Fix SSH encryption and add file download functionality

- Fix SSH authentication by ensuring all database operations use EncryptedDBOperations for automatic encryption/decryption - Resolve SSH connection failures caused by encrypted password data being passed to authentication - Add comprehensive file download functionality for SSH file manager (Issue #228) - Update database migration to add require_password column for SSH sessions - Enhance debugging and logging for SSH connection troubleshooting 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
2025-09-16 13:24:25 +08:00
parent 182b60a428
commit 957bc5e41b
10 changed files with 426 additions and 30 deletions
--- a/src/backend/ssh/terminal.ts
+++ b/src/backend/ssh/terminal.ts
@@ -4,6 +4,7 @@ import { db } from "../database/db/index.js";
 import { sshCredentials } from "../database/db/schema.js";
 import { eq, and } from "drizzle-orm";
 import { sshLogger } from "../utils/logger.js";
+import { EncryptedDBOperations } from "../utils/encrypted-db-operations.js";

 const wss = new WebSocketServer({ port: 8082 });

@@ -174,18 +175,38 @@ wss.on("connection", (ws: WebSocket) => {
      }
    }, 60000);

+    sshLogger.debug(`Terminal SSH setup`, {
+      operation: 'terminal_ssh',
+      hostId: id,
+      ip,
+      authType,
+      hasPassword: !!password,
+      passwordLength: password?.length || 0,
+      hasCredentialId: !!credentialId
+    });
+
+    if (password) {
+      sshLogger.debug(`Password preview: "${password.substring(0, 15)}..."`, {
+        operation: 'terminal_ssh_password'
+      });
+    } else {
+      sshLogger.debug(`No password provided`, {
+        operation: 'terminal_ssh_password'
+      });
+    }
+
    let resolvedCredentials = { password, key, keyPassword, keyType, authType };
    if (credentialId && id && hostConfig.userId) {
      try {
-        const credentials = await db
-          .select()
-          .from(sshCredentials)
-          .where(
+        const credentials = await EncryptedDBOperations.select(
+          db.select().from(sshCredentials).where(
            and(
              eq(sshCredentials.id, credentialId),
              eq(sshCredentials.userId, hostConfig.userId),
            ),
-          );
+          ),
+          'ssh_credentials'
+        );

        if (credentials.length > 0) {
          const credential = credentials[0];