Merge pull request #15 from MaddyGuthridge/maddy-docker-ssh-forwarding

Add SSH forwarding to docker image

Author: MaddyGuthridge

Dockerfile

@@ -1,5 +1,11 @@
 FROM node:20
 
+# Make volumes be owned by the node user
+RUN mkdir /home/node/.ssh
+RUN chown node:node /home/node/.ssh
+RUN mkdir /data
+RUN chown node:node /data
+
 USER node
 
 WORKDIR /home/node/app

docker-compose.yml

@@ -12,16 +12,30 @@
 # It is not necessary to set up other environment variables
 services:
   minifolio:
-    image: maddyguthridge/minifolio
+    # image: maddyguthridge/minifolio
+    build:
+      context: .
+      ssh:
+        - default
     hostname: minifolio
     restart: always
     ports:
       - 127.0.0.1:3000:3000/tcp
     volumes:
       - "./data:/data:rw"
+        # Forward local machine SSH key to docker
+        # Note: this may need changes on MacOS
+        # Source: https://stackoverflow.com/a/36648428/6335363
+      - $SSH_AUTH_SOCK:/ssh-agent
+      - "ssh_dir:/home/node/.ssh:rw"
+
     environment:
       DATA_REPO_PATH: "/data"
       HOST: 0.0.0.0
       PORT: 3000
+      # Tell the container where to find the SSH auth socket
+      SSH_AUTH_SOCK: /ssh-agent
     # Set up `AUTH_SECRET` variable within `.env`
     env_file: ".env"
+volumes:
+  ssh_dir:

package-lock.json

@@ -16,6 +16,7 @@
 	},
 	"type": "module",
 	"dependencies": {
+		"child-process-promise": "^2.2.1",
 		"color": "^4.2.3",
 		"dotenv": "^16.4.5",
 		"highlight.js": "^11.9.0",
@@ -39,6 +40,7 @@
 		"@sveltejs/kit": "^2.0.0",
 		"@sveltejs/vite-plugin-svelte": "^3.0.0",
 		"@testing-library/svelte": "^5.1.0",
+		"@types/child-process-promise": "^2.2.6",
 		"@types/color": "^3.0.6",
 		"@types/debug": "^4.1.12",
 		"@types/eslint": "^9.6.1",

package.json

@@ -1,12 +1,9 @@
 import { sequence } from '@sveltejs/kit/hooks';
 import type { Handle } from '@sveltejs/kit';
-import { dev } from '$app/environment';
-import { logger } from './middleware/logger';
+import logger from './middleware/logger';
 
 const middleware: Handle[] = [];
 
-if (dev) {
-  middleware.push(logger);
-}
+middleware.push(logger());
 
 export const handle = sequence(...middleware);

src/hooks.server.ts

@@ -1,6 +1,6 @@
 import path from 'path';
-import fs from 'fs/promises';
 import simpleGit, { CheckRepoActions } from 'simple-git';
+import { fileExists } from '..';
 
 /** Returns the path to the data repository */
 export function getDataDir(): string {
@@ -20,15 +20,7 @@ export function getDataDir(): string {
  */
 export async function dataDirContainsData(): Promise<boolean> {
   const repoPath = getDataDir();
-
-  // Check for config.json
-  const configLocal = path.join(repoPath, 'config.json');
-  try {
-    await fs.access(configLocal, fs.constants.F_OK);
-  } catch {
-    return false;
-  }
-  return true;
+  return await fileExists(path.join(repoPath, 'config.json'));
 }
 
 /**
@@ -38,15 +30,7 @@ export async function dataDirContainsData(): Promise<boolean> {
  */
 export async function dataDirIsInit(): Promise<boolean> {
   const repoPath = getDataDir();
-
-  // Check for config.local.json
-  const configLocal = path.join(repoPath, 'config.local.json');
-  try {
-    await fs.access(configLocal, fs.constants.F_OK);
-  } catch {
-    return false;
-  }
-  return true;
+  return await fileExists(path.join(repoPath, 'config.local.json'));
 }
 
 /** Returns whether the data directory is backed by git */

src/lib/server/data/dataDir.ts

@@ -1,8 +1,17 @@
 import { error } from '@sveltejs/kit';
 import { dataDirContainsData, dataDirIsInit, getDataDir } from './data/dataDir';
 import simpleGit, { type FileStatusResult } from 'simple-git';
-import { appendFile, readdir } from 'fs/promises';
+import fs from 'fs/promises';
 import { rimraf } from 'rimraf';
+import { spawn } from 'child-process-promise';
+import os from 'os';
+import { fileExists } from '.';
+
+/** Path to SSH directory */
+const SSH_DIR = `${os.homedir()}/.ssh`;
+
+/** Path to the SSH known hosts file */
+const KNOWN_HOSTS_FILE = `${os.homedir()}/.ssh/known_hosts`;
 
 const DEFAULT_GITIGNORE = `
 config.local.json
@@ -26,6 +35,47 @@ export interface RepoStatus {
   changes: FileStatusResult[],
 }
 
+/** Returns whether the given URL requires SSH */
+export function urlRequiresSsh(url: string): boolean {
+  return (
+    url.includes('@')
+    && url.includes(':')
+  );
+}
+
+/**
+ * Run an ssh-keyscan command for the host at the given URL.
+ *
+ * Eg given URL "git@host.com:path/to/repo", we should extract:
+ *                   ^^^^^^^^
+ */
+export async function runSshKeyscan(url: string) {
+  // FIXME: This probably doesn't work in some cases
+  const host = url.split('@', 2)[1].split(':', 1)[0];
+
+  // mkdir -p ~/.ssh
+  await fs.mkdir(SSH_DIR).catch(() => { });
+
+  // Check if ~/.ssh/known_hosts already has this host in it
+  if (await fileExists(KNOWN_HOSTS_FILE)) {
+    const hostsContent = await fs.readFile(KNOWN_HOSTS_FILE, { encoding: 'utf-8' });
+    for (const line of hostsContent.split(/\r?\n/)) {
+      if (line.startsWith(`${host} `)) {
+        // Host is already known
+        return;
+      }
+    }
+  }
+
+  const process = await spawn('ssh-keyscan', [host], { capture: ['stdout'] });
+
+  console.log(process.stdout);
+  console.log(typeof process.stdout);
+
+  // Now add to ~/.ssh/known_hosts
+  await fs.appendFile(KNOWN_HOSTS_FILE, process.stdout, { encoding: 'utf-8' });
+}
+
 /** Return status info for repo */
 export async function getRepoStatus(): Promise<RepoStatus> {
   const repo = simpleGit(getDataDir());
@@ -63,14 +113,15 @@ export async function setupGitRepo(repo: string, branch: string | null) {
 
   try {
     await simpleGit().clone(repo, dir, options);
-  } catch (e) {
+  } catch (e: any) {
+    console.log(e);
     throw error(400, `${e}`);
   }
 
   // If there are files in the repo, we should validate that it is a proper
   // portfolio data repo.
   // Ignore .git, since it is included in empty repos too.
-  if ((await readdir(getDataDir())).find(f => f !== '.git')) {
+  if ((await fs.readdir(getDataDir())).find(f => f !== '.git')) {
     if (!await dataDirContainsData()) {
       // Clean up and delete repo before giving error
       await rimraf(getDataDir());
@@ -87,5 +138,8 @@ export async function setupGitRepo(repo: string, branch: string | null) {
 
 /** Set up a default gitignore */
 export async function setupGitignore() {
-  await appendFile(`${getDataDir()}/.gitignore`, DEFAULT_GITIGNORE, { encoding: 'utf-8' });
+  // TODO: Skip this step if the gitignore already ignores all contents
+  // probably worth finding a library to deal with this, since it is
+  // complicated
+  await fs.appendFile(`${getDataDir()}/.gitignore`, DEFAULT_GITIGNORE, { encoding: 'utf-8' });
 }

src/lib/server/git.ts

@@ -1 +1,9 @@
+import fs from 'fs/promises';
 export { getPortfolioGlobals, invalidatePortfolioGlobals, type PortfolioGlobals } from './data';
+
+/** Returns whether a file exists at the given path */
+export async function fileExists(path: string): Promise<boolean> {
+  return fs.access(path, fs.constants.F_OK)
+    .then(() => true)
+    .catch(() => false);
+}

src/lib/server/index.ts

@@ -1,3 +1,4 @@
+import { dev } from '$app/environment';
 import type { Handle } from '@sveltejs/kit';
 import chalk, { type ChalkInstance } from 'chalk';
 import Spinnies from 'spinnies';
@@ -79,7 +80,7 @@ function formatCompletedRequest(startTime: number, method: string, path: string,
  *
  * Adapted from: https://www.reddit.com/r/sveltejs/comments/xtbkpb
  */
-export const logger: Handle = async ({ event, resolve }) => {
+export const devLogger: Handle = async ({ event, resolve }) => {
   // Only use spinners if connected to a tty to avoid creating a needlessly
   // long log file
   const isTty = process.stdout.isTTY;
@@ -111,3 +112,22 @@ export const logger: Handle = async ({ event, resolve }) => {
   }
   return response;
 };
+
+
+export const productionLogger: Handle = async ({ event, resolve }) => {
+  const requestStartTime = Date.now();
+  const response = await resolve(event);
+  const responseString = [
+    new Date(requestStartTime).toISOString(),
+    event.request.method,
+    `${event.url.pathname}:`,
+    response.status,
+    `(${Date.now() - requestStartTime} ms)`
+  ].join(' ');
+  console.log(responseString);
+  return response;
+}
+
+export default function logger() {
+  return dev ? devLogger : productionLogger;
+}

src/middleware/logger.ts

@@ -103,7 +103,7 @@
         <h3>Don't want to use a git repo?</h3>
         <p>
           Using a git repo is a great idea if you want your data to be  safely
-          backed up. But if you're just testing ${consts.APP_NAME}, it's much
+          backed up. But if you're just testing {consts.APP_NAME}, it's much
           quicker to get started without a git repo.
         </p>
         <input type="submit" id="submit-no-git" value="I don't want to use git" />