diff --git a/src/backend/database/db/schema.ts b/src/backend/database/db/schema.ts index bc2bb4d8..eeac5c34 100644 --- a/src/backend/database/db/schema.ts +++ b/src/backend/database/db/schema.ts @@ -46,7 +46,7 @@ export const sshData = sqliteTable("ssh_data", { password: text("password"), key: text("key", { length: 8192 }), - keyPassword: text("key_password"), + key_password: text("key_password"), keyType: text("key_type"), autostartPassword: text("autostart_password"), @@ -142,9 +142,9 @@ export const sshCredentials = sqliteTable("ssh_credentials", { username: text("username").notNull(), password: text("password"), key: text("key", { length: 16384 }), - privateKey: text("private_key", { length: 16384 }), - publicKey: text("public_key", { length: 4096 }), - keyPassword: text("key_password"), + private_key: text("private_key", { length: 16384 }), + public_key: text("public_key", { length: 4096 }), + key_password: text("key_password"), keyType: text("key_type"), detectedKeyType: text("detected_key_type"), usageCount: integer("usage_count").notNull().default(0), diff --git a/src/backend/database/routes/credentials.ts b/src/backend/database/routes/credentials.ts index 9c6dc909..c856322f 100644 --- a/src/backend/database/routes/credentials.ts +++ b/src/backend/database/routes/credentials.ts @@ -174,9 +174,9 @@ router.post( username: username.trim(), password: plainPassword, key: plainKey, - privateKey: keyInfo?.privateKey || plainKey, - publicKey: keyInfo?.publicKey || null, - keyPassword: plainKeyPassword, + private_key: keyInfo?.privateKey || plainKey, + public_key: keyInfo?.publicKey || null, + key_password: plainKeyPassword, keyType: keyType || null, detectedKeyType: keyInfo?.keyType || null, usageCount: 0, @@ -424,13 +424,13 @@ router.put( error: `Invalid SSH key: ${keyInfo.error}`, }); } - updateFields.privateKey = keyInfo.privateKey; - updateFields.publicKey = keyInfo.publicKey; + updateFields.private_key = keyInfo.privateKey; + updateFields.public_key = keyInfo.publicKey; updateFields.detectedKeyType = keyInfo.keyType; } } if (updateData.keyPassword !== undefined) { - updateFields.keyPassword = updateData.keyPassword || null; + updateFields.key_password = updateData.keyPassword || null; } if (Object.keys(updateFields).length === 0) { @@ -537,7 +537,7 @@ router.delete( credentialId: null, password: null, key: null, - keyPassword: null, + key_password: null, authType: "password", }) .where( @@ -633,7 +633,7 @@ router.post( authType: credential.auth_type || credential.authType, password: null, key: null, - keyPassword: null, + key_password: null, keyType: null, updatedAt: new Date().toISOString(), }) diff --git a/src/backend/database/routes/ssh.ts b/src/backend/database/routes/ssh.ts index 3cb76e67..9304a647 100644 --- a/src/backend/database/routes/ssh.ts +++ b/src/backend/database/routes/ssh.ts @@ -91,7 +91,7 @@ router.get("/db/host/internal", async (req: Request, res: Response) => { username: host.username, password: host.autostartPassword, key: host.autostartKey, - keyPassword: host.autostartKeyPassword, + key_password: host.autostartKeyPassword, autostartPassword: host.autostartPassword, autostartKey: host.autostartKey, autostartKeyPassword: host.autostartKeyPassword, @@ -151,7 +151,7 @@ router.get("/db/host/internal/all", async (req: Request, res: Response) => { username: host.username, password: host.autostartPassword || host.password, key: host.autostartKey || host.key, - keyPassword: host.autostartKeyPassword || host.keyPassword, + key_password: host.autostartKeyPassword || host.key_password, autostartPassword: host.autostartPassword, autostartKey: host.autostartKey, autostartKeyPassword: host.autostartKeyPassword, @@ -226,7 +226,7 @@ router.post( authType, credentialId, key, - keyPassword, + key_password, keyType, pin, enableTerminal, @@ -274,17 +274,17 @@ router.post( if (effectiveAuthType === "password") { sshDataObj.password = password || null; sshDataObj.key = null; - sshDataObj.keyPassword = null; + sshDataObj.key_password = null; sshDataObj.keyType = null; } else if (effectiveAuthType === "key") { sshDataObj.key = key || null; - sshDataObj.keyPassword = keyPassword || null; + sshDataObj.key_password = key_password || null; sshDataObj.keyType = keyType; sshDataObj.password = null; } else { sshDataObj.password = null; sshDataObj.key = null; - sshDataObj.keyPassword = null; + sshDataObj.key_password = null; sshDataObj.keyType = null; } @@ -407,7 +407,7 @@ router.put( authType, credentialId, key, - keyPassword, + key_password, keyType, pin, enableTerminal, @@ -458,14 +458,14 @@ router.put( sshDataObj.password = password; } sshDataObj.key = null; - sshDataObj.keyPassword = null; + sshDataObj.key_password = null; sshDataObj.keyType = null; } else if (effectiveAuthType === "key") { if (key) { sshDataObj.key = key; } - if (keyPassword !== undefined) { - sshDataObj.keyPassword = keyPassword || null; + if (key_password !== undefined) { + sshDataObj.key_password = key_password || null; } if (keyType) { sshDataObj.keyType = keyType; @@ -474,7 +474,7 @@ router.put( } else { sshDataObj.password = null; sshDataObj.key = null; - sshDataObj.keyPassword = null; + sshDataObj.key_password = null; sshDataObj.keyType = null; } @@ -711,7 +711,7 @@ router.get( authType: resolvedHost.authType, password: resolvedHost.password || null, key: resolvedHost.key || null, - keyPassword: resolvedHost.keyPassword || null, + key_password: resolvedHost.key_password || null, keyType: resolvedHost.keyType || null, folder: resolvedHost.folder, tags: @@ -1234,7 +1234,7 @@ async function resolveHostCredentials(host: any): Promise { authType: credential.auth_type || credential.authType, password: credential.password, key: credential.key, - keyPassword: credential.key_password || credential.keyPassword, + key_password: credential.key_password || credential.key_password, keyType: credential.key_type || credential.keyType, }; } @@ -1404,8 +1404,8 @@ router.post( credentialId: hostData.authType === "credential" ? hostData.credentialId : null, key: hostData.authType === "key" ? hostData.key : null, - keyPassword: - hostData.authType === "key" ? hostData.keyPassword : null, + key_password: + hostData.authType === "key" ? hostData.key_password : null, keyType: hostData.authType === "key" ? hostData.keyType || "auto" : null, pin: hostData.pin || false, @@ -1540,7 +1540,7 @@ router.post( ...tunnel, endpointPassword: decryptedEndpoint.password || null, endpointKey: decryptedEndpoint.key || null, - endpointKeyPassword: decryptedEndpoint.keyPassword || null, + endpointKeyPassword: decryptedEndpoint.key_password || null, endpointAuthType: endpointHost.authType, }; } @@ -1563,7 +1563,7 @@ router.post( .set({ autostartPassword: decryptedConfig.password || null, autostartKey: decryptedConfig.key || null, - autostartKeyPassword: decryptedConfig.keyPassword || null, + autostartKeyPassword: decryptedConfig.key_password || null, tunnelConnections: updatedTunnelConnections, }) .where(eq(sshData.id, sshConfigId)); diff --git a/src/backend/utils/field-crypto.ts b/src/backend/utils/field-crypto.ts index 88a1cddf..098b5b8e 100644 --- a/src/backend/utils/field-crypto.ts +++ b/src/backend/utils/field-crypto.ts @@ -17,26 +17,18 @@ class FieldCrypto { private static readonly ENCRYPTED_FIELDS = { users: new Set([ "password_hash", - "passwordHash", "client_secret", - "clientSecret", "totp_secret", - "totpSecret", "totp_backup_codes", - "totpBackupCodes", "oidc_identifier", - "oidcIdentifier", ]), - ssh_data: new Set(["password", "key", "key_password", "keyPassword"]), + ssh_data: new Set(["password", "key", "key_password"]), ssh_credentials: new Set([ "password", "private_key", - "privateKey", "key_password", - "keyPassword", "key", "public_key", - "publicKey", ]), }; diff --git a/src/backend/utils/lazy-field-encryption.ts b/src/backend/utils/lazy-field-encryption.ts index 3d18ff5e..efe5ea75 100644 --- a/src/backend/utils/lazy-field-encryption.ts +++ b/src/backend/utils/lazy-field-encryption.ts @@ -6,10 +6,20 @@ export class LazyFieldEncryption { key_password: "keyPassword", private_key: "privateKey", public_key: "publicKey", + password_hash: "passwordHash", + client_secret: "clientSecret", + totp_secret: "totpSecret", + totp_backup_codes: "totpBackupCodes", + oidc_identifier: "oidcIdentifier", keyPassword: "key_password", privateKey: "private_key", publicKey: "public_key", + passwordHash: "password_hash", + clientSecret: "client_secret", + totpSecret: "totp_secret", + totpBackupCodes: "totp_backup_codes", + oidcIdentifier: "oidc_identifier", }; static isPlaintextField(value: string): boolean {