ssh tunnel - reuse SSH connection + local port for multiple DB connections

2026-04-19 13:06:01 +00:00 · 2021-02-13 07:47:55 +01:00
parent 728ca72cc1
commit 114dc0b543
15 changed files with 172 additions and 32 deletions
--- a/packages/api/src/utility/DatastoreProxy.js
+++ b/packages/api/src/utility/DatastoreProxy.js
@@ -1,5 +1,6 @@
 const { fork } = require('child_process');
 const uuidv1 = require('uuid/v1');
+const { handleProcessCommunication } = require('./processComm');

 class DatastoreProxy {
  constructor(file) {
@@ -30,8 +31,11 @@ class DatastoreProxy {
    if (!this.subprocess) {
      this.subprocess = fork(process.argv[1], ['jslDatastoreProcess', ...process.argv.slice(3)]);

-      // @ts-ignore
-      this.subprocess.on('message', ({ msgtype, ...message }) => {
+      this.subprocess.on('message', message => {
+        // @ts-ignore
+        const { msgtype } = message;
+        if (handleProcessCommunication(message, this.subprocess)) return;
+
        // if (this.disconnected) return;
        this[`handle_${msgtype}`](message);
      });
--- a/packages/api/src/utility/connectUtility.js
+++ b/packages/api/src/utility/connectUtility.js
@@ -1,33 +1,36 @@
 const { SSHConnection } = require('node-ssh-forward');
 const portfinder = require('portfinder');
 const { decryptConnection } = require('./crypting');
+const { getSshTunnel } = require('./sshTunnel');
+const { getSshTunnelProxy } = require('./sshTunnelProxy');

 async function connectUtility(driver, storedConnection) {
  let connection = decryptConnection(storedConnection);
  if (connection.useSshTunnel) {
-    const sshConfig = {
-      endHost: connection.sshHost || '',
-      endPort: connection.sshPort || 22,
-      bastionHost: '',
-      agentForward: false,
-      passphrase: undefined,
-      username: connection.sshLogin,
-      password: connection.sshPassword,
-      skipAutoPrivateKey: true,
-      noReadline: true,
-    };
+    const localPort = await getSshTunnelProxy(connection);
+    // const sshConfig = {
+    //   endHost: connection.sshHost || '',
+    //   endPort: connection.sshPort || 22,
+    //   bastionHost: '',
+    //   agentForward: false,
+    //   passphrase: undefined,
+    //   username: connection.sshLogin,
+    //   password: connection.sshPassword,
+    //   skipAutoPrivateKey: true,
+    //   noReadline: true,
+    // };

-    const sshConn = new SSHConnection(sshConfig);
-    const localPort = await portfinder.getPortPromise({ port: 10000, stopPort: 60000 });
-    // workaround for `getPortPromise` not releasing the port quickly enough
-    await new Promise(resolve => setTimeout(resolve, 500));
-    const tunnelConfig = {
-      fromPort: localPort,
-      toPort: connection.port,
-      toHost: connection.server,
-    };
-    const tunnel = await sshConn.forward(tunnelConfig);
-    console.log(`Created SSH tunnel to ${connection.sshHost}-${connection.server}:${connection.port}, using local port ${localPort}`)
+    // const sshConn = new SSHConnection(sshConfig);
+    // const localPort = await portfinder.getPortPromise({ port: 10000, stopPort: 60000 });
+    // // workaround for `getPortPromise` not releasing the port quickly enough
+    // await new Promise(resolve => setTimeout(resolve, 500));
+    // const tunnelConfig = {
+    //   fromPort: localPort,
+    //   toPort: connection.port,
+    //   toHost: connection.server,
+    // };
+    // const tunnel = await sshConn.forward(tunnelConfig);
+    // console.log(`Created SSH tunnel to ${connection.sshHost}-${connection.server}:${connection.port}, using local port ${localPort}`)

    connection = {
      ...connection,
--- a/packages/api/src/utility/processComm.js
+++ b/packages/api/src/utility/processComm.js
@@ -0,0 +1,18 @@
+const { handleGetSshTunnelRequest, handleGetSshTunnelResponse } = require('./sshTunnelProxy');
+
+function handleProcessCommunication(message, subprocess) {
+  const { msgtype } = message;
+  if (msgtype == 'getsshtunnel-request') {
+    handleGetSshTunnelRequest(message, subprocess);
+    return true;
+  }
+  if (msgtype == 'getsshtunnel-response') {
+    handleGetSshTunnelResponse(message, subprocess);
+    return true;
+  }
+  return false;
+}
+
+module.exports = {
+  handleProcessCommunication,
+};
--- a/packages/api/src/utility/sshTunnel.js
+++ b/packages/api/src/utility/sshTunnel.js
@@ -0,0 +1,61 @@
+const { SSHConnection } = require('node-ssh-forward');
+const portfinder = require('portfinder');
+const stableStringify = require('json-stable-stringify');
+const _ = require('lodash');
+
+const sshConnectionCache = {};
+const sshTunnelCache = {};
+
+const CONNECTION_FIELDS = ['sshHost', 'sshPort', 'sshLogin', 'sshPassword'];
+const TUNNEL_FIELDS = [...CONNECTION_FIELDS, 'server', 'port'];
+
+async function getSshConnection(connection) {
+  const connectionCacheKey = stableStringify(_.pick(connection, CONNECTION_FIELDS));
+  if (sshConnectionCache[connectionCacheKey]) return sshConnectionCache[connectionCacheKey];
+
+  const sshConfig = {
+    endHost: connection.sshHost || '',
+    endPort: connection.sshPort || 22,
+    bastionHost: '',
+    agentForward: false,
+    passphrase: undefined,
+    username: connection.sshLogin,
+    password: connection.sshPassword,
+    skipAutoPrivateKey: true,
+    noReadline: true,
+  };
+
+  const sshConn = new SSHConnection(sshConfig);
+  sshConnectionCache[connectionCacheKey] = sshConn;
+  return sshConn;
+}
+
+async function getSshTunnel(connection) {
+  const sshConn = await getSshConnection(connection);
+  const tunnelCacheKey = stableStringify(_.pick(connection, TUNNEL_FIELDS));
+  if (sshTunnelCache[tunnelCacheKey]) return sshTunnelCache[tunnelCacheKey].localPort;
+
+  const localPort = await portfinder.getPortPromise({ port: 10000, stopPort: 60000 });
+  // workaround for `getPortPromise` not releasing the port quickly enough
+  await new Promise(resolve => setTimeout(resolve, 500));
+  const tunnelConfig = {
+    fromPort: localPort,
+    toPort: connection.port,
+    toHost: connection.server,
+  };
+  const tunnel = await sshConn.forward(tunnelConfig);
+  console.log(
+    `Created SSH tunnel to ${connection.sshHost}-${connection.server}:${connection.port}, using local port ${localPort}`
+  );
+
+  sshTunnelCache[tunnelCacheKey] = {
+    tunnel,
+    localPort,
+  };
+
+  return localPort;
+}
+
+module.exports = {
+  getSshTunnel,
+};
--- a/packages/api/src/utility/sshTunnelProxy.js
+++ b/packages/api/src/utility/sshTunnelProxy.js
@@ -0,0 +1,30 @@
+const uuidv1 = require('uuid/v1');
+const { getSshTunnel } = require('./sshTunnel');
+
+const dispatchedMessages = {};
+
+async function handleGetSshTunnelRequest({ msgid, connection }, subprocess) {
+  const response = await getSshTunnel(connection);
+  subprocess.send({ msgtype: 'getsshtunnel-response', msgid, response });
+}
+
+function handleGetSshTunnelResponse({ msgid, response }, subprocess) {
+  const { resolve } = dispatchedMessages[msgid];
+  delete dispatchedMessages[msgid];
+  resolve(response);
+}
+
+async function getSshTunnelProxy(connection) {
+  if (!process.send) return getSshTunnel(connection);
+  const msgid = uuidv1();
+  process.send({ msgtype: 'getsshtunnel-request', msgid, connection });
+  return new Promise((resolve, reject) => {
+    dispatchedMessages[msgid] = { resolve, reject };
+  });
+}
+
+module.exports = {
+  handleGetSshTunnelRequest,
+  handleGetSshTunnelResponse,
+  getSshTunnelProxy,
+};