Merge pull request #764 from ZacharyZcR/feat/opkssh-host-sharing

feat: allow sharing opkssh-authenticated hosts
This commit is contained in:
ZacharyZcR
2026-05-18 04:35:39 +08:00
committed by GitHub
+37 -33
View File
@@ -128,10 +128,10 @@ router.post(
return res.status(403).json({ error: "Not host owner" }); return res.status(403).json({ error: "Not host owner" });
} }
if (!host[0].credentialId) { if (!host[0].credentialId && host[0].authType !== "opkssh") {
return res.status(400).json({ return res.status(400).json({
error: error:
"Only hosts using credentials can be shared. Please create a credential and assign it to this host before sharing.", "Only hosts using credentials or OPKSSH can be shared. Please create a credential and assign it to this host before sharing.",
code: "CREDENTIAL_REQUIRED_FOR_SHARING", code: "CREDENTIAL_REQUIRED_FOR_SHARING",
}); });
} }
@@ -203,23 +203,25 @@ router.post(
.delete(sharedCredentials) .delete(sharedCredentials)
.where(eq(sharedCredentials.hostAccessId, existing[0].id)); .where(eq(sharedCredentials.hostAccessId, existing[0].id));
const { SharedCredentialManager } = if (host[0].credentialId) {
await import("../../utils/shared-credential-manager.js"); const { SharedCredentialManager } =
const sharedCredManager = SharedCredentialManager.getInstance(); await import("../../utils/shared-credential-manager.js");
if (targetType === "user") { const sharedCredManager = SharedCredentialManager.getInstance();
await sharedCredManager.createSharedCredentialForUser( if (targetType === "user") {
existing[0].id, await sharedCredManager.createSharedCredentialForUser(
host[0].credentialId, existing[0].id,
targetUserId!, host[0].credentialId,
userId, targetUserId!,
); userId,
} else { );
await sharedCredManager.createSharedCredentialsForRole( } else {
existing[0].id, await sharedCredManager.createSharedCredentialsForRole(
host[0].credentialId, existing[0].id,
targetRoleId!, host[0].credentialId,
userId, targetRoleId!,
); userId,
);
}
} }
databaseLogger.info("Permission granted", { databaseLogger.info("Permission granted", {
operation: "rbac_permission_grant", operation: "rbac_permission_grant",
@@ -249,20 +251,22 @@ router.post(
await import("../../utils/shared-credential-manager.js"); await import("../../utils/shared-credential-manager.js");
const sharedCredManager = SharedCredentialManager.getInstance(); const sharedCredManager = SharedCredentialManager.getInstance();
if (targetType === "user") { if (host[0].credentialId) {
await sharedCredManager.createSharedCredentialForUser( if (targetType === "user") {
result.lastInsertRowid as number, await sharedCredManager.createSharedCredentialForUser(
host[0].credentialId, result.lastInsertRowid as number,
targetUserId!, host[0].credentialId,
userId, targetUserId!,
); userId,
} else { );
await sharedCredManager.createSharedCredentialsForRole( } else {
result.lastInsertRowid as number, await sharedCredManager.createSharedCredentialsForRole(
host[0].credentialId, result.lastInsertRowid as number,
targetRoleId!, host[0].credentialId,
userId, targetRoleId!,
); userId,
);
}
} }
databaseLogger.success("Host shared successfully", { databaseLogger.success("Host shared successfully", {
operation: "rbac_host_share_success", operation: "rbac_host_share_success",