-
Notifications
You must be signed in to change notification settings - Fork 1
feat: upgrade SSH implementation to support private keys, ssh-agent, … #1
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Merged
xspoilt-dev
merged 1 commit into
xspoilt-dev:main
from
akramhossain-dev:feature/modular-architecture-and-docs
Jun 30, 2026
Merged
Changes from all commits
Commits
File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,189 @@ | ||
| package config | ||
|
|
||
| import ( | ||
| "crypto/rand" | ||
| "io" | ||
| "os" | ||
| "path/filepath" | ||
| "testing" | ||
| ) | ||
|
|
||
| func TestEncryptDecrypt(t *testing.T) { | ||
| key := make([]byte, 32) | ||
| if _, err := io.ReadFull(rand.Reader, key); err != nil { | ||
| t.Fatalf("failed to generate random key: %v", err) | ||
| } | ||
|
|
||
| tests := []string{ | ||
| "hello world", | ||
| "my-secure-password-123!", | ||
| "", | ||
| "a", | ||
| "very long string with spaces and special characters: @#$%^&*()_+{}|:<>?", | ||
| } | ||
|
|
||
| for _, original := range tests { | ||
| ciphertext, err := Encrypt(original, key) | ||
| if err != nil { | ||
| t.Errorf("Encrypt(%q) failed: %v", original, err) | ||
| continue | ||
| } | ||
|
|
||
| // Decrypt the ciphertext and check if it matches the original plaintext | ||
| decrypted, err := Decrypt(ciphertext, key) | ||
| if err != nil { | ||
| t.Errorf("Decrypt(%q) failed: %v", ciphertext, err) | ||
| continue | ||
| } | ||
|
|
||
| if decrypted != original { | ||
| t.Errorf("Encrypt/Decrypt mismatch: got %q, want %q", decrypted, original) | ||
| } | ||
| } | ||
| } | ||
|
|
||
| func TestDecryptInvalidCiphertext(t *testing.T) { | ||
| key := make([]byte, 32) | ||
| if _, err := io.ReadFull(rand.Reader, key); err != nil { | ||
| t.Fatalf("failed to generate random key: %v", err) | ||
| } | ||
|
|
||
| invalidCiphertexts := []string{ | ||
| "not-base64-encoded-!!!", | ||
| "YQ==", // Base64 for "a", too short to contain GCM nonce | ||
| } | ||
|
|
||
| for _, ct := range invalidCiphertexts { | ||
| _, err := Decrypt(ct, key) | ||
| if err == nil { | ||
| t.Errorf("expected error decrypting invalid ciphertext %q, got nil", ct) | ||
| } | ||
| } | ||
| } | ||
|
|
||
| func TestDecryptInvalidKeyLength(t *testing.T) { | ||
| invalidKeys := [][]byte{ | ||
| nil, | ||
| make([]byte, 16), | ||
| make([]byte, 24), | ||
| make([]byte, 31), | ||
| make([]byte, 33), | ||
| } | ||
|
|
||
| for _, key := range invalidKeys { | ||
| _, err := Encrypt("test", key) | ||
| if err == nil { | ||
| t.Errorf("expected error encrypting with key size %d, got nil", len(key)) | ||
| } | ||
|
|
||
| _, err = Decrypt("dGVzdA==", key) | ||
| if err == nil { | ||
| t.Errorf("expected error decrypting with key size %d, got nil", len(key)) | ||
| } | ||
| } | ||
| } | ||
|
|
||
| func TestSaveAndLoadServers(t *testing.T) { | ||
| // Create a temp directory for configuration files | ||
| tempDir, err := os.MkdirTemp("", "sshmanager_config_test") | ||
| if err != nil { | ||
| t.Fatalf("failed to create temp dir: %v", err) | ||
| } | ||
| defer os.RemoveAll(tempDir) | ||
|
|
||
| // Override config directory for testing | ||
| ConfigDirOverride = tempDir | ||
| defer func() { | ||
| ConfigDirOverride = "" | ||
| }() | ||
|
|
||
| originalServers := []Server{ | ||
| { | ||
| Alias: "test-password", | ||
| Host: "1.1.1.1", | ||
| User: "root", | ||
| Password: "p@ssword", | ||
| Port: 22, | ||
| ProjectPath: "/home/user/project1", | ||
| PrivateKeyPath: "", | ||
| UseSSHAgent: false, | ||
| }, | ||
| { | ||
| Alias: "test-key", | ||
| Host: "2.2.2.2", | ||
| User: "ubuntu", | ||
| Password: "keypassphrase", | ||
| Port: 2222, | ||
| ProjectPath: "", | ||
| PrivateKeyPath: "~/.ssh/id_ed25519", | ||
| UseSSHAgent: false, | ||
| }, | ||
| { | ||
| Alias: "test-agent", | ||
| Host: "3.3.3.3", | ||
| User: "admin", | ||
| Password: "", | ||
| Port: 22, | ||
| ProjectPath: "/tmp", | ||
| PrivateKeyPath: "", | ||
| UseSSHAgent: true, | ||
| }, | ||
| } | ||
|
|
||
| // Save servers | ||
| err = SaveServers(originalServers) | ||
| if err != nil { | ||
| t.Fatalf("SaveServers failed: %v", err) | ||
| } | ||
|
|
||
| // Verify that the files were created | ||
| serversJsonPath := filepath.Join(tempDir, "servers.json") | ||
| if _, err := os.Stat(serversJsonPath); os.IsNotExist(err) { | ||
| t.Errorf("expected servers.json to exist at %q", serversJsonPath) | ||
| } | ||
|
|
||
| secretKeyPath := filepath.Join(tempDir, "secret.key") | ||
| if _, err := os.Stat(secretKeyPath); os.IsNotExist(err) { | ||
| t.Errorf("expected secret.key to exist at %q", secretKeyPath) | ||
| } | ||
|
|
||
| // Load servers back | ||
| loadedServers, err := LoadServers() | ||
| if err != nil { | ||
| t.Fatalf("LoadServers failed: %v", err) | ||
| } | ||
|
|
||
| if len(loadedServers) != len(originalServers) { | ||
| t.Fatalf("loaded server count mismatch: got %d, want %d", len(loadedServers), len(originalServers)) | ||
| } | ||
|
|
||
| for i := range originalServers { | ||
| got := loadedServers[i] | ||
| want := originalServers[i] | ||
|
|
||
| if got.Alias != want.Alias { | ||
| t.Errorf("server[%d].Alias mismatch: got %q, want %q", i, got.Alias, want.Alias) | ||
| } | ||
| if got.Host != want.Host { | ||
| t.Errorf("server[%d].Host mismatch: got %q, want %q", i, got.Host, want.Host) | ||
| } | ||
| if got.User != want.User { | ||
| t.Errorf("server[%d].User mismatch: got %q, want %q", i, got.User, want.User) | ||
| } | ||
| if got.Password != want.Password { | ||
| t.Errorf("server[%d].Password mismatch: got %q, want %q", i, got.Password, want.Password) | ||
| } | ||
| if got.Port != want.Port { | ||
| t.Errorf("server[%d].Port mismatch: got %d, want %d", i, got.Port, want.Port) | ||
| } | ||
| if got.ProjectPath != want.ProjectPath { | ||
| t.Errorf("server[%d].ProjectPath mismatch: got %q, want %q", i, got.ProjectPath, want.ProjectPath) | ||
| } | ||
| if got.PrivateKeyPath != want.PrivateKeyPath { | ||
| t.Errorf("server[%d].PrivateKeyPath mismatch: got %q, want %q", i, got.PrivateKeyPath, want.PrivateKeyPath) | ||
| } | ||
| if got.UseSSHAgent != want.UseSSHAgent { | ||
| t.Errorf("server[%d].UseSSHAgent mismatch: got %t, want %t", i, got.UseSSHAgent, want.UseSSHAgent) | ||
| } | ||
| } | ||
| } | ||
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
suggestion (testing): Extend SaveServers/LoadServers tests to cover more edge cases and backwards compatibility
To strengthen coverage of config persistence, consider adding tests for:
Empty server list: Call
SaveServers(nil)andSaveServers([]Server{}), thenLoadServers()and verify it returns an empty slice without error. This confirms the atomic write/temp file path behaves correctly with no servers.Backward compatibility: Create an older-style
servers.jsonmissingprivate_key_pathanduse_ssh_agent(e.g., hand-crafted JSON), then callLoadServers()and assert the new fields use their zero values (PrivateKeyPath == "",UseSSHAgent == false) while existing fields are still loaded/decrypted correctly.These cases will help ensure the new fields and migration from previous config formats are safely handled.
Suggested implementation:
filepath.Joinand assumes the servers config file is namedservers.jsondirectly under the config directory. If your production code uses a different filename or helper (e.g.,getServersConfigPath()), updateserversConfigPath := filepath.Join(tempDir, "servers.json")to use the same logic as the production code.password_encryptedshould match the actual JSON field used in yourServerstruct (e.g.,encrypted_password,password, etc.). Adjust the field name and base64 value to align with your struct tags / encryption format so thatLoadServers()can correctly deserialize and decrypt it.LoadServers()expects additional mandatory fields (beyond those shown), extendlegacyJSONto include them with representative values while still omittingprivate_key_pathanduse_ssh_agentto test backward compatibility.Serverhas fieldsPrivateKeyPathandUseSSHAgentwith the expected zero values (""andfalse) so these assertions compile and behave as intended.