noKeysMessage = document.getElementById('noKeysMessage'); const noKeysMessage = document.getElementById('noKeysMessage');
@@ -185,30 +292,78 @@ class SSHKeyManager {
noKeysMessage.style.display = 'none'; noKeysMessage.style.display = 'none';
const startIndex = (this.currentPage - 1) * this.keysPerPage; // Group filtered keys by server
const endIndex = startIndex + this.keysPerPage; const groupedFilteredKeys = this.getGroupedFilteredKeys();
const pageKeys = this.filteredKeys.slice(startIndex, endIndex);
tbody.innerHTML = pageKeys.map((key, index) => { // Calculate pagination for grouped view
const servers = Object.keys(groupedFilteredKeys).sort();
// For pagination, we'll show a reasonable number of server groups per page
const startServerIndex = (this.currentPage - 1) * this.serversPerPage;
const endServerIndex = startServerIndex + this.serversPerPage;
const pageServers = servers.slice(startServerIndex, endServerIndex);
let html = '';
pageServers.forEach(server => {
const serverKeys = groupedFilteredKeys[server];
const activeCount = serverKeys.filter(k => !k.deprecated).length;
const deprecatedCount = serverKeys.filter(k => k.deprecated).length;
const isExpanded = this.expandedGroups.has(server);
// Server group header
html += `
<tr class="host-group-header ${isExpanded ? '' : 'collapsed'}">
<td>
<input type="checkbox"
data-group="${this.escapeHtml(server)}"
onchange="sshKeyManager.toggleGroupSelection('${this.escapeHtml(server)}', this.checked)"
onclick="event.stopPropagation()">
</td>
<td colspan="4" onclick="sshKeyManager.toggleGroup('${this.escapeHtml(server)}')" style="cursor: pointer;">
<span class="expand-icon">${isExpanded ? '▼' : '▶'}</span>
<strong>${this.escapeHtml(server)}</strong>
<span class="host-summary">
<span class="key-count">${serverKeys.length} keys</span>
${deprecatedCount > 0 ? `<span class="deprecated-count">${deprecatedCount} deprecated</span>` : ''}
</span>
</td>
</tr>
`;
// Server keys (if expanded)
if (isExpanded) {
serverKeys.forEach(key => {
const keyType = this.getKeyType(key.public_key); const keyType = this.getKeyType(key.public_key);
const keyPreview = this.getKeyPreview(key.public_key); const keyPreview = this.getKeyPreview(key.public_key);
const keyId = `${key.server}-${key.public_key}`; const keyId = `${key.server}-${key.public_key}`;
return ` html += `
<tr> <tr class="key-row${key.deprecated ? ' deprecated' : ''}">
<td> <td>
<input type="checkbox" data-key-id="${keyId}" ${this.selectedKeys.has(keyId) ? 'checked' : ''}> <input type="checkbox" data-key-id="${keyId}" ${this.selectedKeys.has(keyId) ? 'checked' : ''}>
</td> </td>
<td>${this.escapeHtml(key.server)}</td> <td style="padding-left: 2rem;">
<td><span class="key-type ${keyType.toLowerCase()}">${keyType}</span></td> <span class="key-type ${keyType.toLowerCase()}">${keyType}</span>
${key.deprecated ? '<span class="deprecated-badge">DEPRECATED</span>' : ''}
</td>
<td><span class="key-preview">${keyPreview}</span></td> <td><span class="key-preview">${keyPreview}</span></td>
<td></td>
<td class="table-actions"> <td class="table-actions">
<button class="btn btn-sm btn-secondary" onclick="sshKeyManager.viewKey('${keyId}')">View</button> <button class="btn btn-sm btn-secondary" onclick="sshKeyManager.viewKey('${keyId}')">View</button>
<button class="btn btn-sm btn-danger" onclick="sshKeyManager.deleteKey('${keyId}')">Delete</button> ${key.deprecated ?
`<button class="btn btn-sm btn-success" onclick="sshKeyManager.restoreKey('${keyId}')">Restore</button>
<button class="btn btn-sm btn-danger" onclick="sshKeyManager.permanentlyDeleteKey('${keyId}')">Delete</button>` :
`<button class="btn btn-sm btn-danger" onclick="sshKeyManager.deleteKey('${keyId}')">Deprecate</button>`
}
</td> </td>
</tr> </tr>
`; `;
}).join(''); });
}
});
tbody.innerHTML = html;
// Add event listeners for checkboxes // Add event listeners for checkboxes
tbody.querySelectorAll('input[type="checkbox"]').forEach(checkbox => { tbody.querySelectorAll('input[type="checkbox"]').forEach(checkbox => {
@@ -221,14 +376,78 @@ class SSHKeyManager {
} }
this.updateBulkDeleteButton(); this.updateBulkDeleteButton();
this.updateSelectAllCheckbox(); this.updateSelectAllCheckbox();
this.updateGroupCheckboxes(); // Update group checkboxes when individual keys change
}); });
}); });
// Update group checkboxes to show correct indeterminate state
this.updateGroupCheckboxes();
this.updatePagination(); this.updatePagination();
} }
toggleGroup(server) {
if (this.expandedGroups.has(server)) {
this.expandedGroups.delete(server);
} else {
this.expandedGroups.add(server);
}
this.renderTable();
}
toggleGroupSelection(server, isChecked) {
const groupedFilteredKeys = this.getGroupedFilteredKeys();
const serverKeys = groupedFilteredKeys[server] || [];
serverKeys.forEach(key => {
const keyId = `${key.server}-${key.public_key}`;
if (isChecked) {
this.selectedKeys.add(keyId);
} else {
this.selectedKeys.delete(keyId);
}
});
this.updateBulkDeleteButton();
this.updateSelectAllCheckbox();
this.updateGroupCheckboxes();
// Update individual checkboxes without full re-render
const tbody = document.getElementById('keysTableBody');
serverKeys.forEach(key => {
const keyId = `${key.server}-${key.public_key}`;
const checkbox = tbody.querySelector(`input[data-key-id="${keyId}"]`);
if (checkbox) {
checkbox.checked = this.selectedKeys.has(keyId);
}
});
}
updateGroupCheckboxes() {
const groupedFilteredKeys = this.getGroupedFilteredKeys();
const tbody = document.getElementById('keysTableBody');
Object.keys(groupedFilteredKeys).forEach(server => {
const serverKeys = groupedFilteredKeys[server];
const groupCheckbox = tbody.querySelector(`input[data-group="${server}"]`);
if (groupCheckbox) {
const allSelected = serverKeys.every(key =>
this.selectedKeys.has(`${key.server}-${key.public_key}`)
);
const someSelected = serverKeys.some(key =>
this.selectedKeys.has(`${key.server}-${key.public_key}`)
);
groupCheckbox.checked = allSelected;
groupCheckbox.indeterminate = someSelected && !allSelected;
}
});
}
updatePagination() { updatePagination() {
const totalPages = Math.ceil(this.filteredKeys.length / this.keysPerPage); const groupedFilteredKeys = this.getGroupedFilteredKeys();
const totalServers = Object.keys(groupedFilteredKeys).length;
const totalPages = Math.ceil(totalServers / this.serversPerPage);
document.getElementById('pageInfo').textContent = `Page ${this.currentPage} of ${totalPages}`; document.getElementById('pageInfo').textContent = `Page ${this.currentPage} of ${totalPages}`;
document.getElementById('prevPage').disabled = this.currentPage <= 1; document.getElementById('prevPage').disabled = this.currentPage <= 1;
@@ -236,7 +455,10 @@ class SSHKeyManager {
} }
changePage(newPage) { changePage(newPage) {
const totalPages = Math.ceil(this.filteredKeys.length / this.keysPerPage); const groupedFilteredKeys = this.getGroupedFilteredKeys();
const totalServers = Object.keys(groupedFilteredKeys).length;
const totalPages = Math.ceil(totalServers / this.serversPerPage);
if (newPage >= 1 && newPage <= totalPages) { if (newPage >= 1 && newPage <= totalPages) {
this.currentPage = newPage; this.currentPage = newPage;
this.renderTable(); this.renderTable();
@@ -277,10 +499,63 @@ class SSHKeyManager {
updateBulkDeleteButton() { updateBulkDeleteButton() {
const bulkDeleteBtn = document.getElementById('bulkDeleteBtn'); const bulkDeleteBtn = document.getElementById('bulkDeleteBtn');
bulkDeleteBtn.disabled = this.selectedKeys.size === 0; const bulkRestoreBtn = document.getElementById('bulkRestoreBtn');
bulkDeleteBtn.textContent = this.selectedKeys.size > 0 const bulkPermanentDeleteBtn = document.getElementById('bulkPermanentDeleteBtn');
? `Delete Selected (${this.selectedKeys.size})`
: 'Delete Selected'; if (this.selectedKeys.size === 0) {
// No keys selected - hide all buttons
bulkDeleteBtn.disabled = true;
bulkDeleteBtn.textContent = 'Deprecate Selected';
bulkRestoreBtn.style.display = 'none';
bulkRestoreBtn.disabled = true;
bulkPermanentDeleteBtn.style.display = 'none';
bulkPermanentDeleteBtn.disabled = true;
return;
}
// Count selected active and deprecated keys
let activeCount = 0;
let deprecatedCount = 0;
Array.from(this.selectedKeys).forEach(keyId => {
const key = this.findKeyById(keyId);
if (key) {
if (key.deprecated) {
deprecatedCount++;
} else {
activeCount++;
}
}
});
// Show/hide deprecate button
if (activeCount > 0) {
bulkDeleteBtn.disabled = false;
bulkDeleteBtn.textContent = `Deprecate Selected (${activeCount})`;
} else {
bulkDeleteBtn.disabled = true;
bulkDeleteBtn.textContent = 'Deprecate Selected';
}
// Show/hide restore button
if (deprecatedCount > 0) {
bulkRestoreBtn.style.display = 'inline-flex';
bulkRestoreBtn.disabled = false;
bulkRestoreBtn.textContent = `Restore Selected (${deprecatedCount})`;
} else {
bulkRestoreBtn.style.display = 'none';
bulkRestoreBtn.disabled = true;
}
// Show/hide permanent delete button
if (deprecatedCount > 0) {
bulkPermanentDeleteBtn.style.display = 'inline-flex';
bulkPermanentDeleteBtn.disabled = false;
bulkPermanentDeleteBtn.textContent = `Delete Selected (${deprecatedCount})`;
} else {
bulkPermanentDeleteBtn.style.display = 'none';
bulkPermanentDeleteBtn.disabled = true;
}
} }
showAddKeyModal() { showAddKeyModal() {
@@ -346,12 +621,17 @@ class SSHKeyManager {
} }
async deleteKey(keyId) { async deleteKey(keyId) {
if (!confirm('Are you sure you want to delete this SSH key?')) { const key = this.findKeyById(keyId);
if (!key) return;
if (key.deprecated) {
this.showToast('This key is already deprecated', 'warning');
return; return;
} }
const key = this.findKeyById(keyId); if (!confirm('Are you sure you want to deprecate this SSH key?')) {
if (!key) return; return;
}
try { try {
this.showLoading(); this.showLoading();
@@ -361,13 +641,79 @@ class SSHKeyManager {
if (!response.ok) { if (!response.ok) {
const errorText = await response.text(); const errorText = await response.text();
throw new Error(errorText || 'Failed to delete key'); throw new Error(errorText || 'Failed to deprecate key');
} }
this.showToast('SSH key deleted successfully', 'success'); this.showToast('SSH key deprecated successfully', 'success');
await this.loadKeys(); await this.loadKeys();
} catch (error) { } catch (error) {
this.showToast('Failed to delete key: ' + error.message, 'error'); this.showToast('Failed to deprecate key: ' + error.message, 'error');
} finally {
this.hideLoading();
}
}
async restoreKey(keyId) {
const key = this.findKeyById(keyId);
if (!key) return;
if (!key.deprecated) {
this.showToast('This key is not deprecated', 'warning');
return;
}
if (!confirm('Are you sure you want to restore this SSH key from deprecated status?')) {
return;
}
try {
this.showLoading();
const response = await fetch(`/${this.currentFlow}/keys/${encodeURIComponent(key.server)}/restore`, {
method: 'POST'
});
if (!response.ok) {
const errorText = await response.text();
throw new Error(errorText || 'Failed to restore key');
}
this.showToast('SSH key restored successfully', 'success');
await this.loadKeys();
} catch (error) {
this.showToast('Failed to restore key: ' + error.message, 'error');
} finally {
this.hideLoading();
}
}
async permanentlyDeleteKey(keyId) {
const key = this.findKeyById(keyId);
if (!key) return;
if (!confirm('⚠️ Are you sure you want to PERMANENTLY DELETE this SSH key?\n\nThis action cannot be undone!')) {
return;
}
// Double confirmation for permanent deletion
if (!confirm('This will permanently remove the key from the database.\n\nConfirm permanent deletion?')) {
return;
}
try {
this.showLoading();
const response = await fetch(`/${this.currentFlow}/keys/${encodeURIComponent(key.server)}/delete`, {
method: 'DELETE'
});
if (!response.ok) {
const errorText = await response.text();
throw new Error(errorText || 'Failed to permanently delete key');
}
this.showToast('SSH key permanently deleted', 'success');
await this.loadKeys();
} catch (error) {
this.showToast('Failed to permanently delete key: ' + error.message, 'error');
} finally { } finally {
this.hideLoading(); this.hideLoading();
} }
@@ -376,14 +722,25 @@ class SSHKeyManager {
async deleteSelectedKeys() { async deleteSelectedKeys() {
if (this.selectedKeys.size === 0) return; if (this.selectedKeys.size === 0) return;
if (!confirm(`Are you sure you want to delete ${this.selectedKeys.size} selected SSH keys?`)) { // Filter out already deprecated keys
const activeKeys = Array.from(this.selectedKeys).filter(keyId => {
const key = this.findKeyById(keyId);
return key && !key.deprecated;
});
if (activeKeys.length === 0) {
this.showToast('All selected keys are already deprecated', 'warning');
return;
}
if (!confirm(`Are you sure you want to deprecate ${activeKeys.length} selected SSH keys?`)) {
return; return;
} }
try { try {
this.showLoading(); this.showLoading();
const deletePromises = Array.from(this.selectedKeys).map(keyId => { const deprecatePromises = activeKeys.map(keyId => {
const key = this.findKeyById(keyId); const key = this.findKeyById(keyId);
if (!key) return Promise.resolve(); if (!key) return Promise.resolve();
@@ -392,11 +749,106 @@ class SSHKeyManager {
}); });
}); });
await Promise.all(deletePromises); await Promise.all(deprecatePromises);
this.showToast(`${this.selectedKeys.size} SSH keys deleted successfully`, 'success'); this.showToast(`${activeKeys.length} SSH keys deprecated successfully`, 'success');
await this.loadKeys(); await this.loadKeys();
} catch (error) { } catch (error) {
this.showToast('Failed to delete selected keys: ' + error.message, 'error'); this.showToast('Failed to deprecate selected keys: ' + error.message, 'error');
} finally {
this.hideLoading();
}
}
async restoreSelectedKeys() {
if (this.selectedKeys.size === 0) return;
// Filter only deprecated keys
const deprecatedKeys = Array.from(this.selectedKeys).filter(keyId => {
const key = this.findKeyById(keyId);
return key && key.deprecated;
});
if (deprecatedKeys.length === 0) {
this.showToast('No deprecated keys selected', 'warning');
return;
}
if (!confirm(`Are you sure you want to restore ${deprecatedKeys.length} deprecated SSH keys?`)) {
return;
}
// Get unique server names
const serverNames = [...new Set(deprecatedKeys.map(keyId => {
const key = this.findKeyById(keyId);
return key ? key.server : null;
}).filter(Boolean))];
try {
this.showLoading();
const response = await fetch(`/${this.currentFlow}/bulk-restore`, {
method: 'POST',
headers: {
'Content-Type': 'application/json',
},
body: JSON.stringify({ servers: serverNames })
});
if (!response.ok) {
const errorText = await response.text();
throw new Error(errorText || 'Failed to restore keys');
}
const result = await response.json();
this.showToast(result.message, 'success');
await this.loadKeys();
} catch (error) {
this.showToast('Failed to restore selected keys: ' + error.message, 'error');
} finally {
this.hideLoading();
}
}
async permanentlyDeleteSelectedKeys() {
if (this.selectedKeys.size === 0) return;
// Filter only deprecated keys
const deprecatedKeys = Array.from(this.selectedKeys).filter(keyId => {
const key = this.findKeyById(keyId);
return key && key.deprecated;
});
if (deprecatedKeys.length === 0) {
this.showToast('No deprecated keys selected', 'warning');
return;
}
if (!confirm(`⚠️ Are you sure you want to PERMANENTLY DELETE ${deprecatedKeys.length} deprecated SSH keys?\n\nThis action cannot be undone!`)) {
return;
}
// Double confirmation for permanent deletion
if (!confirm('This will permanently remove the keys from the database.\n\nConfirm permanent deletion?')) {
return;
}
try {
this.showLoading();
const deletePromises = deprecatedKeys.map(keyId => {
const key = this.findKeyById(keyId);
if (!key) return Promise.resolve();
return fetch(`/${this.currentFlow}/keys/${encodeURIComponent(key.server)}/delete`, {
method: 'DELETE'
});
});
await Promise.all(deletePromises);
this.showToast(`${deprecatedKeys.length} SSH keys permanently deleted`, 'success');
await this.loadKeys();
} catch (error) {
this.showToast('Failed to permanently delete selected keys: ' + error.message, 'error');
} finally { } finally {
this.hideLoading(); this.hideLoading();
} }
@@ -459,6 +911,8 @@ class SSHKeyManager {
document.getElementById('keysTableBody').innerHTML = ''; document.getElementById('keysTableBody').innerHTML = '';
document.getElementById('noKeysMessage').style.display = 'block'; document.getElementById('noKeysMessage').style.display = 'block';
document.getElementById('totalKeys').textContent = '0'; document.getElementById('totalKeys').textContent = '0';
document.getElementById('activeKeys').textContent = '0';
document.getElementById('deprecatedKeys').textContent = '0';
document.getElementById('uniqueServers').textContent = '0'; document.getElementById('uniqueServers').textContent = '0';
this.selectedKeys.clear(); this.selectedKeys.clear();
this.updateBulkDeleteButton(); this.updateBulkDeleteButton();
@@ -503,6 +957,150 @@ class SSHKeyManager {
}, 300); }, 300);
}, 4000); }, 4000);
} }
// DNS Resolution Scanning
async scanDnsResolution() {
if (!this.currentFlow) {
this.showToast('Please select a flow first', 'warning');
return;
}
try {
this.showLoading();
const response = await fetch(`/${this.currentFlow}/scan-dns`, {
method: 'POST',
headers: {
'Content-Type': 'application/json',
},
});
if (!response.ok) {
const errorText = await response.text();
throw new Error(errorText || 'Failed to scan DNS resolution');
}
const scanResults = await response.json();
this.showDnsScanResults(scanResults);
} catch (error) {
this.showToast('Failed to scan DNS resolution: ' + error.message, 'error');
} finally {
this.hideLoading();
}
}
showDnsScanResults(scanResults) {
const { results, total, unresolved } = scanResults;
// Update stats
const statsDiv = document.getElementById('dnsScanStats');
statsDiv.innerHTML = `
<div class="scan-stat">
<span class="scan-stat-value">${total}</span>
<span class="scan-stat-label">Total Hosts</span>
</div>
<div class="scan-stat">
<span class="scan-stat-value">${total - unresolved}</span>
<span class="scan-stat-label">Resolved</span>
</div>
<div class="scan-stat">
<span class="scan-stat-value unresolved-count">${unresolved}</span>
<span class="scan-stat-label">Unresolved</span>
</div>
`;
// Show unresolved hosts
const unresolvedHosts = results.filter(r => !r.resolved);
const unresolvedList = document.getElementById('unresolvedList');
if (unresolvedHosts.length === 0) {
unresolvedList.innerHTML = '<div class="empty-state">🎉 All hosts resolved successfully!</div>';
document.getElementById('selectAllUnresolved').style.display = 'none';
} else {
document.getElementById('selectAllUnresolved').style.display = 'inline-flex';
unresolvedList.innerHTML = unresolvedHosts.map(host => `
<div class="host-item">
<label>
<input type="checkbox" value="${this.escapeHtml(host.server)}" class="unresolved-checkbox">
<span class="host-name">${this.escapeHtml(host.server)}</span>
</label>
${host.error ? `<span class="host-error">${this.escapeHtml(host.error)}</span>` : ''}
</div>
`).join('');
// Add event listeners to checkboxes
unresolvedList.querySelectorAll('.unresolved-checkbox').forEach(checkbox => {
checkbox.addEventListener('change', () => {
this.updateDeprecateUnresolvedButton();
});
});
}
this.updateDeprecateUnresolvedButton();
this.showModal('dnsScanModal');
}
toggleSelectAllUnresolved() {
const checkboxes = document.querySelectorAll('.unresolved-checkbox');
const allChecked = Array.from(checkboxes).every(cb => cb.checked);
checkboxes.forEach(checkbox => {
checkbox.checked = !allChecked;
});
this.updateDeprecateUnresolvedButton();
}
updateDeprecateUnresolvedButton() {
const selectedCount = document.querySelectorAll('.unresolved-checkbox:checked').length;
const deprecateBtn = document.getElementById('deprecateUnresolved');
if (selectedCount > 0) {
deprecateBtn.disabled = false;
deprecateBtn.textContent = `Deprecate Selected (${selectedCount})`;
} else {
deprecateBtn.disabled = true;
deprecateBtn.textContent = 'Deprecate Selected';
}
}
async deprecateSelectedUnresolved() {
const selectedHosts = Array.from(document.querySelectorAll('.unresolved-checkbox:checked'))
.map(cb => cb.value);
if (selectedHosts.length === 0) {
this.showToast('No hosts selected', 'warning');
return;
}
if (!confirm(`Are you sure you want to deprecate SSH keys for ${selectedHosts.length} unresolved hosts?`)) {
return;
}
try {
this.showLoading();
const response = await fetch(`/${this.currentFlow}/bulk-deprecate`, {
method: 'POST',
headers: {
'Content-Type': 'application/json',
},
body: JSON.stringify({ servers: selectedHosts })
});
if (!response.ok) {
const errorText = await response.text();
throw new Error(errorText || 'Failed to deprecate hosts');
}
const result = await response.json();
this.showToast(result.message, 'success');
this.hideModal('dnsScanModal');
await this.loadKeys();
} catch (error) {
this.showToast('Failed to deprecate hosts: ' + error.message, 'error');
} finally {
this.hideLoading();
}
}
} }
// Initialize the SSH Key Manager when the page loads // Initialize the SSH Key Manager when the page loads

320
static/style.css
View File

@@ -50,6 +50,23 @@ header h1 {
font-size: 2.5rem; font-size: 2.5rem;
font-weight: 600; font-weight: 600;
color: var(--text-primary); color: var(--text-primary);
margin: 0;
}
.header-title {
display: flex;
align-items: baseline;
gap: 1rem;
}
.version {
font-size: 0.875rem;
color: var(--text-secondary);
background: var(--background);
padding: 0.25rem 0.5rem;
border-radius: var(--border-radius);
font-weight: 500;
border: 1px solid var(--border);
} }
.flow-selector { .flow-selector {
@@ -119,6 +136,15 @@ header h1 {
background-color: var(--danger-hover); background-color: var(--danger-hover);
} }
.btn-success {
background-color: var(--success-color);
color: white;
}
.btn-success:hover:not(:disabled) {
background-color: #059669;
}
.btn-sm { .btn-sm {
padding: 0.25rem 0.5rem; padding: 0.25rem 0.5rem;
font-size: 0.75rem; font-size: 0.75rem;
@@ -146,6 +172,10 @@ header h1 {
color: var(--primary-color); color: var(--primary-color);
} }
.stat-value.deprecated {
color: var(--danger-color);
}
.stat-label { .stat-label {
color: var(--text-secondary); color: var(--text-secondary);
font-size: 0.875rem; font-size: 0.875rem;
@@ -161,6 +191,46 @@ header h1 {
flex-wrap: wrap; flex-wrap: wrap;
} }
.filter-controls {
display: flex;
align-items: center;
gap: 1rem;
}
.filter-label {
display: flex;
align-items: center;
gap: 0.5rem;
font-size: 0.875rem;
color: var(--text-primary);
cursor: pointer;
user-select: none;
padding: 0.5rem 0.75rem;
border-radius: var(--border-radius);
transition: background-color 0.2s ease;
}
.filter-label:hover {
background-color: var(--background);
}
.filter-label.active {
background-color: var(--primary-color);
color: white;
}
.filter-label.active input[type="checkbox"] {
accent-color: white;
}
.filter-label input[type="checkbox"] {
margin: 0;
}
.filter-label span {
white-space: nowrap;
}
.search-box input { .search-box input {
padding: 0.5rem 1rem; padding: 0.5rem 1rem;
border: 1px solid var(--border); border: 1px solid var(--border);
@@ -201,6 +271,94 @@ header h1 {
background-color: #f8fafc; background-color: #f8fafc;
} }
.keys-table tbody tr.deprecated {
opacity: 0.6;
background-color: #fef2f2;
}
.keys-table tbody tr.deprecated:hover {
background-color: #fee2e2;
}
.keys-table tbody tr.deprecated .key-preview,
.keys-table tbody tr.deprecated td:nth-child(2) {
text-decoration: line-through;
color: var(--text-secondary);
}
.host-group-header {
background-color: #f1f5f9;
font-weight: 600;
transition: background-color 0.2s ease;
border-left: 4px solid var(--primary-color);
}
.host-group-header:hover {
background-color: #e2e8f0;
}
.host-group-header.collapsed {
border-left-color: var(--secondary-color);
}
.host-group-header .expand-icon {
transition: transform 0.2s ease;
display: inline-block;
margin-right: 0.5rem;
user-select: none;
}
.host-group-header.collapsed .expand-icon {
transform: rotate(-90deg);
}
.host-group-header input[type="checkbox"] {
margin: 0;
}
.host-group-header td:first-child {
width: 50px;
text-align: center;
}
.host-group-header td:nth-child(2) {
cursor: pointer;
user-select: none;
}
.key-row {
border-left: 4px solid transparent;
}
.key-row.hidden {
display: none;
}
.host-summary {
font-size: 0.875rem;
color: var(--text-secondary);
}
.key-count {
background-color: var(--primary-color);
color: white;
padding: 0.125rem 0.375rem;
border-radius: 0.25rem;
font-size: 0.75rem;
font-weight: 500;
margin-left: 0.5rem;
}
.deprecated-count {
background-color: var(--danger-color);
color: white;
padding: 0.125rem 0.375rem;
border-radius: 0.25rem;
font-size: 0.75rem;
font-weight: 500;
margin-left: 0.25rem;
}
.key-preview { .key-preview {
font-family: 'Monaco', 'Menlo', 'Ubuntu Mono', monospace; font-family: 'Monaco', 'Menlo', 'Ubuntu Mono', monospace;
font-size: 0.875rem; font-size: 0.875rem;
@@ -226,6 +384,17 @@ header h1 {
.key-type.ecdsa { background-color: #e0e7ff; color: #3730a3; } .key-type.ecdsa { background-color: #e0e7ff; color: #3730a3; }
.key-type.dsa { background-color: #fce7f3; color: #9d174d; } .key-type.dsa { background-color: #fce7f3; color: #9d174d; }
.deprecated-badge {
display: inline-block;
padding: 0.25rem 0.5rem;
background-color: #fecaca;
color: #991b1b;
border-radius: 0.25rem;
font-size: 0.75rem;
font-weight: 500;
margin-left: 0.5rem;
}
.no-keys-message { .no-keys-message {
text-align: center; text-align: center;
padding: 3rem; padding: 3rem;
@@ -442,9 +611,24 @@ header h1 {
align-items: stretch; align-items: stretch;
} }
.header-title {
flex-direction: column;
align-items: flex-start;
gap: 0.5rem;
}
.header-title h1 {
font-size: 2rem;
}
.actions-panel { .actions-panel {
flex-direction: column; flex-direction: column;
align-items: stretch; align-items: stretch;
gap: 1rem;
}
.filter-controls {
justify-content: center;
} }
.search-box input { .search-box input {
@@ -480,6 +664,13 @@ input[type="checkbox"] {
accent-color: var(--primary-color); accent-color: var(--primary-color);
} }
/* Indeterminate checkbox styling */
input[type="checkbox"]:indeterminate {
background-color: var(--primary-color);
background-image: linear-gradient(90deg, transparent 40%, white 40%, white 60%, transparent 60%);
border-color: var(--primary-color);
}
/* Action buttons in table */ /* Action buttons in table */
.table-actions { .table-actions {
display: flex; display: flex;
@@ -503,3 +694,132 @@ input[type="checkbox"] {
.form-group textarea:valid { .form-group textarea:valid {
border-color: var(--success-color); border-color: var(--success-color);
} }
/* DNS Scan Modal Styles */
.modal-large {
max-width: 800px;
}
.scan-stats {
background: var(--background);
padding: 1rem;
border-radius: var(--border-radius);
margin-bottom: 1.5rem;
display: grid;
grid-template-columns: repeat(auto-fit, minmax(150px, 1fr));
gap: 1rem;
}
.scan-stat {
text-align: center;
}
.scan-stat-value {
display: block;
font-size: 1.5rem;
font-weight: 600;
color: var(--primary-color);
}
.scan-stat-label {
color: var(--text-secondary);
font-size: 0.875rem;
}
.unresolved-count {
color: var(--danger-color) !important;
}
.section-header {
display: flex;
justify-content: space-between;
align-items: center;
margin-bottom: 1rem;
}
.section-header h3 {
font-size: 1.125rem;
font-weight: 600;
color: var(--text-primary);
}
.host-list {
max-height: 300px;
overflow-y: auto;
border: 1px solid var(--border);
border-radius: var(--border-radius);
}
.host-item {
display: flex;
align-items: center;
padding: 0.75rem;
border-bottom: 1px solid var(--border);
transition: background-color 0.2s ease;
}
.host-item:last-child {
border-bottom: none;
}
.host-item:hover {
background-color: var(--background);
}
.host-item label {
display: flex;
align-items: center;
gap: 0.75rem;
flex: 1;
cursor: pointer;
margin: 0;
}
.host-name {
font-family: 'Monaco', 'Menlo', 'Ubuntu Mono', monospace;
font-weight: 500;
color: var(--text-primary);
}
.host-error {
font-size: 0.75rem;
color: var(--danger-color);
margin-left: auto;
max-width: 200px;
word-break: break-word;
}
.empty-state {
text-align: center;
padding: 2rem;
color: var(--text-secondary);
font-style: italic;
}
.scan-progress {
background: var(--background);
padding: 1rem;
border-radius: var(--border-radius);
margin-bottom: 1rem;
text-align: center;
}
.scan-progress-text {
color: var(--text-secondary);
margin-bottom: 0.5rem;
}
.progress-bar {
width: 100%;
height: 8px;
background: var(--border);
border-radius: 4px;
overflow: hidden;
}
.progress-fill {
height: 100%;
background: var(--primary-color);
transition: width 0.3s ease;
border-radius: 4px;
}