Hexor/khm
1
0
Fork 0
mirror of https://github.com/house-of-vanity/khm.git synced 2025-08-22 06:27:15 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Compare commits

base: Hexor:v0.6.0
Branches Tags
Hexor:master Hexor:UI Hexor:UI-test
Hexor:v0.7.1 Hexor:v0.7.0 Hexor:v0.6.3 Hexor:v0.6.2 Hexor:v0.6.1 Hexor:v0.6.0 Hexor:v0.5.0 Hexor:v0.4.2 Hexor:v0.4.1 Hexor:v0.4.0 Hexor:v0.2.3 Hexor:v0.2.2 Hexor:v0.2.1 Hexor:v0.2.0 Hexor:v0.1.0
...
compare: Hexor:v0.6.3
Branches Tags
Hexor:UI Hexor:UI-test Hexor:master
Hexor:v0.7.1 Hexor:v0.7.0 Hexor:v0.6.3 Hexor:v0.6.2 Hexor:v0.6.1 Hexor:v0.6.0 Hexor:v0.5.0 Hexor:v0.4.2 Hexor:v0.4.1 Hexor:v0.4.0 Hexor:v0.2.3 Hexor:v0.2.2 Hexor:v0.2.1 Hexor:v0.2.0 Hexor:v0.1.0

6 Commits
v0.6.0 ... v0.6.3

Author SHA1 Message Date
Ultradesu
af6c4d7e61 Added auto deprecation feature 2025-07-20 17:37:46 +03:00
Ultradesu
9c5518b39e Added auto deprecation feature 2025-07-20 17:26:44 +03:00
Ultradesu
1eccc0e0f7 Fixed client mode flow args 2025-07-19 15:51:17 +03:00
Ultradesu
45ac3fca51 Fixed web ui. Added deprecation feature 2025-07-19 12:56:25 +03:00
Ultradesu
e33910a2db Added web ui 2025-07-19 12:20:52 +03:00
Ultradesu
c5d8ebd89f Added web ui 2025-07-19 12:20:37 +03:00
10 changed files with 2081 additions and 550 deletions
Expand all files Collapse all files

202
Cargo.lock generated
View File

@@ -557,6 +557,12 @@ dependencies = [
"typenum", "typenum",
] ]
[[package]]
name = "data-encoding"
version = "2.9.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "2a2330da5de22e8a3cb63252ce2abb30116bf5265e89c0e01bc17015ce30a476"
[[package]] [[package]]
name = "deranged" name = "deranged"
version = "0.3.11" version = "0.3.11"
@@ -599,6 +605,18 @@ dependencies = [
"cfg-if", "cfg-if",
] ]
[[package]]
name = "enum-as-inner"
version = "0.6.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "a1e6a265c649f3f5979b601d26f1d05ada116434c87741c9493cb56218f76cbc"
dependencies = [
"heck",
"proc-macro2",
"quote",
"syn",
]
[[package]] [[package]]
name = "env_filter" name = "env_filter"
version = "0.1.0" version = "0.1.0"
@@ -690,6 +708,21 @@ dependencies = [
"percent-encoding", "percent-encoding",
] ]
[[package]]
name = "futures"
version = "0.3.30"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "645c6916888f6cb6350d2550b80fb63e734897a8498abe35cfb732b6487804b0"
dependencies = [
"futures-channel",
"futures-core",
"futures-executor",
"futures-io",
"futures-sink",
"futures-task",
"futures-util",
]
[[package]] [[package]]
name = "futures-channel" name = "futures-channel"
version = "0.3.30" version = "0.3.30"
@@ -706,6 +739,23 @@ version = "0.3.30"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "dfc6580bb841c5a68e9ef15c77ccc837b40a7504914d52e47b8b0e9bbda25a1d" checksum = "dfc6580bb841c5a68e9ef15c77ccc837b40a7504914d52e47b8b0e9bbda25a1d"
[[package]]
name = "futures-executor"
version = "0.3.30"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "a576fc72ae164fca6b9db127eaa9a9dda0d61316034f33a0a0d4eda41f02b01d"
dependencies = [
"futures-core",
"futures-task",
"futures-util",
]
[[package]]
name = "futures-io"
version = "0.3.31"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "9e5c1b78ca4aae1ac06c48a526a655760685149f0d465d21f37abfe57ce075c6"
[[package]] [[package]]
name = "futures-macro" name = "futures-macro"
version = "0.3.30" version = "0.3.30"
@@ -735,10 +785,13 @@ version = "0.3.30"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "3d6401deb83407ab3da39eba7e33987a73c3df0c82b4bb5813ee871c19c41d48" checksum = "3d6401deb83407ab3da39eba7e33987a73c3df0c82b4bb5813ee871c19c41d48"
dependencies = [ dependencies = [
"futures-channel",
"futures-core", "futures-core",
"futures-io",
"futures-macro", "futures-macro",
"futures-sink", "futures-sink",
"futures-task", "futures-task",
"memchr",
"pin-project-lite", "pin-project-lite",
"pin-utils", "pin-utils",
"slab", "slab",
@@ -1006,6 +1059,16 @@ dependencies = [
"cc", "cc",
] ]
[[package]]
name = "idna"
version = "0.4.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "7d20d6b07bfbc108882d88ed8e37d39636dcc260e15e30c45e6ba089610b917c"
dependencies = [
"unicode-bidi",
"unicode-normalization",
]
[[package]] [[package]]
name = "idna" name = "idna"
version = "0.5.0" version = "0.5.0"
@@ -1026,6 +1089,18 @@ dependencies = [
"hashbrown", "hashbrown",
] ]
[[package]]
name = "ipconfig"
version = "0.3.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "b58db92f96b720de98181bbbe63c831e87005ab460c1bf306eb2622b4707997f"
dependencies = [
"socket2",
"widestring",
"windows-sys 0.48.0",
"winreg 0.50.0",
]
[[package]] [[package]]
name = "ipnet" name = "ipnet"
version = "2.9.0" version = "2.9.0"
@@ -1064,13 +1139,14 @@ dependencies = [
[[package]] [[package]]
name = "khm" name = "khm"
version = "0.8.0" version = "0.6.3"
dependencies = [ dependencies = [
"actix-web", "actix-web",
"base64 0.21.7", "base64 0.21.7",
"chrono", "chrono",
"clap", "clap",
"env_logger", "env_logger",
"futures",
"hostname", "hostname",
"log", "log",
"regex", "regex",
@@ -1081,6 +1157,7 @@ dependencies = [
"tokio", "tokio",
"tokio-postgres", "tokio-postgres",
"tokio-util", "tokio-util",
"trust-dns-resolver",
] ]
[[package]] [[package]]
@@ -1095,6 +1172,12 @@ version = "0.2.155"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "97b3888a4aecf77e811145cadf6eef5901f4782c53886191b2f693f24761847c" checksum = "97b3888a4aecf77e811145cadf6eef5901f4782c53886191b2f693f24761847c"
[[package]]
name = "linked-hash-map"
version = "0.5.6"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "0717cef1bc8b636c6e1c1bbdefc09e6322da8a9321966e8928ef80d20f7f770f"
[[package]] [[package]]
name = "linux-raw-sys" name = "linux-raw-sys"
version = "0.4.14" version = "0.4.14"
@@ -1134,6 +1217,15 @@ version = "0.4.22"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "a7a70ba024b9dc04c27ea2f0c0548feb474ec5c54bba33a7f72f873a39d07b24" checksum = "a7a70ba024b9dc04c27ea2f0c0548feb474ec5c54bba33a7f72f873a39d07b24"
[[package]]
name = "lru-cache"
version = "0.1.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "31e24f1ad8321ca0e8a1e0ac13f23cb668e6f5466c2c57319f6a5cf1cc8e3b1c"
dependencies = [
"linked-hash-map",
]
[[package]] [[package]]
name = "match_cfg" name = "match_cfg"
version = "0.1.0" version = "0.1.0"
@@ -1558,9 +1650,15 @@ dependencies = [
"wasm-bindgen", "wasm-bindgen",
"wasm-bindgen-futures", "wasm-bindgen-futures",
"web-sys", "web-sys",
"winreg", "winreg 0.52.0",
] ]
[[package]]
name = "resolv-conf"
version = "0.7.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "95325155c684b1c89f7765e30bc1c42e4a6da51ca513615660cb8a62ef9a88e3"
[[package]] [[package]]
name = "ring" name = "ring"
version = "0.17.8" version = "0.17.8"
@@ -1873,9 +1971,9 @@ checksum = "13c2bddecc57b384dee18652358fb23172facb8a2c51ccc10d74c157bdea3292"
[[package]] [[package]]
name = "syn" name = "syn"
version = "2.0.68" version = "2.0.87"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "901fa70d88b9d6c98022e23b4136f9f3e54e4662c3bc1bd1d84a42a9a0f0c1e9" checksum = "25aa4ce346d03a6dcd68dd8b4010bcb74e54e62c90c573f394c46eae99aba32d"
dependencies = [ dependencies = [
"proc-macro2", "proc-macro2",
"quote", "quote",
@@ -1921,6 +2019,26 @@ dependencies = [
"windows-sys 0.52.0", "windows-sys 0.52.0",
] ]
[[package]]
name = "thiserror"
version = "1.0.69"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "b6aaf5339b578ea85b50e080feb250a3e8ae8cfcdff9a461c9ec2904bc923f52"
dependencies = [
"thiserror-impl",
]
[[package]]
name = "thiserror-impl"
version = "1.0.69"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "4fee6c4efc90059e10f81e6d42c60a18f76588c3d74cb83a0b242a2b6c7504c1"
dependencies = [
"proc-macro2",
"quote",
"syn",
]
[[package]] [[package]]
name = "time" name = "time"
version = "0.3.36" version = "0.3.36"
@@ -2092,9 +2210,21 @@ checksum = "c3523ab5a71916ccf420eebdf5521fcef02141234bbc0b8a49f2fdc4544364ef"
dependencies = [ dependencies = [
"log", "log",
"pin-project-lite", "pin-project-lite",
"tracing-attributes",
"tracing-core", "tracing-core",
] ]
[[package]]
name = "tracing-attributes"
version = "0.1.30"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "81383ab64e72a7a8b8e13130c49e3dab29def6d0c7d76a03087b3cf71c5c6903"
dependencies = [
"proc-macro2",
"quote",
"syn",
]
[[package]] [[package]]
name = "tracing-core" name = "tracing-core"
version = "0.1.32" version = "0.1.32"
@@ -2104,6 +2234,52 @@ dependencies = [
"once_cell", "once_cell",
] ]
[[package]]
name = "trust-dns-proto"
version = "0.23.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "3119112651c157f4488931a01e586aa459736e9d6046d3bd9105ffb69352d374"
dependencies = [
"async-trait",
"cfg-if",
"data-encoding",
"enum-as-inner",
"futures-channel",
"futures-io",
"futures-util",
"idna 0.4.0",
"ipnet",
"once_cell",
"rand",
"smallvec",
"thiserror",
"tinyvec",
"tokio",
"tracing",
"url",
]
[[package]]
name = "trust-dns-resolver"
version = "0.23.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "10a3e6c3aff1718b3c73e395d1f35202ba2ffa847c6a62eea0db8fb4cfe30be6"
dependencies = [
"cfg-if",
"futures-util",
"ipconfig",
"lru-cache",
"once_cell",
"parking_lot",
"rand",
"resolv-conf",
"smallvec",
"thiserror",
"tokio",
"tracing",
"trust-dns-proto",
]
[[package]] [[package]]
name = "try-lock" name = "try-lock"
version = "0.2.5" version = "0.2.5"
@@ -2156,7 +2332,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "22784dbdf76fdde8af1aeda5622b546b422b6fc585325248a2bf9f5e41e94d6c" checksum = "22784dbdf76fdde8af1aeda5622b546b422b6fc585325248a2bf9f5e41e94d6c"
dependencies = [ dependencies = [
"form_urlencoded", "form_urlencoded",
"idna", "idna 0.5.0",
"percent-encoding", "percent-encoding",
] ]
@@ -2296,6 +2472,12 @@ dependencies = [
"web-sys", "web-sys",
] ]
[[package]]
name = "widestring"
version = "1.2.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "dd7cf3379ca1aac9eea11fba24fd7e315d621f8dfe35c8d7d2be8b793726e07d"
[[package]] [[package]]
name = "winapi" name = "winapi"
version = "0.3.9" version = "0.3.9"
@@ -2475,6 +2657,16 @@ version = "0.52.6"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "589f6da84c646204747d1270a2a5661ea66ed1cced2631d546fdfb155959f9ec" checksum = "589f6da84c646204747d1270a2a5661ea66ed1cced2631d546fdfb155959f9ec"
[[package]]
name = "winreg"
version = "0.50.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "524e57b2c537c0f9b1e69f1965311ec12182b4122e45035b1508cd24d2adadb1"
dependencies = [
"cfg-if",
"windows-sys 0.48.0",
]
[[package]] [[package]]
name = "winreg" name = "winreg"
version = "0.52.0" version = "0.52.0"

6
Cargo.toml
View File

@@ -1,6 +1,6 @@
[package] [package]
name = "khm" name = "khm"
version = "0.8.0" version = "0.6.3"
edition = "2021" edition = "2021"
authors = ["AB <ab@hexor.cy>"] authors = ["AB <ab@hexor.cy>"]
@@ -12,11 +12,13 @@ env_logger = "0.11.3"
log = "0.4" log = "0.4"
regex = "1.10.5" regex = "1.10.5"
base64 = "0.21" base64 = "0.21"
tokio = { version = "1", features = ["full"] } tokio = { version = "1", features = ["full", "sync"] }
tokio-postgres = { version = "0.7", features = ["with-chrono-0_4"] } tokio-postgres = { version = "0.7", features = ["with-chrono-0_4"] }
tokio-util = { version = "0.7", features = ["codec"] } tokio-util = { version = "0.7", features = ["codec"] }
clap = { version = "4", features = ["derive"] } clap = { version = "4", features = ["derive"] }
chrono = "0.4.38" chrono = "0.4.38"
reqwest = { version = "0.12", features = ["json"] } reqwest = { version = "0.12", features = ["json"] }
trust-dns-resolver = "0.23"
futures = "0.3"
hostname = "0.3" hostname = "0.3"
rust-embed = "8.0" rust-embed = "8.0"

29
src/client.rs
View File

@@ -55,7 +55,10 @@ fn write_known_hosts(file_path: &str, keys: &[SshKey]) -> io::Result<()> {
for key in active_keys { for key in active_keys {
writeln!(file, "{} {}", key.server, key.public_key)?; writeln!(file, "{} {}", key.server, key.public_key)?;
} }
info!("Wrote {} active keys to known_hosts file (filtered out deprecated keys)", active_count); info!(
"Wrote {} active keys to known_hosts file (filtered out deprecated keys)",
active_count
);
Ok(()) Ok(())
} }
@@ -177,7 +180,10 @@ pub async fn run_client(args: crate::Args) -> std::io::Result<()> {
Ok(keys) => keys, Ok(keys) => keys,
Err(e) => { Err(e) => {
if e.kind() == io::ErrorKind::NotFound { if e.kind() == io::ErrorKind::NotFound {
info!("known_hosts file not found: {}. Starting with empty key list.", args.known_hosts); info!(
"known_hosts file not found: {}. Starting with empty key list.",
args.known_hosts
);
Vec::new() Vec::new()
} else { } else {
error!("Failed to read known_hosts file: {}", e); error!("Failed to read known_hosts file: {}", e);
@@ -187,20 +193,29 @@ pub async fn run_client(args: crate::Args) -> std::io::Result<()> {
}; };
let host = args.host.expect("host is required in client mode"); let host = args.host.expect("host is required in client mode");
info!("Client mode: Sending keys to server at {}", host); let flow = args.flow.expect("flow is required in client mode");
let url = format!("{}/{}", host, flow);
if let Err(e) = send_keys_to_server(&host, keys, &args.basic_auth).await { info!("Client mode: Sending keys to server at {}", url);
if let Err(e) = send_keys_to_server(&url, keys, &args.basic_auth).await {
error!("Failed to send keys to server: {}", e); error!("Failed to send keys to server: {}", e);
return Err(io::Error::new(io::ErrorKind::Other, format!("Network error: {}", e))); return Err(io::Error::new(
io::ErrorKind::Other,
format!("Network error: {}", e),
));
} }
if args.in_place { if args.in_place {
info!("Client mode: In-place update is enabled. Fetching keys from server."); info!("Client mode: In-place update is enabled. Fetching keys from server.");
let server_keys = match get_keys_from_server(&host, &args.basic_auth).await { let server_keys = match get_keys_from_server(&url, &args.basic_auth).await {
Ok(keys) => keys, Ok(keys) => keys,
Err(e) => { Err(e) => {
error!("Failed to get keys from server: {}", e); error!("Failed to get keys from server: {}", e);
return Err(io::Error::new(io::ErrorKind::Other, format!("Network error: {}", e))); return Err(io::Error::new(
io::ErrorKind::Other,
format!("Network error: {}", e),
));
} }
}; };

403
src/db.rs
View File

@@ -1,8 +1,10 @@
use crate::server::SshKey; use crate::server::SshKey;
use log::info; use log::{error, info};
use std::collections::HashMap; use std::collections::HashMap;
use std::collections::HashSet; use std::collections::HashSet;
use tokio_postgres::Client; use tokio_postgres::tls::NoTlsStream;
use tokio_postgres::Socket;
use tokio_postgres::{Client, Connection, NoTls};
// Structure for storing key processing statistics // Structure for storing key processing statistics
pub struct KeyInsertStats { pub struct KeyInsertStats {
@@ -12,11 +14,59 @@ pub struct KeyInsertStats {
pub key_id_map: Vec<(SshKey, i32)>, // Mapping of keys to their IDs in the database pub key_id_map: Vec<(SshKey, i32)>, // Mapping of keys to their IDs in the database
} }
pub async fn initialize_db_schema(client: &Client) -> Result<(), tokio_postgres::Error> { // Simple database client that exits on connection errors
pub struct DbClient {
client: Client,
}
impl DbClient {
pub async fn connect(
connection_string: &str,
) -> Result<(Self, Connection<Socket, NoTlsStream>), tokio_postgres::Error> {
info!("Connecting to database...");
let (client, connection) = tokio_postgres::connect(connection_string, NoTls).await?;
info!("Successfully connected to database");
Ok((DbClient { client }, connection))
}
// Helper function to handle database errors - exits the application on connection errors
fn handle_db_error<T>(
result: Result<T, tokio_postgres::Error>,
operation: &str,
) -> Result<T, tokio_postgres::Error> {
match result {
Ok(value) => Ok(value),
Err(e) => {
if Self::is_connection_error(&e) {
error!("Database connection lost during {}: {}", operation, e);
error!("Exiting application due to database connection failure");
std::process::exit(1);
} else {
// For non-connection errors, just return the error
Err(e)
}
}
}
}
fn is_connection_error(error: &tokio_postgres::Error) -> bool {
// Check if the error is related to connection issues
let error_str = error.to_string();
error_str.contains("connection closed")
|| error_str.contains("connection reset")
|| error_str.contains("broken pipe")
|| error_str.contains("Connection refused")
|| error_str.contains("connection terminated")
|| error.as_db_error().is_none() // Non-database errors are often connection issues
}
pub async fn initialize_schema(&self) -> Result<(), tokio_postgres::Error> {
info!("Checking and initializing database schema if needed"); info!("Checking and initializing database schema if needed");
// Check if tables exist by querying information_schema // Check if tables exist by querying information_schema
let tables_exist = client let result = self
.client
.query( .query(
"SELECT EXISTS ( "SELECT EXISTS (
SELECT FROM information_schema.tables SELECT FROM information_schema.tables
@@ -29,7 +79,9 @@ pub async fn initialize_db_schema(client: &Client) -> Result<(), tokio_postgres:
)", )",
&[], &[],
) )
.await? .await;
let tables_exist = Self::handle_db_error(result, "checking table existence")?
.get(0) .get(0)
.map(|row| row.get::<_, bool>(0)) .map(|row| row.get::<_, bool>(0))
.unwrap_or(false); .unwrap_or(false);
@@ -38,7 +90,8 @@ pub async fn initialize_db_schema(client: &Client) -> Result<(), tokio_postgres:
info!("Database schema doesn't exist. Creating tables..."); info!("Database schema doesn't exist. Creating tables...");
// Create the keys table // Create the keys table
client let result = self
.client
.execute( .execute(
"CREATE TABLE IF NOT EXISTS public.keys ( "CREATE TABLE IF NOT EXISTS public.keys (
key_id SERIAL PRIMARY KEY, key_id SERIAL PRIMARY KEY,
@@ -50,10 +103,12 @@ pub async fn initialize_db_schema(client: &Client) -> Result<(), tokio_postgres:
)", )",
&[], &[],
) )
.await?; .await;
Self::handle_db_error(result, "creating keys table")?;
// Create the flows table // Create the flows table
client let result = self
.client
.execute( .execute(
"CREATE TABLE IF NOT EXISTS public.flows ( "CREATE TABLE IF NOT EXISTS public.flows (
flow_id SERIAL PRIMARY KEY, flow_id SERIAL PRIMARY KEY,
@@ -67,22 +122,26 @@ pub async fn initialize_db_schema(client: &Client) -> Result<(), tokio_postgres:
)", )",
&[], &[],
) )
.await?; .await;
Self::handle_db_error(result, "creating flows table")?;
// Create an index for faster lookups // Create an index for faster lookups
client let result = self
.client
.execute( .execute(
"CREATE INDEX IF NOT EXISTS idx_flows_name ON public.flows(name)", "CREATE INDEX IF NOT EXISTS idx_flows_name ON public.flows(name)",
&[], &[],
) )
.await?; .await;
Self::handle_db_error(result, "creating index")?;
info!("Database schema created successfully"); info!("Database schema created successfully");
} else { } else {
info!("Database schema already exists"); info!("Database schema already exists");
// Check if deprecated column exists, add it if missing (migration) // Check if deprecated column exists, add it if missing (migration)
let column_exists = client let result = self
.client
.query( .query(
"SELECT EXISTS ( "SELECT EXISTS (
SELECT FROM information_schema.columns SELECT FROM information_schema.columns
@@ -92,19 +151,22 @@ pub async fn initialize_db_schema(client: &Client) -> Result<(), tokio_postgres:
)", )",
&[], &[],
) )
.await? .await;
let column_exists = Self::handle_db_error(result, "checking deprecated column")?
.get(0) .get(0)
.map(|row| row.get::<_, bool>(0)) .map(|row| row.get::<_, bool>(0))
.unwrap_or(false); .unwrap_or(false);
if !column_exists { if !column_exists {
info!("Adding deprecated column to existing keys table..."); info!("Adding deprecated column to existing keys table...");
client let result = self.client
.execute( .execute(
"ALTER TABLE public.keys ADD COLUMN deprecated BOOLEAN NOT NULL DEFAULT FALSE", "ALTER TABLE public.keys ADD COLUMN deprecated BOOLEAN NOT NULL DEFAULT FALSE",
&[], &[],
) )
.await?; .await;
Self::handle_db_error(result, "adding deprecated column")?;
info!("Migration completed: deprecated column added"); info!("Migration completed: deprecated column added");
} }
} }
@@ -113,7 +175,7 @@ pub async fn initialize_db_schema(client: &Client) -> Result<(), tokio_postgres:
} }
pub async fn batch_insert_keys( pub async fn batch_insert_keys(
client: &Client, &self,
keys: &[SshKey], keys: &[SshKey],
) -> Result<KeyInsertStats, tokio_postgres::Error> { ) -> Result<KeyInsertStats, tokio_postgres::Error> {
if keys.is_empty() { if keys.is_empty() {
@@ -136,7 +198,8 @@ pub async fn batch_insert_keys(
// First, check which keys already exist in the database (including deprecated status) // First, check which keys already exist in the database (including deprecated status)
let mut existing_keys = HashMap::new(); let mut existing_keys = HashMap::new();
let mut key_query = String::from("SELECT host, key, key_id, deprecated FROM public.keys WHERE "); let mut key_query =
String::from("SELECT host, key, key_id, deprecated FROM public.keys WHERE ");
for i in 0..keys.len() { for i in 0..keys.len() {
if i > 0 { if i > 0 {
@@ -152,7 +215,8 @@ pub async fn batch_insert_keys(
params.push(&key_values[i]); params.push(&key_values[i]);
} }
let rows = client.query(&key_query, &params[..]).await?; let result = self.client.query(&key_query, &params[..]).await;
let rows = Self::handle_db_error(result, "checking existing keys")?;
for row in rows { for row in rows {
let host: String = row.get(0); let host: String = row.get(0);
@@ -187,7 +251,8 @@ pub async fn batch_insert_keys(
// If there are keys to insert, perform the insertion // If there are keys to insert, perform the insertion
if !keys_to_insert.is_empty() { if !keys_to_insert.is_empty() {
let mut insert_sql = String::from("INSERT INTO public.keys (host, key, updated) VALUES "); let mut insert_sql =
String::from("INSERT INTO public.keys (host, key, updated) VALUES ");
let mut insert_params: Vec<&(dyn tokio_postgres::types::ToSql + Sync)> = Vec::new(); let mut insert_params: Vec<&(dyn tokio_postgres::types::ToSql + Sync)> = Vec::new();
let mut param_count = 1; let mut param_count = 1;
@@ -204,7 +269,8 @@ pub async fn batch_insert_keys(
insert_sql.push_str(" RETURNING key_id, host, key"); insert_sql.push_str(" RETURNING key_id, host, key");
let inserted_rows = client.query(&insert_sql, &insert_params[..]).await?; let result = self.client.query(&insert_sql, &insert_params[..]).await;
let inserted_rows = Self::handle_db_error(result, "inserting keys")?;
for row in inserted_rows { for row in inserted_rows {
let host: String = row.get(1); let host: String = row.get(1);
@@ -245,7 +311,7 @@ pub async fn batch_insert_keys(
} }
pub async fn batch_insert_flow_keys( pub async fn batch_insert_flow_keys(
client: &Client, &self,
flow_name: &str, flow_name: &str,
key_ids: &[i32], key_ids: &[i32],
) -> Result<usize, tokio_postgres::Error> { ) -> Result<usize, tokio_postgres::Error> {
@@ -273,7 +339,8 @@ pub async fn batch_insert_flow_keys(
params.push(key_id); params.push(key_id);
} }
let rows = client.query(&existing_query, &params[..]).await?; let result = self.client.query(&existing_query, &params[..]).await;
let rows = Self::handle_db_error(result, "checking existing flow associations")?;
let mut existing_associations = HashSet::new(); let mut existing_associations = HashSet::new();
for row in rows { for row in rows {
@@ -317,7 +384,8 @@ pub async fn batch_insert_flow_keys(
} }
// Execute query // Execute query
let affected = client.execute(&sql, &insert_params[..]).await?; let result = self.client.execute(&sql, &insert_params[..]).await;
let affected = Self::handle_db_error(result, "inserting flow associations")?;
let affected_usize = affected as usize; let affected_usize = affected as usize;
@@ -331,14 +399,54 @@ pub async fn batch_insert_flow_keys(
Ok(affected_usize) Ok(affected_usize)
} }
// Function to deprecate keys instead of deleting them pub async fn get_keys_from_db(
&self,
) -> Result<Vec<crate::server::Flow>, tokio_postgres::Error> {
let result = self.client.query(
"SELECT k.host, k.key, k.deprecated, f.name FROM public.keys k INNER JOIN public.flows f ON k.key_id = f.key_id",
&[]
).await;
let rows = Self::handle_db_error(result, "getting keys from database")?;
let mut flows_map: HashMap<String, crate::server::Flow> = HashMap::new();
for row in rows {
let host: String = row.get(0);
let key: String = row.get(1);
let deprecated: bool = row.get(2);
let flow: String = row.get(3);
let ssh_key = SshKey {
server: host,
public_key: key,
deprecated,
};
if let Some(flow_entry) = flows_map.get_mut(&flow) {
flow_entry.servers.push(ssh_key);
} else {
flows_map.insert(
flow.clone(),
crate::server::Flow {
name: flow,
servers: vec![ssh_key],
},
);
}
}
info!("Retrieved {} flows from database", flows_map.len());
Ok(flows_map.into_values().collect())
}
pub async fn deprecate_key_by_server( pub async fn deprecate_key_by_server(
client: &Client, &self,
server_name: &str, server_name: &str,
flow_name: &str, flow_name: &str,
) -> Result<u64, tokio_postgres::Error> { ) -> Result<u64, tokio_postgres::Error> {
// Update keys to deprecated status for the given server // Update keys to deprecated status for the given server
let affected = client let result = self
.client
.execute( .execute(
"UPDATE public.keys "UPDATE public.keys
SET deprecated = TRUE, updated = NOW() SET deprecated = TRUE, updated = NOW()
@@ -348,7 +456,8 @@ pub async fn deprecate_key_by_server(
)", )",
&[&server_name, &flow_name], &[&server_name, &flow_name],
) )
.await?; .await;
let affected = Self::handle_db_error(result, "deprecating key")?;
info!( info!(
"Deprecated {} key(s) for server '{}' in flow '{}'", "Deprecated {} key(s) for server '{}' in flow '{}'",
@@ -358,14 +467,79 @@ pub async fn deprecate_key_by_server(
Ok(affected) Ok(affected)
} }
// Function to restore deprecated key back to active pub async fn bulk_deprecate_keys_by_servers(
&self,
server_names: &[String],
flow_name: &str,
) -> Result<u64, tokio_postgres::Error> {
if server_names.is_empty() {
return Ok(0);
}
// Update keys to deprecated status for multiple servers in one query
let result = self
.client
.execute(
"UPDATE public.keys
SET deprecated = TRUE, updated = NOW()
WHERE host = ANY($1)
AND key_id IN (
SELECT key_id FROM public.flows WHERE name = $2
)",
&[&server_names, &flow_name],
)
.await;
let affected = Self::handle_db_error(result, "bulk deprecating keys")?;
info!(
"Bulk deprecated {} key(s) for {} servers in flow '{}'",
affected, server_names.len(), flow_name
);
Ok(affected)
}
pub async fn bulk_restore_keys_by_servers(
&self,
server_names: &[String],
flow_name: &str,
) -> Result<u64, tokio_postgres::Error> {
if server_names.is_empty() {
return Ok(0);
}
// Update keys to active status for multiple servers in one query
let result = self
.client
.execute(
"UPDATE public.keys
SET deprecated = FALSE, updated = NOW()
WHERE host = ANY($1)
AND deprecated = TRUE
AND key_id IN (
SELECT key_id FROM public.flows WHERE name = $2
)",
&[&server_names, &flow_name],
)
.await;
let affected = Self::handle_db_error(result, "bulk restoring keys")?;
info!(
"Bulk restored {} key(s) for {} servers in flow '{}'",
affected, server_names.len(), flow_name
);
Ok(affected)
}
pub async fn restore_key_by_server( pub async fn restore_key_by_server(
client: &Client, &self,
server_name: &str, server_name: &str,
flow_name: &str, flow_name: &str,
) -> Result<u64, tokio_postgres::Error> { ) -> Result<u64, tokio_postgres::Error> {
// Update keys to active status for the given server in the flow // Update keys to active status for the given server in the flow
let affected = client let result = self
.client
.execute( .execute(
"UPDATE public.keys "UPDATE public.keys
SET deprecated = FALSE, updated = NOW() SET deprecated = FALSE, updated = NOW()
@@ -376,7 +550,8 @@ pub async fn restore_key_by_server(
)", )",
&[&server_name, &flow_name], &[&server_name, &flow_name],
) )
.await?; .await;
let affected = Self::handle_db_error(result, "restoring key")?;
info!( info!(
"Restored {} key(s) for server '{}' in flow '{}'", "Restored {} key(s) for server '{}' in flow '{}'",
@@ -386,21 +561,22 @@ pub async fn restore_key_by_server(
Ok(affected) Ok(affected)
} }
// Function to permanently delete keys from database
pub async fn permanently_delete_key_by_server( pub async fn permanently_delete_key_by_server(
client: &Client, &self,
server_name: &str, server_name: &str,
flow_name: &str, flow_name: &str,
) -> Result<u64, tokio_postgres::Error> { ) -> Result<u64, tokio_postgres::Error> {
// First, find the key_ids for the given server in the flow // First, find the key_ids for the given server in the flow
let key_rows = client let result = self
.client
.query( .query(
"SELECT k.key_id FROM public.keys k "SELECT k.key_id FROM public.keys k
INNER JOIN public.flows f ON k.key_id = f.key_id INNER JOIN public.flows f ON k.key_id = f.key_id
WHERE k.host = $1 AND f.name = $2", WHERE k.host = $1 AND f.name = $2",
&[&server_name, &flow_name] &[&server_name, &flow_name],
) )
.await?; .await;
let key_rows = Self::handle_db_error(result, "finding keys to delete")?;
if key_rows.is_empty() { if key_rows.is_empty() {
return Ok(0); return Ok(0);
@@ -411,25 +587,28 @@ pub async fn permanently_delete_key_by_server(
// Delete flow associations first // Delete flow associations first
let mut flow_delete_count = 0; let mut flow_delete_count = 0;
for key_id in &key_ids { for key_id in &key_ids {
let deleted = client let result = self
.client
.execute( .execute(
"DELETE FROM public.flows WHERE name = $1 AND key_id = $2", "DELETE FROM public.flows WHERE name = $1 AND key_id = $2",
&[&flow_name, key_id], &[&flow_name, key_id],
) )
.await?; .await;
let deleted = Self::handle_db_error(result, "deleting flow association")?;
flow_delete_count += deleted; flow_delete_count += deleted;
} }
// Check if any of these keys are used in other flows // Check if any of these keys are used in other flows
let mut keys_to_delete = Vec::new(); let mut keys_to_delete = Vec::new();
for key_id in &key_ids { for key_id in &key_ids {
let count: i64 = client let result = self
.client
.query_one( .query_one(
"SELECT COUNT(*) FROM public.flows WHERE key_id = $1", "SELECT COUNT(*) FROM public.flows WHERE key_id = $1",
&[key_id], &[key_id],
) )
.await? .await;
.get(0); let count: i64 = Self::handle_db_error(result, "checking key references")?.get(0);
if count == 0 { if count == 0 {
keys_to_delete.push(*key_id); keys_to_delete.push(*key_id);
@@ -439,9 +618,11 @@ pub async fn permanently_delete_key_by_server(
// Permanently delete keys that are no longer referenced by any flow // Permanently delete keys that are no longer referenced by any flow
let mut total_deleted = 0; let mut total_deleted = 0;
for key_id in keys_to_delete { for key_id in keys_to_delete {
let deleted = client let result = self
.client
.execute("DELETE FROM public.keys WHERE key_id = $1", &[&key_id]) .execute("DELETE FROM public.keys WHERE key_id = $1", &[&key_id])
.await?; .await;
let deleted = Self::handle_db_error(result, "deleting key")?;
total_deleted += deleted; total_deleted += deleted;
} }
@@ -452,3 +633,139 @@ pub async fn permanently_delete_key_by_server(
Ok(std::cmp::max(flow_delete_count, total_deleted)) Ok(std::cmp::max(flow_delete_count, total_deleted))
} }
}
// Compatibility wrapper for transition
pub struct ReconnectingDbClient {
inner: Option<DbClient>,
}
impl ReconnectingDbClient {
pub fn new(_connection_string: String) -> Self {
Self { inner: None }
}
pub async fn connect(&mut self, connection_string: &str) -> Result<(), tokio_postgres::Error> {
let (client, connection) = DbClient::connect(connection_string).await?;
// Spawn connection handler that will exit on error
tokio::spawn(async move {
if let Err(e) = connection.await {
error!("Database connection error: {}", e);
error!("Exiting application due to database connection failure");
std::process::exit(1);
}
});
self.inner = Some(client);
Ok(())
}
pub async fn initialize_schema(&self) -> Result<(), tokio_postgres::Error> {
match &self.inner {
Some(client) => client.initialize_schema().await,
None => panic!("Database client not initialized"),
}
}
pub async fn batch_insert_keys_reconnecting(
&self,
keys: Vec<SshKey>,
) -> Result<KeyInsertStats, tokio_postgres::Error> {
match &self.inner {
Some(client) => client.batch_insert_keys(&keys).await,
None => panic!("Database client not initialized"),
}
}
pub async fn batch_insert_flow_keys_reconnecting(
&self,
flow_name: String,
key_ids: Vec<i32>,
) -> Result<usize, tokio_postgres::Error> {
match &self.inner {
Some(client) => client.batch_insert_flow_keys(&flow_name, &key_ids).await,
None => panic!("Database client not initialized"),
}
}
pub async fn get_keys_from_db_reconnecting(
&self,
) -> Result<Vec<crate::server::Flow>, tokio_postgres::Error> {
match &self.inner {
Some(client) => client.get_keys_from_db().await,
None => panic!("Database client not initialized"),
}
}
pub async fn deprecate_key_by_server_reconnecting(
&self,
server_name: String,
flow_name: String,
) -> Result<u64, tokio_postgres::Error> {
match &self.inner {
Some(client) => {
client
.deprecate_key_by_server(&server_name, &flow_name)
.await
}
None => panic!("Database client not initialized"),
}
}
pub async fn bulk_deprecate_keys_by_servers_reconnecting(
&self,
server_names: Vec<String>,
flow_name: String,
) -> Result<u64, tokio_postgres::Error> {
match &self.inner {
Some(client) => {
client
.bulk_deprecate_keys_by_servers(&server_names, &flow_name)
.await
}
None => panic!("Database client not initialized"),
}
}
pub async fn bulk_restore_keys_by_servers_reconnecting(
&self,
server_names: Vec<String>,
flow_name: String,
) -> Result<u64, tokio_postgres::Error> {
match &self.inner {
Some(client) => {
client
.bulk_restore_keys_by_servers(&server_names, &flow_name)
.await
}
None => panic!("Database client not initialized"),
}
}
pub async fn restore_key_by_server_reconnecting(
&self,
server_name: String,
flow_name: String,
) -> Result<u64, tokio_postgres::Error> {
match &self.inner {
Some(client) => client.restore_key_by_server(&server_name, &flow_name).await,
None => panic!("Database client not initialized"),
}
}
pub async fn permanently_delete_key_by_server_reconnecting(
&self,
server_name: String,
flow_name: String,
) -> Result<u64, tokio_postgres::Error> {
match &self.inner {
Some(client) => {
client
.permanently_delete_key_by_server(&server_name, &flow_name)
.await
}
None => panic!("Database client not initialized"),
}
}
}

26
src/main.rs
View File

@@ -22,7 +22,7 @@ use log::{error, info};
khm --server --ip 0.0.0.0 --port 1337 --db-host psql.psql.svc --db-name khm --db-user admin --db-password <SECRET> --flows work,home\n\ khm --server --ip 0.0.0.0 --port 1337 --db-host psql.psql.svc --db-name khm --db-user admin --db-password <SECRET> --flows work,home\n\
\n\ \n\
Running in client mode to send diff and sync ~/.ssh/known_hosts with remote flow `work` in place:\n\ Running in client mode to send diff and sync ~/.ssh/known_hosts with remote flow `work` in place:\n\
khm --host https://khm.example.com/work --known-hosts ~/.ssh/known_hosts --in-place\n\ khm --host https://khm.example.com --flow work --known-hosts ~/.ssh/known_hosts --in-place\n\
\n\ \n\
" "
)] )]
@@ -96,10 +96,18 @@ struct Args {
#[arg( #[arg(
long, long,
required_if_eq("server", "false"), required_if_eq("server", "false"),
help = "Client mode: Full host address of the server to connect to. Like https://khm.example.com/<FLOW_NAME>" help = "Client mode: Full host address of the server to connect to. Like https://khm.example.com"
)] )]
host: Option<String>, host: Option<String>,
/// Flow name to use on the server
#[arg(
long,
required_if_eq("server", "false"),
help = "Client mode: Flow name to use on the server"
)]
flow: Option<String>,
/// Path to the known_hosts file (default: ~/.ssh/known_hosts) /// Path to the known_hosts file (default: ~/.ssh/known_hosts)
#[arg( #[arg(
long, long,
@@ -121,13 +129,19 @@ async fn main() -> std::io::Result<()> {
let args = Args::parse(); let args = Args::parse();
// Check if we have the minimum required arguments // Check if we have the minimum required arguments
if !args.server && args.host.is_none() { if !args.server && (args.host.is_none() || args.flow.is_none()) {
// Neither server mode nor client mode properly configured // Neither server mode nor client mode properly configured
eprintln!("Error: You must specify either server mode (--server) or client mode (--host)"); eprintln!("Error: You must specify either server mode (--server) or client mode (--host and --flow)");
eprintln!(); eprintln!();
eprintln!("Examples:"); eprintln!("Examples:");
eprintln!(" Server mode: {} --server --db-user admin --db-password pass --flows work,home", env!("CARGO_PKG_NAME")); eprintln!(
eprintln!(" Client mode: {} --host https://khm.example.com/work", env!("CARGO_PKG_NAME")); " Server mode: {} --server --db-user admin --db-password pass --flows work,home",
env!("CARGO_PKG_NAME")
);
eprintln!(
" Client mode: {} --host https://khm.example.com --flow work",
env!("CARGO_PKG_NAME")
);
eprintln!(); eprintln!();
eprintln!("Use --help for more information."); eprintln!("Use --help for more information.");
std::process::exit(1); std::process::exit(1);

129
src/server.rs
View File

@@ -2,11 +2,9 @@ use actix_web::{web, App, HttpRequest, HttpResponse, HttpServer, Responder};
use log::{error, info}; use log::{error, info};
use regex::Regex; use regex::Regex;
use serde::{Deserialize, Serialize}; use serde::{Deserialize, Serialize};
use std::collections::HashMap;
use std::sync::{Arc, Mutex}; use std::sync::{Arc, Mutex};
use tokio_postgres::{Client, NoTls};
use crate::db; use crate::db::ReconnectingDbClient;
#[derive(Serialize, Deserialize, Clone, Debug)] #[derive(Serialize, Deserialize, Clone, Debug)]
pub struct SshKey { pub struct SshKey {
@@ -37,43 +35,6 @@ pub fn is_valid_ssh_key(key: &str) -> bool {
|| ed25519_re.is_match(key) || ed25519_re.is_match(key)
} }
pub async fn get_keys_from_db(client: &Client) -> Result<Vec<Flow>, tokio_postgres::Error> {
let rows = client.query(
"SELECT k.host, k.key, k.deprecated, f.name FROM public.keys k INNER JOIN public.flows f ON k.key_id = f.key_id",
&[]
).await?;
let mut flows_map: HashMap<String, Flow> = HashMap::new();
for row in rows {
let host: String = row.get(0);
let key: String = row.get(1);
let deprecated: bool = row.get(2);
let flow: String = row.get(3);
let ssh_key = SshKey {
server: host,
public_key: key,
deprecated,
};
if let Some(flow_entry) = flows_map.get_mut(&flow) {
flow_entry.servers.push(ssh_key);
} else {
flows_map.insert(
flow.clone(),
Flow {
name: flow,
servers: vec![ssh_key],
},
);
}
}
info!("Retrieved {} flows from database", flows_map.len());
Ok(flows_map.into_values().collect())
}
// Extract client hostname from request headers // Extract client hostname from request headers
fn get_client_hostname(req: &HttpRequest) -> String { fn get_client_hostname(req: &HttpRequest) -> String {
if let Some(hostname) = req.headers().get("X-Client-Hostname") { if let Some(hostname) = req.headers().get("X-Client-Hostname") {
@@ -89,6 +50,7 @@ pub async fn get_keys(
flow_id: web::Path<String>, flow_id: web::Path<String>,
allowed_flows: web::Data<Vec<String>>, allowed_flows: web::Data<Vec<String>>,
req: HttpRequest, req: HttpRequest,
query: web::Query<std::collections::HashMap<String, String>>,
) -> impl Responder { ) -> impl Responder {
let client_hostname = get_client_hostname(&req); let client_hostname = get_client_hostname(&req);
let flow_id_str = flow_id.into_inner(); let flow_id_str = flow_id.into_inner();
@@ -108,10 +70,25 @@ pub async fn get_keys(
let flows = flows.lock().unwrap(); let flows = flows.lock().unwrap();
if let Some(flow) = flows.iter().find(|flow| flow.name == flow_id_str) { if let Some(flow) = flows.iter().find(|flow| flow.name == flow_id_str) {
let servers: Vec<&SshKey> = flow.servers.iter().collect(); // Check if we should include deprecated keys (default: false for CLI clients)
let include_deprecated = query
.get("include_deprecated")
.map(|v| v == "true")
.unwrap_or(false);
let servers: Vec<&SshKey> = if include_deprecated {
// Return all keys (for web interface)
flow.servers.iter().collect()
} else {
// Return only active keys (for CLI clients)
flow.servers.iter().filter(|key| !key.deprecated).collect()
};
info!( info!(
"Returning {} keys for flow '{}' to client '{}'", "Returning {} keys ({} total, deprecated filtered: {}) for flow '{}' to client '{}'",
servers.len(), servers.len(),
flow.servers.len(),
!include_deprecated,
flow_id_str, flow_id_str,
client_hostname client_hostname
); );
@@ -129,7 +106,7 @@ pub async fn add_keys(
flows: web::Data<Flows>, flows: web::Data<Flows>,
flow_id: web::Path<String>, flow_id: web::Path<String>,
new_keys: web::Json<Vec<SshKey>>, new_keys: web::Json<Vec<SshKey>>,
db_client: web::Data<Arc<Client>>, db_client: web::Data<Arc<ReconnectingDbClient>>,
allowed_flows: web::Data<Vec<String>>, allowed_flows: web::Data<Vec<String>>,
req: HttpRequest, req: HttpRequest,
) -> impl Responder { ) -> impl Responder {
@@ -175,7 +152,10 @@ pub async fn add_keys(
); );
// Batch insert keys with statistics // Batch insert keys with statistics
let key_stats = match crate::db::batch_insert_keys(&db_client, &valid_keys).await { let key_stats = match db_client
.batch_insert_keys_reconnecting(valid_keys.clone())
.await
{
Ok(stats) => stats, Ok(stats) => stats,
Err(e) => { Err(e) => {
error!( error!(
@@ -193,7 +173,9 @@ pub async fn add_keys(
let key_ids: Vec<i32> = key_stats.key_id_map.iter().map(|(_, id)| *id).collect(); let key_ids: Vec<i32> = key_stats.key_id_map.iter().map(|(_, id)| *id).collect();
// Batch insert key-flow associations // Batch insert key-flow associations
if let Err(e) = crate::db::batch_insert_flow_keys(&db_client, &flow_id_str, &key_ids).await if let Err(e) = db_client
.batch_insert_flow_keys_reconnecting(flow_id_str.clone(), key_ids.clone())
.await
{ {
error!( error!(
"Failed to batch insert flow keys from client '{}' into database: {}", "Failed to batch insert flow keys from client '{}' into database: {}",
@@ -217,7 +199,7 @@ pub async fn add_keys(
} }
// Get updated data // Get updated data
let updated_flows = match get_keys_from_db(&db_client).await { let updated_flows = match db_client.get_keys_from_db_reconnecting().await {
Ok(flows) => flows, Ok(flows) => flows,
Err(e) => { Err(e) => {
error!( error!(
@@ -272,28 +254,22 @@ pub async fn run_server(args: crate::Args) -> std::io::Result<()> {
args.db_host, db_user, db_password, args.db_name args.db_host, db_user, db_password, args.db_name
); );
info!("Connecting to database at {}", args.db_host); info!("Creating database client for {}", args.db_host);
let (db_client, connection) = match tokio_postgres::connect(&db_conn_str, NoTls).await { let mut db_client_temp = ReconnectingDbClient::new(db_conn_str.clone());
Ok((client, conn)) => (client, conn),
Err(e) => { // Initial connection
if let Err(e) = db_client_temp.connect(&db_conn_str).await {
error!("Failed to connect to the database: {}", e); error!("Failed to connect to the database: {}", e);
return Err(std::io::Error::new( return Err(std::io::Error::new(
std::io::ErrorKind::ConnectionRefused, std::io::ErrorKind::ConnectionRefused,
format!("Database connection error: {}", e), format!("Database connection error: {}", e),
)); ));
} }
};
let db_client = Arc::new(db_client);
// Spawn a new thread to run the database connection let db_client = Arc::new(db_client_temp);
tokio::spawn(async move {
if let Err(e) = connection.await {
error!("Connection error: {}", e);
}
});
// Initialize database schema if needed // Initialize database schema if needed
if let Err(e) = db::initialize_db_schema(&db_client).await { if let Err(e) = db_client.initialize_schema().await {
error!("Failed to initialize database schema: {}", e); error!("Failed to initialize database schema: {}", e);
return Err(std::io::Error::new( return Err(std::io::Error::new(
std::io::ErrorKind::Other, std::io::ErrorKind::Other,
@@ -301,7 +277,7 @@ pub async fn run_server(args: crate::Args) -> std::io::Result<()> {
)); ));
} }
let mut initial_flows = match get_keys_from_db(&db_client).await { let mut initial_flows = match db_client.get_keys_from_db_reconnecting().await {
Ok(flows) => flows, Ok(flows) => flows,
Err(e) => { Err(e) => {
error!("Failed to get initial flows from database: {}", e); error!("Failed to get initial flows from database: {}", e);
@@ -329,16 +305,41 @@ pub async fn run_server(args: crate::Args) -> std::io::Result<()> {
.app_data(web::Data::new(db_client.clone())) .app_data(web::Data::new(db_client.clone()))
.app_data(allowed_flows.clone()) .app_data(allowed_flows.clone())
// API routes // API routes
.route("/api/version", web::get().to(crate::web::get_version_api))
.route("/api/flows", web::get().to(crate::web::get_flows_api)) .route("/api/flows", web::get().to(crate::web::get_flows_api))
.route("/{flow_id}/keys/{server}", web::delete().to(crate::web::delete_key_by_server)) .route(
.route("/{flow_id}/keys/{server}/restore", web::post().to(crate::web::restore_key_by_server)) "/{flow_id}/scan-dns",
.route("/{flow_id}/keys/{server}/delete", web::delete().to(crate::web::permanently_delete_key_by_server)) web::post().to(crate::web::scan_dns_resolution),
)
.route(
"/{flow_id}/bulk-deprecate",
web::post().to(crate::web::bulk_deprecate_servers),
)
.route(
"/{flow_id}/bulk-restore",
web::post().to(crate::web::bulk_restore_servers),
)
.route(
"/{flow_id}/keys/{server}",
web::delete().to(crate::web::delete_key_by_server),
)
.route(
"/{flow_id}/keys/{server}/restore",
web::post().to(crate::web::restore_key_by_server),
)
.route(
"/{flow_id}/keys/{server}/delete",
web::delete().to(crate::web::permanently_delete_key_by_server),
)
// Original API routes // Original API routes
.route("/{flow_id}/keys", web::get().to(get_keys)) .route("/{flow_id}/keys", web::get().to(get_keys))
.route("/{flow_id}/keys", web::post().to(add_keys)) .route("/{flow_id}/keys", web::post().to(add_keys))
// Web interface routes // Web interface routes
.route("/", web::get().to(crate::web::serve_web_interface)) .route("/", web::get().to(crate::web::serve_web_interface))
.route("/static/{filename:.*}", web::get().to(crate::web::serve_static_file)) .route(
"/static/{filename:.*}",
web::get().to(crate::web::serve_static_file),
)
}) })
.bind((args.ip.as_str(), args.port))? .bind((args.ip.as_str(), args.port))?
.run() .run()

326
src/web.rs
View File

@@ -2,30 +2,266 @@ use actix_web::{web, HttpResponse, Result};
use log::info; use log::info;
use rust_embed::RustEmbed; use rust_embed::RustEmbed;
use serde_json::json; use serde_json::json;
use tokio_postgres::Client; use std::sync::Arc;
use trust_dns_resolver::TokioAsyncResolver;
use trust_dns_resolver::config::*;
use serde::{Deserialize, Serialize};
use futures::future;
use tokio::sync::Semaphore;
use tokio::time::{timeout, Duration};
use crate::server::{get_keys_from_db, Flows}; use crate::db::ReconnectingDbClient;
use crate::server::Flows;
#[derive(RustEmbed)] #[derive(RustEmbed)]
#[folder = "static/"] #[folder = "static/"]
struct StaticAssets; struct StaticAssets;
#[derive(Serialize, Deserialize, Debug)]
pub struct DnsResolutionResult {
pub server: String,
pub resolved: bool,
pub error: Option<String>,
}
#[derive(Serialize, Deserialize, Debug)]
pub struct BulkDeprecateRequest {
pub servers: Vec<String>,
}
async fn check_dns_resolution(hostname: String, semaphore: Arc<Semaphore>) -> DnsResolutionResult {
let _permit = match semaphore.acquire().await {
Ok(permit) => permit,
Err(_) => {
return DnsResolutionResult {
server: hostname,
resolved: false,
error: Some("Failed to acquire semaphore".to_string()),
};
}
};
let resolver = TokioAsyncResolver::tokio(
ResolverConfig::default(),
ResolverOpts::default(),
);
let lookup_result = timeout(Duration::from_secs(5), resolver.lookup_ip(&hostname)).await;
match lookup_result {
Ok(Ok(_)) => DnsResolutionResult {
server: hostname,
resolved: true,
error: None,
},
Ok(Err(e)) => DnsResolutionResult {
server: hostname,
resolved: false,
error: Some(e.to_string()),
},
Err(_) => DnsResolutionResult {
server: hostname,
resolved: false,
error: Some("DNS lookup timeout (5s)".to_string()),
},
}
}
// API endpoint to get application version
pub async fn get_version_api() -> Result<HttpResponse> {
Ok(HttpResponse::Ok().json(json!({
"version": env!("CARGO_PKG_VERSION")
})))
}
// API endpoint to get list of available flows // API endpoint to get list of available flows
pub async fn get_flows_api(allowed_flows: web::Data<Vec<String>>) -> Result<HttpResponse> { pub async fn get_flows_api(allowed_flows: web::Data<Vec<String>>) -> Result<HttpResponse> {
info!("API request for available flows"); info!("API request for available flows");
Ok(HttpResponse::Ok().json(&**allowed_flows)) Ok(HttpResponse::Ok().json(&**allowed_flows))
} }
// API endpoint to scan DNS resolution for all hosts in a flow
pub async fn scan_dns_resolution(
flows: web::Data<Flows>,
path: web::Path<String>,
allowed_flows: web::Data<Vec<String>>,
) -> Result<HttpResponse> {
let flow_id_str = path.into_inner();
info!("API request to scan DNS resolution for flow '{}'" , flow_id_str);
if !allowed_flows.contains(&flow_id_str) {
return Ok(HttpResponse::Forbidden().json(json!({
"error": "Flow ID not allowed"
})));
}
let flows_guard = flows.lock().unwrap();
let flow = match flows_guard.iter().find(|flow| flow.name == flow_id_str) {
Some(flow) => flow,
None => {
return Ok(HttpResponse::NotFound().json(json!({
"error": "Flow ID not found"
})));
}
};
// Get unique hostnames
let mut hostnames: std::collections::HashSet<String> = std::collections::HashSet::new();
for key in &flow.servers {
hostnames.insert(key.server.clone());
}
drop(flows_guard);
info!("Scanning DNS resolution for {} unique hosts", hostnames.len());
// Limit concurrent DNS requests to prevent "too many open files" error
let semaphore = Arc::new(Semaphore::new(20));
// Scan all hostnames concurrently with rate limiting
let mut scan_futures = Vec::new();
for hostname in hostnames {
scan_futures.push(check_dns_resolution(hostname, semaphore.clone()));
}
let results = future::join_all(scan_futures).await;
let unresolved_count = results.iter().filter(|r| !r.resolved).count();
info!("DNS scan complete: {} unresolved out of {} hosts", unresolved_count, results.len());
Ok(HttpResponse::Ok().json(json!({
"results": results,
"total": results.len(),
"unresolved": unresolved_count
})))
}
// API endpoint to bulk deprecate multiple servers
pub async fn bulk_deprecate_servers(
flows: web::Data<Flows>,
path: web::Path<String>,
request: web::Json<BulkDeprecateRequest>,
db_client: web::Data<Arc<ReconnectingDbClient>>,
allowed_flows: web::Data<Vec<String>>,
) -> Result<HttpResponse> {
let flow_id_str = path.into_inner();
info!("API request to bulk deprecate {} servers in flow '{}'", request.servers.len(), flow_id_str);
if !allowed_flows.contains(&flow_id_str) {
return Ok(HttpResponse::Forbidden().json(json!({
"error": "Flow ID not allowed"
})));
}
// Use single bulk operation instead of loop
let total_deprecated = match db_client
.bulk_deprecate_keys_by_servers_reconnecting(request.servers.clone(), flow_id_str.clone())
.await
{
Ok(count) => {
info!("Bulk deprecated {} key(s) for {} servers", count, request.servers.len());
count
}
Err(e) => {
return Ok(HttpResponse::InternalServerError().json(json!({
"error": format!("Failed to bulk deprecate keys: {}", e)
})));
}
};
// Refresh the in-memory flows
let updated_flows = match db_client.get_keys_from_db_reconnecting().await {
Ok(flows) => flows,
Err(e) => {
return Ok(HttpResponse::InternalServerError().json(json!({
"error": format!("Failed to refresh flows: {}", e)
})));
}
};
let mut flows_guard = flows.lock().unwrap();
*flows_guard = updated_flows;
let response = json!({
"message": format!("Successfully deprecated {} key(s) for {} server(s)", total_deprecated, request.servers.len()),
"deprecated_count": total_deprecated,
"servers_processed": request.servers.len()
});
Ok(HttpResponse::Ok().json(response))
}
// API endpoint to bulk restore multiple servers
pub async fn bulk_restore_servers(
flows: web::Data<Flows>,
path: web::Path<String>,
request: web::Json<BulkDeprecateRequest>,
db_client: web::Data<Arc<ReconnectingDbClient>>,
allowed_flows: web::Data<Vec<String>>,
) -> Result<HttpResponse> {
let flow_id_str = path.into_inner();
info!("API request to bulk restore {} servers in flow '{}'", request.servers.len(), flow_id_str);
if !allowed_flows.contains(&flow_id_str) {
return Ok(HttpResponse::Forbidden().json(json!({
"error": "Flow ID not allowed"
})));
}
// Use single bulk operation
let total_restored = match db_client
.bulk_restore_keys_by_servers_reconnecting(request.servers.clone(), flow_id_str.clone())
.await
{
Ok(count) => {
info!("Bulk restored {} key(s) for {} servers", count, request.servers.len());
count
}
Err(e) => {
return Ok(HttpResponse::InternalServerError().json(json!({
"error": format!("Failed to bulk restore keys: {}", e)
})));
}
};
// Refresh the in-memory flows
let updated_flows = match db_client.get_keys_from_db_reconnecting().await {
Ok(flows) => flows,
Err(e) => {
return Ok(HttpResponse::InternalServerError().json(json!({
"error": format!("Failed to refresh flows: {}", e)
})));
}
};
let mut flows_guard = flows.lock().unwrap();
*flows_guard = updated_flows;
let response = json!({
"message": format!("Successfully restored {} key(s) for {} server(s)", total_restored, request.servers.len()),
"restored_count": total_restored,
"servers_processed": request.servers.len()
});
Ok(HttpResponse::Ok().json(response))
}
// API endpoint to deprecate a specific key by server name // API endpoint to deprecate a specific key by server name
pub async fn delete_key_by_server( pub async fn delete_key_by_server(
flows: web::Data<Flows>, flows: web::Data<Flows>,
path: web::Path<(String, String)>, path: web::Path<(String, String)>,
db_client: web::Data<std::sync::Arc<Client>>, db_client: web::Data<Arc<ReconnectingDbClient>>,
allowed_flows: web::Data<Vec<String>>, allowed_flows: web::Data<Vec<String>>,
) -> Result<HttpResponse> { ) -> Result<HttpResponse> {
let (flow_id_str, server_name) = path.into_inner(); let (flow_id_str, server_name) = path.into_inner();
info!("API request to deprecate key for server '{}' in flow '{}'", server_name, flow_id_str); info!(
"API request to deprecate key for server '{}' in flow '{}'",
server_name, flow_id_str
);
if !allowed_flows.contains(&flow_id_str) { if !allowed_flows.contains(&flow_id_str) {
return Ok(HttpResponse::Forbidden().json(json!({ return Ok(HttpResponse::Forbidden().json(json!({
@@ -34,13 +270,19 @@ pub async fn delete_key_by_server(
} }
// Deprecate in database // Deprecate in database
match crate::db::deprecate_key_by_server(&db_client, &server_name, &flow_id_str).await { match db_client
.deprecate_key_by_server_reconnecting(server_name.clone(), flow_id_str.clone())
.await
{
Ok(deprecated_count) => { Ok(deprecated_count) => {
if deprecated_count > 0 { if deprecated_count > 0 {
info!("Deprecated {} key(s) for server '{}' in flow '{}'", deprecated_count, server_name, flow_id_str); info!(
"Deprecated {} key(s) for server '{}' in flow '{}'",
deprecated_count, server_name, flow_id_str
);
// Refresh the in-memory flows // Refresh the in-memory flows
let updated_flows = match get_keys_from_db(&db_client).await { let updated_flows = match db_client.get_keys_from_db_reconnecting().await {
Ok(flows) => flows, Ok(flows) => flows,
Err(e) => { Err(e) => {
return Ok(HttpResponse::InternalServerError().json(json!({ return Ok(HttpResponse::InternalServerError().json(json!({
@@ -62,11 +304,9 @@ pub async fn delete_key_by_server(
}))) })))
} }
} }
Err(e) => { Err(e) => Ok(HttpResponse::InternalServerError().json(json!({
Ok(HttpResponse::InternalServerError().json(json!({
"error": format!("Failed to deprecate key: {}", e) "error": format!("Failed to deprecate key: {}", e)
}))) }))),
}
} }
} }
@@ -74,12 +314,15 @@ pub async fn delete_key_by_server(
pub async fn restore_key_by_server( pub async fn restore_key_by_server(
flows: web::Data<Flows>, flows: web::Data<Flows>,
path: web::Path<(String, String)>, path: web::Path<(String, String)>,
db_client: web::Data<std::sync::Arc<Client>>, db_client: web::Data<Arc<ReconnectingDbClient>>,
allowed_flows: web::Data<Vec<String>>, allowed_flows: web::Data<Vec<String>>,
) -> Result<HttpResponse> { ) -> Result<HttpResponse> {
let (flow_id_str, server_name) = path.into_inner(); let (flow_id_str, server_name) = path.into_inner();
info!("API request to restore key for server '{}' in flow '{}'", server_name, flow_id_str); info!(
"API request to restore key for server '{}' in flow '{}'",
server_name, flow_id_str
);
if !allowed_flows.contains(&flow_id_str) { if !allowed_flows.contains(&flow_id_str) {
return Ok(HttpResponse::Forbidden().json(json!({ return Ok(HttpResponse::Forbidden().json(json!({
@@ -88,13 +331,19 @@ pub async fn restore_key_by_server(
} }
// Restore in database // Restore in database
match crate::db::restore_key_by_server(&db_client, &server_name, &flow_id_str).await { match db_client
.restore_key_by_server_reconnecting(server_name.clone(), flow_id_str.clone())
.await
{
Ok(restored_count) => { Ok(restored_count) => {
if restored_count > 0 { if restored_count > 0 {
info!("Restored {} key(s) for server '{}' in flow '{}'", restored_count, server_name, flow_id_str); info!(
"Restored {} key(s) for server '{}' in flow '{}'",
restored_count, server_name, flow_id_str
);
// Refresh the in-memory flows // Refresh the in-memory flows
let updated_flows = match get_keys_from_db(&db_client).await { let updated_flows = match db_client.get_keys_from_db_reconnecting().await {
Ok(flows) => flows, Ok(flows) => flows,
Err(e) => { Err(e) => {
return Ok(HttpResponse::InternalServerError().json(json!({ return Ok(HttpResponse::InternalServerError().json(json!({
@@ -116,11 +365,9 @@ pub async fn restore_key_by_server(
}))) })))
} }
} }
Err(e) => { Err(e) => Ok(HttpResponse::InternalServerError().json(json!({
Ok(HttpResponse::InternalServerError().json(json!({
"error": format!("Failed to restore key: {}", e) "error": format!("Failed to restore key: {}", e)
}))) }))),
}
} }
} }
@@ -128,12 +375,15 @@ pub async fn restore_key_by_server(
pub async fn permanently_delete_key_by_server( pub async fn permanently_delete_key_by_server(
flows: web::Data<Flows>, flows: web::Data<Flows>,
path: web::Path<(String, String)>, path: web::Path<(String, String)>,
db_client: web::Data<std::sync::Arc<Client>>, db_client: web::Data<Arc<ReconnectingDbClient>>,
allowed_flows: web::Data<Vec<String>>, allowed_flows: web::Data<Vec<String>>,
) -> Result<HttpResponse> { ) -> Result<HttpResponse> {
let (flow_id_str, server_name) = path.into_inner(); let (flow_id_str, server_name) = path.into_inner();
info!("API request to permanently delete key for server '{}' in flow '{}'", server_name, flow_id_str); info!(
"API request to permanently delete key for server '{}' in flow '{}'",
server_name, flow_id_str
);
if !allowed_flows.contains(&flow_id_str) { if !allowed_flows.contains(&flow_id_str) {
return Ok(HttpResponse::Forbidden().json(json!({ return Ok(HttpResponse::Forbidden().json(json!({
@@ -142,13 +392,19 @@ pub async fn permanently_delete_key_by_server(
} }
// Permanently delete from database // Permanently delete from database
match crate::db::permanently_delete_key_by_server(&db_client, &server_name, &flow_id_str).await { match db_client
.permanently_delete_key_by_server_reconnecting(server_name.clone(), flow_id_str.clone())
.await
{
Ok(deleted_count) => { Ok(deleted_count) => {
if deleted_count > 0 { if deleted_count > 0 {
info!("Permanently deleted {} key(s) for server '{}' in flow '{}'", deleted_count, server_name, flow_id_str); info!(
"Permanently deleted {} key(s) for server '{}' in flow '{}'",
deleted_count, server_name, flow_id_str
);
// Refresh the in-memory flows // Refresh the in-memory flows
let updated_flows = match get_keys_from_db(&db_client).await { let updated_flows = match db_client.get_keys_from_db_reconnecting().await {
Ok(flows) => flows, Ok(flows) => flows,
Err(e) => { Err(e) => {
return Ok(HttpResponse::InternalServerError().json(json!({ return Ok(HttpResponse::InternalServerError().json(json!({
@@ -170,11 +426,9 @@ pub async fn permanently_delete_key_by_server(
}))) })))
} }
} }
Err(e) => { Err(e) => Ok(HttpResponse::InternalServerError().json(json!({
Ok(HttpResponse::InternalServerError().json(json!({
"error": format!("Failed to delete key: {}", e) "error": format!("Failed to delete key: {}", e)
}))) }))),
}
} }
} }
@@ -201,22 +455,16 @@ pub async fn serve_static_file(path: web::Path<String>) -> Result<HttpResponse>
.content_type(content_type) .content_type(content_type)
.body(content.data.as_ref().to_vec())) .body(content.data.as_ref().to_vec()))
} }
None => { None => Ok(HttpResponse::NotFound().body(format!("File not found: {}", file_path))),
Ok(HttpResponse::NotFound().body(format!("File not found: {}", file_path)))
}
} }
} }
// Serve the main web interface from embedded assets // Serve the main web interface from embedded assets
pub async fn serve_web_interface() -> Result<HttpResponse> { pub async fn serve_web_interface() -> Result<HttpResponse> {
match StaticAssets::get("index.html") { match StaticAssets::get("index.html") {
Some(content) => { Some(content) => Ok(HttpResponse::Ok()
Ok(HttpResponse::Ok()
.content_type("text/html; charset=utf-8") .content_type("text/html; charset=utf-8")
.body(content.data.as_ref().to_vec())) .body(content.data.as_ref().to_vec())),
} None => Ok(HttpResponse::NotFound().body("Web interface not found")),
None => {
Ok(HttpResponse::NotFound().body("Web interface not found"))
}
} }
} }

49
static/index.html
View File

@@ -10,7 +10,10 @@
<body> <body>
<div class="container"> <div class="container">
<header> <header>
<div class="header-title">
<h1>SSH Key Manager</h1> <h1>SSH Key Manager</h1>
<span class="version" id="appVersion">Loading...</span>
</div>
<div class="flow-selector"> <div class="flow-selector">
<label for="flowSelect">Flow:</label> <label for="flowSelect">Flow:</label>
<select id="flowSelect"> <select id="flowSelect">
@@ -26,6 +29,14 @@
<span class="stat-value" id="totalKeys">0</span> <span class="stat-value" id="totalKeys">0</span>
<span class="stat-label">Total Keys</span> <span class="stat-label">Total Keys</span>
</div> </div>
<div class="stat-item">
<span class="stat-value" id="activeKeys">0</span>
<span class="stat-label">Active Keys</span>
</div>
<div class="stat-item">
<span class="stat-value deprecated" id="deprecatedKeys">0</span>
<span class="stat-label">Deprecated Keys</span>
</div>
<div class="stat-item"> <div class="stat-item">
<span class="stat-value" id="uniqueServers">0</span> <span class="stat-value" id="uniqueServers">0</span>
<span class="stat-label">Unique Servers</span> <span class="stat-label">Unique Servers</span>
@@ -34,8 +45,18 @@
<div class="actions-panel"> <div class="actions-panel">
<button id="addKeyBtn" class="btn btn-primary">Add SSH Key</button> <button id="addKeyBtn" class="btn btn-primary">Add SSH Key</button>
<button id="scanDnsBtn" class="btn btn-secondary">Scan DNS Resolution</button>
<button id="bulkDeleteBtn" class="btn btn-danger" disabled>Deprecate Selected</button> <button id="bulkDeleteBtn" class="btn btn-danger" disabled>Deprecate Selected</button>
<button id="bulkRestoreBtn" class="btn btn-success" disabled style="display: none;">Restore Selected</button>
<button id="bulkPermanentDeleteBtn" class="btn btn-danger" disabled style="display: none;">Delete Selected</button> <button id="bulkPermanentDeleteBtn" class="btn btn-danger" disabled style="display: none;">Delete Selected</button>
<div class="filter-controls">
<label class="filter-label">
<input type="checkbox" id="showDeprecatedOnly">
<span>Show only deprecated keys</span>
</label>
</div>
<div class="search-box"> <div class="search-box">
<input type="text" id="searchInput" placeholder="Search servers or keys..."> <input type="text" id="searchInput" placeholder="Search servers or keys...">
</div> </div>
@@ -48,9 +69,9 @@
<th> <th>
<input type="checkbox" id="selectAll"> <input type="checkbox" id="selectAll">
</th> </th>
<th>Server</th> <th>Server/Type</th>
<th>Key Type</th>
<th>Key Preview</th> <th>Key Preview</th>
<th></th>
<th>Actions</th> <th>Actions</th>
</tr> </tr>
</thead> </thead>
@@ -121,6 +142,30 @@
</div> </div>
</div> </div>
<!-- DNS Scan Results Modal -->
<div id="dnsScanModal" class="modal">
<div class="modal-content modal-large">
<div class="modal-header">
<h2>DNS Resolution Scan Results</h2>
<span class="close">&times;</span>
</div>
<div class="modal-body">
<div id="dnsScanStats" class="scan-stats"></div>
<div id="unresolvedHosts" class="unresolved-hosts">
<div class="section-header">
<h3>Unresolved Hosts</h3>
<button id="selectAllUnresolved" class="btn btn-sm btn-secondary">Select All</button>
</div>
<div id="unresolvedList" class="host-list"></div>
</div>
<div class="form-actions">
<button type="button" class="btn btn-secondary" id="closeDnsScan">Close</button>
<button type="button" class="btn btn-danger" id="deprecateUnresolved" disabled>Deprecate Selected</button>
</div>
</div>
</div>
</div>
<!-- Loading Overlay --> <!-- Loading Overlay -->
<div id="loadingOverlay" class="loading-overlay"> <div id="loadingOverlay" class="loading-overlay">
<div class="loading-spinner"></div> <div class="loading-spinner"></div>

452
static/script.js
View File

@@ -3,11 +3,16 @@ class SSHKeyManager {
this.currentFlow = null; this.currentFlow = null;
this.keys = []; this.keys = [];
this.filteredKeys = []; this.filteredKeys = [];
this.groupedKeys = {};
this.expandedGroups = new Set();
this.currentPage = 1; this.currentPage = 1;
this.keysPerPage = 20; this.keysPerPage = 20;
this.serversPerPage = 10;
this.selectedKeys = new Set(); this.selectedKeys = new Set();
this.showDeprecatedOnly = false;
this.initializeEventListeners(); this.initializeEventListeners();
this.loadVersion();
this.loadFlows(); this.loadFlows();
} }
@@ -35,11 +40,21 @@ class SSHKeyManager {
this.showAddKeyModal(); this.showAddKeyModal();
}); });
// Scan DNS button
document.getElementById('scanDnsBtn').addEventListener('click', () => {
this.scanDnsResolution();
});
// Bulk delete button // Bulk delete button
document.getElementById('bulkDeleteBtn').addEventListener('click', () => { document.getElementById('bulkDeleteBtn').addEventListener('click', () => {
this.deleteSelectedKeys(); this.deleteSelectedKeys();
}); });
// Bulk restore button
document.getElementById('bulkRestoreBtn').addEventListener('click', () => {
this.restoreSelectedKeys();
});
// Bulk permanent delete button // Bulk permanent delete button
document.getElementById('bulkPermanentDeleteBtn').addEventListener('click', () => { document.getElementById('bulkPermanentDeleteBtn').addEventListener('click', () => {
this.permanentlyDeleteSelectedKeys(); this.permanentlyDeleteSelectedKeys();
@@ -50,6 +65,21 @@ class SSHKeyManager {
this.filterKeys(e.target.value); this.filterKeys(e.target.value);
}); });
// Deprecated filter checkbox
document.getElementById('showDeprecatedOnly').addEventListener('change', (e) => {
this.showDeprecatedOnly = e.target.checked;
// Update visual state
const filterLabel = e.target.closest('.filter-label');
if (e.target.checked) {
filterLabel.classList.add('active');
} else {
filterLabel.classList.remove('active');
}
this.filterKeys(document.getElementById('searchInput').value);
});
// Select all checkbox // Select all checkbox
document.getElementById('selectAll').addEventListener('change', (e) => { document.getElementById('selectAll').addEventListener('change', (e) => {
this.toggleSelectAll(e.target.checked); this.toggleSelectAll(e.target.checked);
@@ -91,6 +121,19 @@ class SSHKeyManager {
this.copyKeyToClipboard(); this.copyKeyToClipboard();
}); });
// DNS scan modal
document.getElementById('closeDnsScan').addEventListener('click', () => {
this.hideModal('dnsScanModal');
});
document.getElementById('selectAllUnresolved').addEventListener('click', () => {
this.toggleSelectAllUnresolved();
});
document.getElementById('deprecateUnresolved').addEventListener('click', () => {
this.deprecateSelectedUnresolved();
});
// Close modals when clicking on close button or outside // Close modals when clicking on close button or outside
document.querySelectorAll('.modal .close').forEach(closeBtn => { document.querySelectorAll('.modal .close').forEach(closeBtn => {
closeBtn.addEventListener('click', (e) => { closeBtn.addEventListener('click', (e) => {
@@ -107,6 +150,20 @@ class SSHKeyManager {
}); });
} }
async loadVersion() {
try {
const response = await fetch('/api/version');
if (response.ok) {
const data = await response.json();
document.getElementById('appVersion').textContent = `v${data.version}`;
} else {
document.getElementById('appVersion').textContent = 'Unknown';
}
} catch (error) {
document.getElementById('appVersion').textContent = 'Error';
}
}
async loadFlows() { async loadFlows() {
try { try {
this.showLoading(); this.showLoading();
@@ -146,11 +203,12 @@ class SSHKeyManager {
try { try {
this.showLoading(); this.showLoading();
const response = await fetch(`/${this.currentFlow}/keys`); const response = await fetch(`/${this.currentFlow}/keys?include_deprecated=true`);
if (!response.ok) throw new Error('Failed to load keys'); if (!response.ok) throw new Error('Failed to load keys');
this.keys = await response.json(); this.keys = await response.json();
this.filteredKeys = [...this.keys]; this.groupKeys();
this.filterKeys();
this.updateStats(); this.updateStats();
this.renderTable(); this.renderTable();
this.selectedKeys.clear(); this.selectedKeys.clear();
@@ -163,27 +221,64 @@ class SSHKeyManager {
} }
} }
groupKeys() {
this.groupedKeys = {};
this.keys.forEach(key => {
if (!this.groupedKeys[key.server]) {
this.groupedKeys[key.server] = [];
}
this.groupedKeys[key.server].push(key);
});
// Groups are closed by default - no auto-expand
}
filterKeys(searchTerm) { filterKeys(searchTerm) {
if (!searchTerm.trim()) { let keys = [...this.keys];
this.filteredKeys = [...this.keys];
// Apply deprecated filter first
if (this.showDeprecatedOnly) {
keys = keys.filter(key => key.deprecated);
}
// Then apply search filter
if (!searchTerm || !searchTerm.trim()) {
this.filteredKeys = keys;
} else { } else {
const term = searchTerm.toLowerCase(); const term = searchTerm.toLowerCase();
this.filteredKeys = this.keys.filter(key => this.filteredKeys = keys.filter(key =>
key.server.toLowerCase().includes(term) || key.server.toLowerCase().includes(term) ||
key.public_key.toLowerCase().includes(term) key.public_key.toLowerCase().includes(term)
); );
} }
this.currentPage = 1; this.currentPage = 1;
this.renderTable(); this.renderTable();
} }
updateStats() { updateStats() {
document.getElementById('totalKeys').textContent = this.keys.length; const totalKeys = this.keys.length;
const deprecatedKeys = this.keys.filter(key => key.deprecated).length;
const activeKeys = totalKeys - deprecatedKeys;
const uniqueServers = new Set(this.keys.map(key => key.server)); const uniqueServers = new Set(this.keys.map(key => key.server));
document.getElementById('totalKeys').textContent = totalKeys;
document.getElementById('activeKeys').textContent = activeKeys;
document.getElementById('deprecatedKeys').textContent = deprecatedKeys;
document.getElementById('uniqueServers').textContent = uniqueServers.size; document.getElementById('uniqueServers').textContent = uniqueServers.size;
} }
getGroupedFilteredKeys() {
const groupedFilteredKeys = {};
this.filteredKeys.forEach(key => {
if (!groupedFilteredKeys[key.server]) {
groupedFilteredKeys[key.server] = [];
}
groupedFilteredKeys[key.server].push(key);
});
return groupedFilteredKeys;
}
renderTable() { renderTable() {
const tbody = document.getElementById('keysTableBody'); const tbody = document.getElementById('keysTableBody');
const noKeysMessage = document.getElementById('noKeysMessage'); const noKeysMessage = document.getElementById('noKeysMessage');
@@ -197,26 +292,63 @@ class SSHKeyManager {
noKeysMessage.style.display = 'none'; noKeysMessage.style.display = 'none';
const startIndex = (this.currentPage - 1) * this.keysPerPage; // Group filtered keys by server
const endIndex = startIndex + this.keysPerPage; const groupedFilteredKeys = this.getGroupedFilteredKeys();
const pageKeys = this.filteredKeys.slice(startIndex, endIndex);
tbody.innerHTML = pageKeys.map((key, index) => { // Calculate pagination for grouped view
const servers = Object.keys(groupedFilteredKeys).sort();
// For pagination, we'll show a reasonable number of server groups per page
const startServerIndex = (this.currentPage - 1) * this.serversPerPage;
const endServerIndex = startServerIndex + this.serversPerPage;
const pageServers = servers.slice(startServerIndex, endServerIndex);
let html = '';
pageServers.forEach(server => {
const serverKeys = groupedFilteredKeys[server];
const activeCount = serverKeys.filter(k => !k.deprecated).length;
const deprecatedCount = serverKeys.filter(k => k.deprecated).length;
const isExpanded = this.expandedGroups.has(server);
// Server group header
html += `
<tr class="host-group-header ${isExpanded ? '' : 'collapsed'}">
<td>
<input type="checkbox"
data-group="${this.escapeHtml(server)}"
onchange="sshKeyManager.toggleGroupSelection('${this.escapeHtml(server)}', this.checked)"
onclick="event.stopPropagation()">
</td>
<td colspan="4" onclick="sshKeyManager.toggleGroup('${this.escapeHtml(server)}')" style="cursor: pointer;">
<span class="expand-icon">${isExpanded ? '▼' : '▶'}</span>
<strong>${this.escapeHtml(server)}</strong>
<span class="host-summary">
<span class="key-count">${serverKeys.length} keys</span>
${deprecatedCount > 0 ? `<span class="deprecated-count">${deprecatedCount} deprecated</span>` : ''}
</span>
</td>
</tr>
`;
// Server keys (if expanded)
if (isExpanded) {
serverKeys.forEach(key => {
const keyType = this.getKeyType(key.public_key); const keyType = this.getKeyType(key.public_key);
const keyPreview = this.getKeyPreview(key.public_key); const keyPreview = this.getKeyPreview(key.public_key);
const keyId = `${key.server}-${key.public_key}`; const keyId = `${key.server}-${key.public_key}`;
return ` html += `
<tr${key.deprecated ? ' class="deprecated"' : ''}> <tr class="key-row${key.deprecated ? ' deprecated' : ''}">
<td> <td>
<input type="checkbox" data-key-id="${keyId}" ${this.selectedKeys.has(keyId) ? 'checked' : ''}> <input type="checkbox" data-key-id="${keyId}" ${this.selectedKeys.has(keyId) ? 'checked' : ''}>
</td> </td>
<td> <td style="padding-left: 2rem;">
${this.escapeHtml(key.server)} <span class="key-type ${keyType.toLowerCase()}">${keyType}</span>
${key.deprecated ? '<span class="deprecated-badge">DEPRECATED</span>' : ''} ${key.deprecated ? '<span class="deprecated-badge">DEPRECATED</span>' : ''}
</td> </td>
<td><span class="key-type ${keyType.toLowerCase()}">${keyType}</span></td>
<td><span class="key-preview">${keyPreview}</span></td> <td><span class="key-preview">${keyPreview}</span></td>
<td></td>
<td class="table-actions"> <td class="table-actions">
<button class="btn btn-sm btn-secondary" onclick="sshKeyManager.viewKey('${keyId}')">View</button> <button class="btn btn-sm btn-secondary" onclick="sshKeyManager.viewKey('${keyId}')">View</button>
${key.deprecated ? ${key.deprecated ?
@@ -227,7 +359,11 @@ class SSHKeyManager {
</td> </td>
</tr> </tr>
`; `;
}).join(''); });
}
});
tbody.innerHTML = html;
// Add event listeners for checkboxes // Add event listeners for checkboxes
tbody.querySelectorAll('input[type="checkbox"]').forEach(checkbox => { tbody.querySelectorAll('input[type="checkbox"]').forEach(checkbox => {
@@ -240,14 +376,78 @@ class SSHKeyManager {
} }
this.updateBulkDeleteButton(); this.updateBulkDeleteButton();
this.updateSelectAllCheckbox(); this.updateSelectAllCheckbox();
this.updateGroupCheckboxes(); // Update group checkboxes when individual keys change
}); });
}); });
// Update group checkboxes to show correct indeterminate state
this.updateGroupCheckboxes();
this.updatePagination(); this.updatePagination();
} }
toggleGroup(server) {
if (this.expandedGroups.has(server)) {
this.expandedGroups.delete(server);
} else {
this.expandedGroups.add(server);
}
this.renderTable();
}
toggleGroupSelection(server, isChecked) {
const groupedFilteredKeys = this.getGroupedFilteredKeys();
const serverKeys = groupedFilteredKeys[server] || [];
serverKeys.forEach(key => {
const keyId = `${key.server}-${key.public_key}`;
if (isChecked) {
this.selectedKeys.add(keyId);
} else {
this.selectedKeys.delete(keyId);
}
});
this.updateBulkDeleteButton();
this.updateSelectAllCheckbox();
this.updateGroupCheckboxes();
// Update individual checkboxes without full re-render
const tbody = document.getElementById('keysTableBody');
serverKeys.forEach(key => {
const keyId = `${key.server}-${key.public_key}`;
const checkbox = tbody.querySelector(`input[data-key-id="${keyId}"]`);
if (checkbox) {
checkbox.checked = this.selectedKeys.has(keyId);
}
});
}
updateGroupCheckboxes() {
const groupedFilteredKeys = this.getGroupedFilteredKeys();
const tbody = document.getElementById('keysTableBody');
Object.keys(groupedFilteredKeys).forEach(server => {
const serverKeys = groupedFilteredKeys[server];
const groupCheckbox = tbody.querySelector(`input[data-group="${server}"]`);
if (groupCheckbox) {
const allSelected = serverKeys.every(key =>
this.selectedKeys.has(`${key.server}-${key.public_key}`)
);
const someSelected = serverKeys.some(key =>
this.selectedKeys.has(`${key.server}-${key.public_key}`)
);
groupCheckbox.checked = allSelected;
groupCheckbox.indeterminate = someSelected && !allSelected;
}
});
}
updatePagination() { updatePagination() {
const totalPages = Math.ceil(this.filteredKeys.length / this.keysPerPage); const groupedFilteredKeys = this.getGroupedFilteredKeys();
const totalServers = Object.keys(groupedFilteredKeys).length;
const totalPages = Math.ceil(totalServers / this.serversPerPage);
document.getElementById('pageInfo').textContent = `Page ${this.currentPage} of ${totalPages}`; document.getElementById('pageInfo').textContent = `Page ${this.currentPage} of ${totalPages}`;
document.getElementById('prevPage').disabled = this.currentPage <= 1; document.getElementById('prevPage').disabled = this.currentPage <= 1;
@@ -255,7 +455,10 @@ class SSHKeyManager {
} }
changePage(newPage) { changePage(newPage) {
const totalPages = Math.ceil(this.filteredKeys.length / this.keysPerPage); const groupedFilteredKeys = this.getGroupedFilteredKeys();
const totalServers = Object.keys(groupedFilteredKeys).length;
const totalPages = Math.ceil(totalServers / this.serversPerPage);
if (newPage >= 1 && newPage <= totalPages) { if (newPage >= 1 && newPage <= totalPages) {
this.currentPage = newPage; this.currentPage = newPage;
this.renderTable(); this.renderTable();
@@ -296,12 +499,15 @@ class SSHKeyManager {
updateBulkDeleteButton() { updateBulkDeleteButton() {
const bulkDeleteBtn = document.getElementById('bulkDeleteBtn'); const bulkDeleteBtn = document.getElementById('bulkDeleteBtn');
const bulkRestoreBtn = document.getElementById('bulkRestoreBtn');
const bulkPermanentDeleteBtn = document.getElementById('bulkPermanentDeleteBtn'); const bulkPermanentDeleteBtn = document.getElementById('bulkPermanentDeleteBtn');
if (this.selectedKeys.size === 0) { if (this.selectedKeys.size === 0) {
// No keys selected - hide both buttons // No keys selected - hide all buttons
bulkDeleteBtn.disabled = true; bulkDeleteBtn.disabled = true;
bulkDeleteBtn.textContent = 'Deprecate Selected'; bulkDeleteBtn.textContent = 'Deprecate Selected';
bulkRestoreBtn.style.display = 'none';
bulkRestoreBtn.disabled = true;
bulkPermanentDeleteBtn.style.display = 'none'; bulkPermanentDeleteBtn.style.display = 'none';
bulkPermanentDeleteBtn.disabled = true; bulkPermanentDeleteBtn.disabled = true;
return; return;
@@ -331,6 +537,16 @@ class SSHKeyManager {
bulkDeleteBtn.textContent = 'Deprecate Selected'; bulkDeleteBtn.textContent = 'Deprecate Selected';
} }
// Show/hide restore button
if (deprecatedCount > 0) {
bulkRestoreBtn.style.display = 'inline-flex';
bulkRestoreBtn.disabled = false;
bulkRestoreBtn.textContent = `Restore Selected (${deprecatedCount})`;
} else {
bulkRestoreBtn.style.display = 'none';
bulkRestoreBtn.disabled = true;
}
// Show/hide permanent delete button // Show/hide permanent delete button
if (deprecatedCount > 0) { if (deprecatedCount > 0) {
bulkPermanentDeleteBtn.style.display = 'inline-flex'; bulkPermanentDeleteBtn.style.display = 'inline-flex';
@@ -543,6 +759,56 @@ class SSHKeyManager {
} }
} }
async restoreSelectedKeys() {
if (this.selectedKeys.size === 0) return;
// Filter only deprecated keys
const deprecatedKeys = Array.from(this.selectedKeys).filter(keyId => {
const key = this.findKeyById(keyId);
return key && key.deprecated;
});
if (deprecatedKeys.length === 0) {
this.showToast('No deprecated keys selected', 'warning');
return;
}
if (!confirm(`Are you sure you want to restore ${deprecatedKeys.length} deprecated SSH keys?`)) {
return;
}
// Get unique server names
const serverNames = [...new Set(deprecatedKeys.map(keyId => {
const key = this.findKeyById(keyId);
return key ? key.server : null;
}).filter(Boolean))];
try {
this.showLoading();
const response = await fetch(`/${this.currentFlow}/bulk-restore`, {
method: 'POST',
headers: {
'Content-Type': 'application/json',
},
body: JSON.stringify({ servers: serverNames })
});
if (!response.ok) {
const errorText = await response.text();
throw new Error(errorText || 'Failed to restore keys');
}
const result = await response.json();
this.showToast(result.message, 'success');
await this.loadKeys();
} catch (error) {
this.showToast('Failed to restore selected keys: ' + error.message, 'error');
} finally {
this.hideLoading();
}
}
async permanentlyDeleteSelectedKeys() { async permanentlyDeleteSelectedKeys() {
if (this.selectedKeys.size === 0) return; if (this.selectedKeys.size === 0) return;
@@ -645,6 +911,8 @@ class SSHKeyManager {
document.getElementById('keysTableBody').innerHTML = ''; document.getElementById('keysTableBody').innerHTML = '';
document.getElementById('noKeysMessage').style.display = 'block'; document.getElementById('noKeysMessage').style.display = 'block';
document.getElementById('totalKeys').textContent = '0'; document.getElementById('totalKeys').textContent = '0';
document.getElementById('activeKeys').textContent = '0';
document.getElementById('deprecatedKeys').textContent = '0';
document.getElementById('uniqueServers').textContent = '0'; document.getElementById('uniqueServers').textContent = '0';
this.selectedKeys.clear(); this.selectedKeys.clear();
this.updateBulkDeleteButton(); this.updateBulkDeleteButton();
@@ -689,6 +957,150 @@ class SSHKeyManager {
}, 300); }, 300);
}, 4000); }, 4000);
} }
// DNS Resolution Scanning
async scanDnsResolution() {
if (!this.currentFlow) {
this.showToast('Please select a flow first', 'warning');
return;
}
try {
this.showLoading();
const response = await fetch(`/${this.currentFlow}/scan-dns`, {
method: 'POST',
headers: {
'Content-Type': 'application/json',
},
});
if (!response.ok) {
const errorText = await response.text();
throw new Error(errorText || 'Failed to scan DNS resolution');
}
const scanResults = await response.json();
this.showDnsScanResults(scanResults);
} catch (error) {
this.showToast('Failed to scan DNS resolution: ' + error.message, 'error');
} finally {
this.hideLoading();
}
}
showDnsScanResults(scanResults) {
const { results, total, unresolved } = scanResults;
// Update stats
const statsDiv = document.getElementById('dnsScanStats');
statsDiv.innerHTML = `
<div class="scan-stat">
<span class="scan-stat-value">${total}</span>
<span class="scan-stat-label">Total Hosts</span>
</div>
<div class="scan-stat">
<span class="scan-stat-value">${total - unresolved}</span>
<span class="scan-stat-label">Resolved</span>
</div>
<div class="scan-stat">
<span class="scan-stat-value unresolved-count">${unresolved}</span>
<span class="scan-stat-label">Unresolved</span>
</div>
`;
// Show unresolved hosts
const unresolvedHosts = results.filter(r => !r.resolved);
const unresolvedList = document.getElementById('unresolvedList');
if (unresolvedHosts.length === 0) {
unresolvedList.innerHTML = '<div class="empty-state">🎉 All hosts resolved successfully!</div>';
document.getElementById('selectAllUnresolved').style.display = 'none';
} else {
document.getElementById('selectAllUnresolved').style.display = 'inline-flex';
unresolvedList.innerHTML = unresolvedHosts.map(host => `
<div class="host-item">
<label>
<input type="checkbox" value="${this.escapeHtml(host.server)}" class="unresolved-checkbox">
<span class="host-name">${this.escapeHtml(host.server)}</span>
</label>
${host.error ? `<span class="host-error">${this.escapeHtml(host.error)}</span>` : ''}
</div>
`).join('');
// Add event listeners to checkboxes
unresolvedList.querySelectorAll('.unresolved-checkbox').forEach(checkbox => {
checkbox.addEventListener('change', () => {
this.updateDeprecateUnresolvedButton();
});
});
}
this.updateDeprecateUnresolvedButton();
this.showModal('dnsScanModal');
}
toggleSelectAllUnresolved() {
const checkboxes = document.querySelectorAll('.unresolved-checkbox');
const allChecked = Array.from(checkboxes).every(cb => cb.checked);
checkboxes.forEach(checkbox => {
checkbox.checked = !allChecked;
});
this.updateDeprecateUnresolvedButton();
}
updateDeprecateUnresolvedButton() {
const selectedCount = document.querySelectorAll('.unresolved-checkbox:checked').length;
const deprecateBtn = document.getElementById('deprecateUnresolved');
if (selectedCount > 0) {
deprecateBtn.disabled = false;
deprecateBtn.textContent = `Deprecate Selected (${selectedCount})`;
} else {
deprecateBtn.disabled = true;
deprecateBtn.textContent = 'Deprecate Selected';
}
}
async deprecateSelectedUnresolved() {
const selectedHosts = Array.from(document.querySelectorAll('.unresolved-checkbox:checked'))
.map(cb => cb.value);
if (selectedHosts.length === 0) {
this.showToast('No hosts selected', 'warning');
return;
}
if (!confirm(`Are you sure you want to deprecate SSH keys for ${selectedHosts.length} unresolved hosts?`)) {
return;
}
try {
this.showLoading();
const response = await fetch(`/${this.currentFlow}/bulk-deprecate`, {
method: 'POST',
headers: {
'Content-Type': 'application/json',
},
body: JSON.stringify({ servers: selectedHosts })
});
if (!response.ok) {
const errorText = await response.text();
throw new Error(errorText || 'Failed to deprecate hosts');
}
const result = await response.json();
this.showToast(result.message, 'success');
this.hideModal('dnsScanModal');
await this.loadKeys();
} catch (error) {
this.showToast('Failed to deprecate hosts: ' + error.message, 'error');
} finally {
this.hideLoading();
}
}
} }
// Initialize the SSH Key Manager when the page loads // Initialize the SSH Key Manager when the page loads

285
static/style.css
View File

@@ -50,6 +50,23 @@ header h1 {
font-size: 2.5rem; font-size: 2.5rem;
font-weight: 600; font-weight: 600;
color: var(--text-primary); color: var(--text-primary);
margin: 0;
}
.header-title {
display: flex;
align-items: baseline;
gap: 1rem;
}
.version {
font-size: 0.875rem;
color: var(--text-secondary);
background: var(--background);
padding: 0.25rem 0.5rem;
border-radius: var(--border-radius);
font-weight: 500;
border: 1px solid var(--border);
} }
.flow-selector { .flow-selector {
@@ -155,6 +172,10 @@ header h1 {
color: var(--primary-color); color: var(--primary-color);
} }
.stat-value.deprecated {
color: var(--danger-color);
}
.stat-label { .stat-label {
color: var(--text-secondary); color: var(--text-secondary);
font-size: 0.875rem; font-size: 0.875rem;
@@ -170,6 +191,46 @@ header h1 {
flex-wrap: wrap; flex-wrap: wrap;
} }
.filter-controls {
display: flex;
align-items: center;
gap: 1rem;
}
.filter-label {
display: flex;
align-items: center;
gap: 0.5rem;
font-size: 0.875rem;
color: var(--text-primary);
cursor: pointer;
user-select: none;
padding: 0.5rem 0.75rem;
border-radius: var(--border-radius);
transition: background-color 0.2s ease;
}
.filter-label:hover {
background-color: var(--background);
}
.filter-label.active {
background-color: var(--primary-color);
color: white;
}
.filter-label.active input[type="checkbox"] {
accent-color: white;
}
.filter-label input[type="checkbox"] {
margin: 0;
}
.filter-label span {
white-space: nowrap;
}
.search-box input { .search-box input {
padding: 0.5rem 1rem; padding: 0.5rem 1rem;
border: 1px solid var(--border); border: 1px solid var(--border);
@@ -225,6 +286,79 @@ header h1 {
color: var(--text-secondary); color: var(--text-secondary);
} }
.host-group-header {
background-color: #f1f5f9;
font-weight: 600;
transition: background-color 0.2s ease;
border-left: 4px solid var(--primary-color);
}
.host-group-header:hover {
background-color: #e2e8f0;
}
.host-group-header.collapsed {
border-left-color: var(--secondary-color);
}
.host-group-header .expand-icon {
transition: transform 0.2s ease;
display: inline-block;
margin-right: 0.5rem;
user-select: none;
}
.host-group-header.collapsed .expand-icon {
transform: rotate(-90deg);
}
.host-group-header input[type="checkbox"] {
margin: 0;
}
.host-group-header td:first-child {
width: 50px;
text-align: center;
}
.host-group-header td:nth-child(2) {
cursor: pointer;
user-select: none;
}
.key-row {
border-left: 4px solid transparent;
}
.key-row.hidden {
display: none;
}
.host-summary {
font-size: 0.875rem;
color: var(--text-secondary);
}
.key-count {
background-color: var(--primary-color);
color: white;
padding: 0.125rem 0.375rem;
border-radius: 0.25rem;
font-size: 0.75rem;
font-weight: 500;
margin-left: 0.5rem;
}
.deprecated-count {
background-color: var(--danger-color);
color: white;
padding: 0.125rem 0.375rem;
border-radius: 0.25rem;
font-size: 0.75rem;
font-weight: 500;
margin-left: 0.25rem;
}
.key-preview { .key-preview {
font-family: 'Monaco', 'Menlo', 'Ubuntu Mono', monospace; font-family: 'Monaco', 'Menlo', 'Ubuntu Mono', monospace;
font-size: 0.875rem; font-size: 0.875rem;
@@ -477,9 +611,24 @@ header h1 {
align-items: stretch; align-items: stretch;
} }
.header-title {
flex-direction: column;
align-items: flex-start;
gap: 0.5rem;
}
.header-title h1 {
font-size: 2rem;
}
.actions-panel { .actions-panel {
flex-direction: column; flex-direction: column;
align-items: stretch; align-items: stretch;
gap: 1rem;
}
.filter-controls {
justify-content: center;
} }
.search-box input { .search-box input {
@@ -515,6 +664,13 @@ input[type="checkbox"] {
accent-color: var(--primary-color); accent-color: var(--primary-color);
} }
/* Indeterminate checkbox styling */
input[type="checkbox"]:indeterminate {
background-color: var(--primary-color);
background-image: linear-gradient(90deg, transparent 40%, white 40%, white 60%, transparent 60%);
border-color: var(--primary-color);
}
/* Action buttons in table */ /* Action buttons in table */
.table-actions { .table-actions {
display: flex; display: flex;
@@ -538,3 +694,132 @@ input[type="checkbox"] {
.form-group textarea:valid { .form-group textarea:valid {
border-color: var(--success-color); border-color: var(--success-color);
} }
/* DNS Scan Modal Styles */
.modal-large {
max-width: 800px;
}
.scan-stats {
background: var(--background);
padding: 1rem;
border-radius: var(--border-radius);
margin-bottom: 1.5rem;
display: grid;
grid-template-columns: repeat(auto-fit, minmax(150px, 1fr));
gap: 1rem;
}
.scan-stat {
text-align: center;
}
.scan-stat-value {
display: block;
font-size: 1.5rem;
font-weight: 600;
color: var(--primary-color);
}
.scan-stat-label {
color: var(--text-secondary);
font-size: 0.875rem;
}
.unresolved-count {
color: var(--danger-color) !important;
}
.section-header {
display: flex;
justify-content: space-between;
align-items: center;
margin-bottom: 1rem;
}
.section-header h3 {
font-size: 1.125rem;
font-weight: 600;
color: var(--text-primary);
}
.host-list {
max-height: 300px;
overflow-y: auto;
border: 1px solid var(--border);
border-radius: var(--border-radius);
}
.host-item {
display: flex;
align-items: center;
padding: 0.75rem;
border-bottom: 1px solid var(--border);
transition: background-color 0.2s ease;
}
.host-item:last-child {
border-bottom: none;
}
.host-item:hover {
background-color: var(--background);
}
.host-item label {
display: flex;
align-items: center;
gap: 0.75rem;
flex: 1;
cursor: pointer;
margin: 0;
}
.host-name {
font-family: 'Monaco', 'Menlo', 'Ubuntu Mono', monospace;
font-weight: 500;
color: var(--text-primary);
}
.host-error {
font-size: 0.75rem;
color: var(--danger-color);
margin-left: auto;
max-width: 200px;
word-break: break-word;
}
.empty-state {
text-align: center;
padding: 2rem;
color: var(--text-secondary);
font-style: italic;
}
.scan-progress {
background: var(--background);
padding: 1rem;
border-radius: var(--border-radius);
margin-bottom: 1rem;
text-align: center;
}
.scan-progress-text {
color: var(--text-secondary);
margin-bottom: 0.5rem;
}
.progress-bar {
width: 100%;
height: 8px;
background: var(--border);
border-radius: 4px;
overflow: hidden;
}
.progress-fill {
height: 100%;
background: var(--primary-color);
transition: width 0.3s ease;
border-radius: 4px;
}