Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 2 additions & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -141,11 +141,12 @@ Toggle active panel focus between the **File Browser (Top)** and the **SSH Termi

## 🤝 Contributing

Contributions, bug reports, and pull requests are welcome!
Contributions, bug reports, and pull requests are welcome!
1. Fork the Project.
2. Create your Feature Branch (`git checkout -b feature/AmazingFeature`).
3. Commit your Changes (`git commit -m 'Add some AmazingFeature'`).
4. Push to the Branch (`git push origin feature/AmazingFeature`).
5. Open a Pull Request.

---

93 changes: 63 additions & 30 deletions config.go → config/config.go
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
package main
package config

import (
"crypto/aes"
Expand All @@ -14,12 +14,14 @@ import (
)

type Server struct {
Alias string `json:"alias"`
Host string `json:"host"` // Encrypted base64
User string `json:"user"` // Encrypted base64
Password string `json:"password"` // Encrypted base64
Port int `json:"port"`
ProjectPath string `json:"project_path"` // Plaintext local directory
Alias string `json:"alias"`
Host string `json:"host"` // Encrypted base64
User string `json:"user"` // Encrypted base64
Password string `json:"password"` // Encrypted base64
Port int `json:"port"`
ProjectPath string `json:"project_path"` // Plaintext local directory
PrivateKeyPath string `json:"private_key_path"` // Encrypted base64
UseSSHAgent bool `json:"use_ssh_agent"`
}

const (
Expand All @@ -28,7 +30,12 @@ const (
keyFileName = "secret.key"
)

var ConfigDirOverride string

func getConfigDir() (string, error) {
if ConfigDirOverride != "" {
return ConfigDirOverride, nil
}
home, err := os.UserHomeDir()
if err != nil {
return "", err
Expand Down Expand Up @@ -73,8 +80,11 @@ func getOrGenerateKey() ([]byte, error) {
return key, nil
}

// encrypt encrypts plaintext using AES-256-GCM.
func encrypt(plaintext string, key []byte) (string, error) {
// Encrypt encrypts plaintext using AES-256-GCM (exported for testing).
func Encrypt(plaintext string, key []byte) (string, error) {
if len(key) != 32 {
return "", errors.New("invalid key size, expected 32 bytes")
}
if plaintext == "" {
return "", nil
}
Expand All @@ -98,8 +108,11 @@ func encrypt(plaintext string, key []byte) (string, error) {
return base64.StdEncoding.EncodeToString(ciphertext), nil
}

// decrypt decrypts AES-256-GCM ciphertext.
func decrypt(ciphertextBase64 string, key []byte) (string, error) {
// Decrypt decrypts AES-256-GCM ciphertext (exported for testing).
func Decrypt(ciphertextBase64 string, key []byte) (string, error) {
if len(key) != 32 {
return "", errors.New("invalid key size, expected 32 bytes")
}
if ciphertextBase64 == "" {
return "", nil
}
Expand Down Expand Up @@ -162,26 +175,32 @@ func LoadServers() ([]Server, error) {

servers := make([]Server, len(rawServers))
for i, s := range rawServers {
decHost, err := decrypt(s.Host, key)
decHost, err := Decrypt(s.Host, key)
if err != nil {
return nil, fmt.Errorf("failed to decrypt host for %s: %w", s.Alias, err)
}
decUser, err := decrypt(s.User, key)
decUser, err := Decrypt(s.User, key)
if err != nil {
return nil, fmt.Errorf("failed to decrypt user for %s: %w", s.Alias, err)
}
decPass, err := decrypt(s.Password, key)
decPass, err := Decrypt(s.Password, key)
if err != nil {
return nil, fmt.Errorf("failed to decrypt password for %s: %w", s.Alias, err)
}
decKeyPath, err := Decrypt(s.PrivateKeyPath, key)
if err != nil {
return nil, fmt.Errorf("failed to decrypt private key path for %s: %w", s.Alias, err)
}

servers[i] = Server{
Alias: s.Alias,
Host: decHost,
User: decUser,
Password: decPass,
Port: s.Port,
ProjectPath: s.ProjectPath,
Alias: s.Alias,
Host: decHost,
User: decUser,
Password: decPass,
Port: s.Port,
ProjectPath: s.ProjectPath,
PrivateKeyPath: decKeyPath,
UseSSHAgent: s.UseSSHAgent,
}
}

Expand All @@ -206,26 +225,32 @@ func SaveServers(servers []Server) error {

encryptedServers := make([]Server, len(servers))
for i, s := range servers {
encHost, err := encrypt(s.Host, key)
encHost, err := Encrypt(s.Host, key)
if err != nil {
return err
}
encUser, err := encrypt(s.User, key)
encUser, err := Encrypt(s.User, key)
if err != nil {
return err
}
encPass, err := encrypt(s.Password, key)
encPass, err := Encrypt(s.Password, key)
if err != nil {
return err
}
encKeyPath, err := Encrypt(s.PrivateKeyPath, key)
if err != nil {
return err
}

encryptedServers[i] = Server{
Alias: s.Alias,
Host: encHost,
User: encUser,
Password: encPass,
Port: s.Port,
ProjectPath: s.ProjectPath,
Alias: s.Alias,
Host: encHost,
User: encUser,
Password: encPass,
Port: s.Port,
ProjectPath: s.ProjectPath,
PrivateKeyPath: encKeyPath,
UseSSHAgent: s.UseSSHAgent,
}
}

Expand All @@ -235,5 +260,13 @@ func SaveServers(servers []Server) error {
}

configPath := filepath.Join(dir, configFileName)
return os.WriteFile(configPath, data, 0600)
tempPath := configPath + ".tmp"
if err := os.WriteFile(tempPath, data, 0600); err != nil {
return err
}
if err := os.Rename(tempPath, configPath); err != nil {
_ = os.Remove(tempPath)
return err
}
return nil
}
189 changes: 189 additions & 0 deletions config/config_test.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,189 @@
package config

import (
"crypto/rand"
"io"
"os"
"path/filepath"
"testing"
)

func TestEncryptDecrypt(t *testing.T) {
key := make([]byte, 32)
if _, err := io.ReadFull(rand.Reader, key); err != nil {
t.Fatalf("failed to generate random key: %v", err)
}

tests := []string{
"hello world",
"my-secure-password-123!",
"",
"a",
"very long string with spaces and special characters: @#$%^&*()_+{}|:<>?",
}

for _, original := range tests {
ciphertext, err := Encrypt(original, key)
if err != nil {
t.Errorf("Encrypt(%q) failed: %v", original, err)
continue
}

// Decrypt the ciphertext and check if it matches the original plaintext
decrypted, err := Decrypt(ciphertext, key)
if err != nil {
t.Errorf("Decrypt(%q) failed: %v", ciphertext, err)
continue
}

if decrypted != original {
t.Errorf("Encrypt/Decrypt mismatch: got %q, want %q", decrypted, original)
}
}
}

func TestDecryptInvalidCiphertext(t *testing.T) {
key := make([]byte, 32)
if _, err := io.ReadFull(rand.Reader, key); err != nil {
t.Fatalf("failed to generate random key: %v", err)
}

invalidCiphertexts := []string{
"not-base64-encoded-!!!",
"YQ==", // Base64 for "a", too short to contain GCM nonce
}

for _, ct := range invalidCiphertexts {
_, err := Decrypt(ct, key)
if err == nil {
t.Errorf("expected error decrypting invalid ciphertext %q, got nil", ct)
}
}
}

func TestDecryptInvalidKeyLength(t *testing.T) {
invalidKeys := [][]byte{
nil,
make([]byte, 16),
make([]byte, 24),
make([]byte, 31),
make([]byte, 33),
}

for _, key := range invalidKeys {
_, err := Encrypt("test", key)
if err == nil {
t.Errorf("expected error encrypting with key size %d, got nil", len(key))
}

_, err = Decrypt("dGVzdA==", key)
if err == nil {
t.Errorf("expected error decrypting with key size %d, got nil", len(key))
}
}
}

func TestSaveAndLoadServers(t *testing.T) {

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

suggestion (testing): Extend SaveServers/LoadServers tests to cover more edge cases and backwards compatibility

To strengthen coverage of config persistence, consider adding tests for:

  1. Empty server list: Call SaveServers(nil) and SaveServers([]Server{}), then LoadServers() and verify it returns an empty slice without error. This confirms the atomic write/temp file path behaves correctly with no servers.

  2. Backward compatibility: Create an older-style servers.json missing private_key_path and use_ssh_agent (e.g., hand-crafted JSON), then call LoadServers() and assert the new fields use their zero values (PrivateKeyPath == "", UseSSHAgent == false) while existing fields are still loaded/decrypted correctly.

These cases will help ensure the new fields and migration from previous config formats are safely handled.

Suggested implementation:

func TestSaveAndLoadServers(t *testing.T) {
	// Create a temp directory for configuration files
	tempDir, err := os.MkdirTemp("", "sshmanager_config_test")
	if err != nil {
		t.Fatalf("failed to create temp dir: %v", err)
	}
	defer os.RemoveAll(tempDir)

	// Override config directory for testing
	ConfigDirOverride = tempDir
	defer func() {
		ConfigDirOverride = ""
	}()

	t.Run("empty server list with nil slice", func(t *testing.T) {
		// Save with a nil slice
		if err := SaveServers(nil); err != nil {
			t.Fatalf("SaveServers(nil) returned error: %v", err)
		}

		servers, err := LoadServers()
		if err != nil {
			t.Fatalf("LoadServers() after SaveServers(nil) returned error: %v", err)
		}

		if len(servers) != 0 {
			t.Errorf("expected 0 servers after SaveServers(nil), got %d", len(servers))
		}
	})

	t.Run("empty server list with empty slice", func(t *testing.T) {
		// Save with an empty slice
		if err := SaveServers([]Server{}); err != nil {
			t.Fatalf("SaveServers([]Server{}) returned error: %v", err)
		}

		servers, err := LoadServers()
		if err != nil {
			t.Fatalf("LoadServers() after SaveServers([]Server{}) returned error: %v", err)
		}

		if len(servers) != 0 {
			t.Errorf("expected 0 servers after SaveServers([]Server{}), got %d", len(servers))
		}
	})

	t.Run("backward compatibility with legacy config missing new fields", func(t *testing.T) {
		// Construct a legacy-style servers.json missing private_key_path and use_ssh_agent
		legacyJSON := `[
			{
				"name": "legacy-server",
				"host": "example.com",
				"port": 22,
				"username": "legacyuser",
				"password_encrypted": "dGVzdF9wYXNzd29yZA=="
			}
		]`

		// Determine the servers config path in the overridden config dir.
		// NOTE: this assumes the production code writes servers.json directly under the config dir.
		serversConfigPath := filepath.Join(tempDir, "servers.json")

		if err := os.WriteFile(serversConfigPath, []byte(legacyJSON), 0o600); err != nil {
			t.Fatalf("failed to write legacy servers.json: %v", err)
		}

		servers, err := LoadServers()
		if err != nil {
			t.Fatalf("LoadServers() for legacy config returned error: %v", err)
		}

		if len(servers) != 1 {
			t.Fatalf("expected 1 server from legacy config, got %d", len(servers))
		}

		s := servers[0]
		if s.Name != "legacy-server" {
			t.Errorf("expected Name %q, got %q", "legacy-server", s.Name)
		}
		if s.Host != "example.com" {
			t.Errorf("expected Host %q, got %q", "example.com", s.Host)
		}
		if s.Port != 22 {
			t.Errorf("expected Port %d, got %d", 22, s.Port)
		}
		if s.Username != "legacyuser" {
			t.Errorf("expected Username %q, got %q", "legacyuser", s.Username)
		}

		// New fields should have their zero values when missing in legacy JSON
		if s.PrivateKeyPath != "" {
			t.Errorf("expected PrivateKeyPath to be empty for legacy config, got %q", s.PrivateKeyPath)
		}
		if s.UseSSHAgent {
			t.Errorf("expected UseSSHAgent to be false for legacy config, got %v", s.UseSSHAgent)
		}
	})
}
  1. This test uses filepath.Join and assumes the servers config file is named servers.json directly under the config directory. If your production code uses a different filename or helper (e.g., getServersConfigPath()), update serversConfigPath := filepath.Join(tempDir, "servers.json") to use the same logic as the production code.
  2. The legacy JSON field password_encrypted should match the actual JSON field used in your Server struct (e.g., encrypted_password, password, etc.). Adjust the field name and base64 value to align with your struct tags / encryption format so that LoadServers() can correctly deserialize and decrypt it.
  3. If LoadServers() expects additional mandatory fields (beyond those shown), extend legacyJSON to include them with representative values while still omitting private_key_path and use_ssh_agent to test backward compatibility.
  4. Ensure Server has fields PrivateKeyPath and UseSSHAgent with the expected zero values ("" and false) so these assertions compile and behave as intended.

// Create a temp directory for configuration files
tempDir, err := os.MkdirTemp("", "sshmanager_config_test")
if err != nil {
t.Fatalf("failed to create temp dir: %v", err)
}
defer os.RemoveAll(tempDir)

// Override config directory for testing
ConfigDirOverride = tempDir
defer func() {
ConfigDirOverride = ""
}()

originalServers := []Server{
{
Alias: "test-password",
Host: "1.1.1.1",
User: "root",
Password: "p@ssword",
Port: 22,
ProjectPath: "/home/user/project1",
PrivateKeyPath: "",
UseSSHAgent: false,
},
{
Alias: "test-key",
Host: "2.2.2.2",
User: "ubuntu",
Password: "keypassphrase",
Port: 2222,
ProjectPath: "",
PrivateKeyPath: "~/.ssh/id_ed25519",
UseSSHAgent: false,
},
{
Alias: "test-agent",
Host: "3.3.3.3",
User: "admin",
Password: "",
Port: 22,
ProjectPath: "/tmp",
PrivateKeyPath: "",
UseSSHAgent: true,
},
}

// Save servers
err = SaveServers(originalServers)
if err != nil {
t.Fatalf("SaveServers failed: %v", err)
}

// Verify that the files were created
serversJsonPath := filepath.Join(tempDir, "servers.json")
if _, err := os.Stat(serversJsonPath); os.IsNotExist(err) {
t.Errorf("expected servers.json to exist at %q", serversJsonPath)
}

secretKeyPath := filepath.Join(tempDir, "secret.key")
if _, err := os.Stat(secretKeyPath); os.IsNotExist(err) {
t.Errorf("expected secret.key to exist at %q", secretKeyPath)
}

// Load servers back
loadedServers, err := LoadServers()
if err != nil {
t.Fatalf("LoadServers failed: %v", err)
}

if len(loadedServers) != len(originalServers) {
t.Fatalf("loaded server count mismatch: got %d, want %d", len(loadedServers), len(originalServers))
}

for i := range originalServers {
got := loadedServers[i]
want := originalServers[i]

if got.Alias != want.Alias {
t.Errorf("server[%d].Alias mismatch: got %q, want %q", i, got.Alias, want.Alias)
}
if got.Host != want.Host {
t.Errorf("server[%d].Host mismatch: got %q, want %q", i, got.Host, want.Host)
}
if got.User != want.User {
t.Errorf("server[%d].User mismatch: got %q, want %q", i, got.User, want.User)
}
if got.Password != want.Password {
t.Errorf("server[%d].Password mismatch: got %q, want %q", i, got.Password, want.Password)
}
if got.Port != want.Port {
t.Errorf("server[%d].Port mismatch: got %d, want %d", i, got.Port, want.Port)
}
if got.ProjectPath != want.ProjectPath {
t.Errorf("server[%d].ProjectPath mismatch: got %q, want %q", i, got.ProjectPath, want.ProjectPath)
}
if got.PrivateKeyPath != want.PrivateKeyPath {
t.Errorf("server[%d].PrivateKeyPath mismatch: got %q, want %q", i, got.PrivateKeyPath, want.PrivateKeyPath)
}
if got.UseSSHAgent != want.UseSSHAgent {
t.Errorf("server[%d].UseSSHAgent mismatch: got %t, want %t", i, got.UseSSHAgent, want.UseSSHAgent)
}
}
}
Loading