fix: Prevent credential sharing errors for shared hosts

- Skip credential resolution for shared hosts with credential authentication to prevent decryption errors (credentials are encrypted per-user) - Add warning alert in sharing tab when host uses credential authentication - Inform users that shared users cannot connect to credential-based hosts - Add translations for credential sharing warning (EN/ZH) This prevents authentication failures when sharing hosts configured with credential authentication while maintaining security by keeping credentials isolated per user.
2025-12-15 03:44:25 +08:00
parent dd56108e8a
commit 67cc3adcc4
4 changed files with 56 additions and 1 deletions
--- a/src/backend/database/routes/ssh.ts
+++ b/src/backend/database/routes/ssh.ts
@@ -1549,6 +1549,29 @@ async function resolveHostCredentials(
  host: Record<string, unknown>,
 ): Promise<Record<string, unknown>> {
  try {
+    // Skip credential resolution for shared hosts
+    // Shared users cannot access the owner's encrypted credentials
+    if (host.isShared && host.credentialId) {
+      sshLogger.info(
+        `Skipping credential resolution for shared host ${host.id} with credentialId ${host.credentialId}`,
+        {
+          operation: "resolve_host_credentials_shared",
+          hostId: host.id as number,
+          isShared: host.isShared,
+        },
+      );
+      // Return host without resolving credentials
+      // The frontend should handle credential auth for shared hosts differently
+      const result = { ...host };
+      if (host.key_password !== undefined) {
+        if (result.keyPassword === undefined) {
+          result.keyPassword = host.key_password;
+        }
+        delete result.key_password;
+      }
+      return result;
+    }
+
    if (host.credentialId && host.userId) {
      const credentialId = host.credentialId as number;
      const userId = host.userId as string;