Add SSH-key credentials

Author: codedmonkey

migrations/Version20250312233323.php

@@ -0,0 +1,26 @@
+<?php
+
+declare(strict_types=1);
+
+namespace DoctrineMigrations;
+
+use Doctrine\DBAL\Schema\Schema;
+use Doctrine\Migrations\AbstractMigration;
+
+final class Version20250312233323 extends AbstractMigration
+{
+    public function getDescription(): string
+    {
+        return '';
+    }
+
+    public function up(Schema $schema): void
+    {
+        $this->addSql('ALTER TABLE credentials ADD key TEXT DEFAULT NULL');
+    }
+
+    public function down(Schema $schema): void
+    {
+        $this->addSql('ALTER TABLE credentials DROP key');
+    }
+}

src/Composer/ComposerClient.php

@@ -2,18 +2,37 @@
 
 namespace CodedMonkey\Dirigent\Composer;
 
+use CodedMonkey\Dirigent\Doctrine\Entity\CredentialsType;
 use CodedMonkey\Dirigent\Doctrine\Entity\Package;
 use CodedMonkey\Dirigent\Doctrine\Entity\Registry;
 use Composer\Config;
 use Composer\Factory;
 use Composer\IO\IOInterface;
 use Composer\IO\NullIO;
+use Composer\Pcre\Preg;
 use Composer\Repository\ComposerRepository;
 use Composer\Repository\VcsRepository;
 use Composer\Util\HttpDownloader;
+use Composer\Util\Url;
+use Symfony\Component\DependencyInjection\Attribute\Autowire;
+use Symfony\Component\Filesystem\Filesystem;
 
-class ComposerClient
+// use Composer\Util\Filesystem as ComposerFilesystem;
+// use Composer\Util\Git as GitUtility;
+// use Composer\Util\ProcessExecutor;
+// use Symfony\Component\Process\Process;
+
+readonly class ComposerClient
 {
+    private Filesystem $filesystem;
+
+    public function __construct(
+        #[Autowire(param: 'dirigent.storage.path')]
+        private string $storagePath,
+    ) {
+        $this->filesystem = new Filesystem();
+    }
+
     public function createComposerRepository(Package|Registry $registry, ?IOInterface $io = null, ?Config $config = null): ComposerRepository
     {
         $registry = $registry instanceof Package ? $registry->getMirrorRegistry() : $registry;
@@ -30,16 +49,24 @@ public function createComposerRepository(Package|Registry $registry, ?IOInterfac
 
     public function createVcsRepository(Package $package, ?IOInterface $io = null, ?Config $config = null): VcsRepository
     {
-        $repoUrl = $package->getRepositoryUrl();
+        $repositoryUrl = $package->getRepositoryUrl();
+        $repositoryCredentials = $package->getRepositoryCredentials();
 
-        $config ??= ConfigFactory::createForVcsRepository($repoUrl, $package->getRepositoryCredentials());
+        $config ??= ConfigFactory::createForVcsRepository($repositoryUrl, $repositoryCredentials);
         if (!$io) {
             $io = new NullIO();
             $io->loadConfiguration($config);
         }
         $httpDownloader = $this->createHttpDownloader($io, $config);
 
-        return new VcsRepository(['url' => $repoUrl], $io, $config, $httpDownloader);
+        $cacheRepositoryName = Preg::replace('{[^a-z0-9.]}i', '-', Url::sanitize($repositoryUrl));
+        $cachePath = $config->get('cache-vcs-dir') . '/' . $cacheRepositoryName . '/';
+
+        if (CredentialsType::SshKey === $repositoryCredentials->getType() && !$this->filesystem->exists($cachePath)) {
+            $this->cloneAuthenticatedVcsRepository($package, $cachePath);
+        }
+
+        return new VcsRepository(['url' => $repositoryUrl], $io, $config, $httpDownloader);
     }
 
     public function createHttpDownloader(?IOInterface $io = null, ?Config $config = null): HttpDownloader
@@ -60,4 +87,80 @@ public static function getHttpDownloaderOptions(): array
 
         return $options;
     }
+
+    private function cloneAuthenticatedVcsRepository(Package $package, string $cachePath): void
+    {
+        $repositoryUrl = $package->getRepositoryUrl();
+        $repositoryCredentials = $package->getRepositoryCredentials();
+
+        $cacheRepositoryName = Preg::replace('{[^a-z0-9.]}i', '-', Url::sanitize($repositoryUrl));
+        $keyPath = "$this->storagePath/keys/$cacheRepositoryName";
+
+        // todo delete key file after every use
+        $this->filesystem->mkdir(dirname($keyPath));
+        $this->filesystem->dumpFile($keyPath, str_replace("\r", '', $repositoryCredentials->getKey() . PHP_EOL));
+        $this->filesystem->chmod($keyPath, 0400);
+
+        $nullStream = fopen('/dev/null', 'c');
+        $descriptorSpec = [
+            ['pipe', 'r'],
+            $nullStream,
+            $nullStream,
+        ];
+
+        $gitConfig = sprintf('core.sshcommand="ssh -i %s"', $keyPath);
+        // todo improve error handling
+        proc_open("git clone -c $gitConfig --mirror -- $repositoryUrl $cachePath", $descriptorSpec, $pipes);
+
+        /*
+        // Concepts to clone with libraries
+
+        $gitUtility = new GitUtility(
+            $io,
+            $config,
+            $process = new ProcessExecutor($io),
+            new ComposerFilesystem($process),
+        );
+
+        // The following commands give the following output:
+        //
+        // ssh -i <key-file>: No such file or directory
+        // fatal: Could not read from remote repository.
+        //
+        // This is caused by Symfony Process enclosing each argument with ' which messes with
+        // git using the proper ssh command (I guess).
+
+        $gitUtility->runCommands([
+            ['git', 'clone', '-c', $gitConfig, '--mirror', '--', '%url%', $cachePath],
+        ], $repositoryUrl, $cachePath, true, $lol);
+
+        $process = new Process(['git', 'clone', '-c', $gitConfig, '--mirror', $repositoryUrl, $cachePath]);
+        $process->mustRun();
+
+        // The following code is an attempt to clone by initializing an empty
+        // repository and adding the ssh command and remote afterward. Unfortunately
+        // this doesn't mirror all branches like `git clone --mirror` does, which
+        // Composer doesn't handle correctly.
+
+        $mirrorCachePath = $config->get('cache-vcs-dir') . '/' . $cacheRepositoryName . '~mirror/';
+        $this->filesystem->mkdir($mirrorCachePath);
+
+        $gitUtility->runCommands([
+            ['git', 'init'],
+            ['git', 'config', 'core.sshCommand', "ssh -i $keyPath"],
+            ['git', 'remote', 'add', 'origin', '--', '%url%'],
+            ['git', 'remote', 'update', '--prune', 'origin'],
+            ['git', 'remote', 'set-url', 'origin', '--', '%sanitizedUrl%'],
+            ['git', 'gc', '--auto'],
+        ], $repositoryUrl, $mirrorCachePath);
+
+        $this->filesystem->rename("$mirrorCachePath/.git", $cachePath);
+
+        $gitUtility->runCommands([
+            ['git', 'config', 'core.bare', 'true'],
+        ], $repositoryUrl, $cachePath);
+
+        $this->filesystem->remove($mirrorCachePath);
+        */
+    }
 }

src/Controller/Dashboard/DashboardCredentialsController.php

@@ -47,5 +47,8 @@ public function configureFields(string $pageName): iterable
         yield TextField::new('token')
             ->setFormTypeOption('row_attr', ['data-credentials-field' => 'token'])
             ->onlyOnForms();
+        yield TextareaField::new('key')
+            ->setFormTypeOption('row_attr', ['data-credentials-field' => 'key'])
+            ->onlyOnForms();
     }
 }

src/Doctrine/Entity/Credentials.php

@@ -32,6 +32,9 @@ class Credentials
     #[ORM\Column(nullable: true)]
     private ?string $token = null;
 
+    #[ORM\Column(type: Types::TEXT, nullable: true)]
+    private ?string $key = null;
+
     public function getId(): ?int
     {
         return $this->id;
@@ -101,4 +104,14 @@ public function setToken(?string $token): void
     {
         $this->token = $token;
     }
+
+    public function getKey(): ?string
+    {
+        return $this->key;
+    }
+
+    public function setKey(?string $key): void
+    {
+        $this->key = $key;
+    }
 }

src/Doctrine/Entity/CredentialsType.php

@@ -8,4 +8,5 @@ enum CredentialsType: string
     case GithubOauthToken = 'github-oauth';
     case GitlabDeployToken = 'gitlab-dt';
     case GitlabPersonalAccessToken = 'gitlab-pat';
+    case SshKey = 'ssh-key';
 }

templates/dashboard/credentials/js_assets.html.twig

@@ -3,6 +3,7 @@
     const usernameFieldRow = document.querySelector('[data-credentials-field="username"]');
     const passwordFieldRow = document.querySelector('[data-credentials-field="password"]');
     const tokenFieldRow = document.querySelector('[data-credentials-field="token"]');
+    const keyFieldRow = document.querySelector('[data-credentials-field="key"]');
 
     const initalType = document.querySelector('[name="Credentials[type]"]:checked')?.value ?? null;
     if (initalType) {
@@ -20,22 +21,32 @@
         usernameFieldRow.style.display = null;
         passwordFieldRow.style.display = null;
         tokenFieldRow.style.display = 'none';
+        keyFieldRow.style.display = 'none';
       } else if (type === 'github-oauth') {
         usernameFieldRow.style.display = 'none';
         passwordFieldRow.style.display = 'none';
         tokenFieldRow.style.display = null;
+        keyFieldRow.style.display = 'none';
       } else if (type === 'gitlab-dt') {
         usernameFieldRow.style.display = null;
         passwordFieldRow.style.display = 'none';
         tokenFieldRow.style.display = null;
+        keyFieldRow.style.display = 'none';
       } else if (type === 'gitlab-pat') {
         usernameFieldRow.style.display = 'none';
         passwordFieldRow.style.display = 'none';
         tokenFieldRow.style.display = null;
+        keyFieldRow.style.display = 'none';
+      } else if (type === 'ssh-key') {
+        usernameFieldRow.style.display = 'none';
+        passwordFieldRow.style.display = 'none';
+        tokenFieldRow.style.display = 'none';
+        keyFieldRow.style.display = null;
       } else {
         usernameFieldRow.style.display = null;
         passwordFieldRow.style.display = null;
         tokenFieldRow.style.display = null;
+        keyFieldRow.style.display = null;
       }
     }
   }