This commit is contained in:
LukeGus
2026-05-28 22:29:20 -05:00
parent 33dcde0827
commit 5777351145
238 changed files with 62303 additions and 98955 deletions
+49
View File
@@ -710,6 +710,8 @@ const migrateSchema = () => {
addColumnIfNotExists("ssh_credentials", "public_key", "TEXT");
addColumnIfNotExists("ssh_credentials", "detected_key_type", "TEXT");
addColumnIfNotExists("ssh_credentials", "cert_public_key", "TEXT");
addColumnIfNotExists("ssh_credentials", "system_password", "TEXT");
addColumnIfNotExists("ssh_credentials", "system_key", "TEXT");
addColumnIfNotExists("ssh_credentials", "system_key_password", "TEXT");
@@ -782,6 +784,7 @@ const migrateSchema = () => {
addColumnIfNotExists("snippets", "folder", "TEXT");
addColumnIfNotExists("snippets", "order", "INTEGER NOT NULL DEFAULT 0");
addColumnIfNotExists("snippets", "host_filter", "TEXT");
try {
sqlite
@@ -1007,6 +1010,19 @@ const migrateSchema = () => {
}
}
try {
sqlite.prepare("SELECT override_credential_id FROM host_access LIMIT 1").get();
} catch {
try {
sqlite.exec("ALTER TABLE host_access ADD COLUMN override_credential_id INTEGER REFERENCES ssh_credentials(id) ON DELETE SET NULL");
} catch (alterError) {
databaseLogger.warn("Failed to add override_credential_id column", {
operation: "schema_migration",
error: alterError,
});
}
}
try {
sqlite.prepare("SELECT sudo_password FROM ssh_data LIMIT 1").get();
} catch {
@@ -1078,6 +1094,39 @@ const migrateSchema = () => {
}
}
// Copy unencrypted username/domain into protocol-specific columns for old guac hosts.
// Passwords are handled via the legacy field name fallback in lazy-field-encryption.ts.
const usernameDomainBackfills = [
{
protocol: "rdp",
sql: "UPDATE ssh_data SET rdp_user = username, rdp_password = password, rdp_domain = domain WHERE connection_type = 'rdp' AND rdp_user IS NULL AND rdp_password IS NULL",
},
{
protocol: "vnc",
sql: "UPDATE ssh_data SET vnc_user = username, vnc_password = password WHERE connection_type = 'vnc' AND vnc_user IS NULL AND vnc_password IS NULL",
},
{
protocol: "telnet",
sql: "UPDATE ssh_data SET telnet_user = username, telnet_password = password WHERE connection_type = 'telnet' AND telnet_user IS NULL AND telnet_password IS NULL",
},
];
for (const backfill of usernameDomainBackfills) {
try {
const result = sqlite.prepare(backfill.sql).run();
if (result.changes > 0) {
databaseLogger.info(
`Backfilled ${result.changes} ${backfill.protocol} host credential(s)`,
{ operation: "guac_credential_backfill" },
);
}
} catch (e) {
databaseLogger.warn(`Failed to backfill ${backfill.protocol} host credentials`, {
operation: "guac_credential_backfill",
error: e,
});
}
}
try {
sqlite.prepare("SELECT id FROM roles LIMIT 1").get();
} catch {
+7
View File
@@ -256,6 +256,8 @@ export const sshCredentials = sqliteTable("ssh_credentials", {
keyType: text("key_type"),
detectedKeyType: text("detected_key_type"),
certPublicKey: text("cert_public_key", { length: 8192 }),
systemPassword: text("system_password"),
systemKey: text("system_key", { length: 16384 }),
systemKeyPassword: text("system_key_password"),
@@ -302,6 +304,7 @@ export const snippets = sqliteTable("snippets", {
updatedAt: text("updated_at")
.notNull()
.default(sql`CURRENT_TIMESTAMP`),
hostFilter: text("host_filter"),
});
export const snippetFolders = sqliteTable("snippet_folders", {
@@ -461,6 +464,10 @@ export const hostAccess = sqliteTable("host_access", {
.default(sql`CURRENT_TIMESTAMP`),
lastAccessedAt: text("last_accessed_at"),
accessCount: integer("access_count").notNull().default(0),
overrideCredentialId: integer("override_credential_id").references(
() => sshCredentials.id,
{ onDelete: "set null" },
),
});
export const sharedCredentials = sqliteTable("shared_credentials", {