Add SSH-key credentials

Author: codedmonkey

migrations/Version20250312233323.php

@@ -0,0 +1,26 @@
+<?php
+
+declare(strict_types=1);
+
+namespace DoctrineMigrations;
+
+use Doctrine\DBAL\Schema\Schema;
+use Doctrine\Migrations\AbstractMigration;
+
+final class Version20250312233323 extends AbstractMigration
+{
+    public function getDescription(): string
+    {
+        return '';
+    }
+
+    public function up(Schema $schema): void
+    {
+        $this->addSql('ALTER TABLE credentials ADD key TEXT DEFAULT NULL');
+    }
+
+    public function down(Schema $schema): void
+    {
+        $this->addSql('ALTER TABLE credentials DROP key');
+    }
+}

src/Composer/ComposerClient.php

@@ -2,18 +2,35 @@
 
 namespace CodedMonkey\Dirigent\Composer;
 
+use CodedMonkey\Dirigent\Doctrine\Entity\CredentialsType;
 use CodedMonkey\Dirigent\Doctrine\Entity\Package;
 use CodedMonkey\Dirigent\Doctrine\Entity\Registry;
 use Composer\Config;
 use Composer\Factory;
 use Composer\IO\IOInterface;
 use Composer\IO\NullIO;
+use Composer\Pcre\Preg;
 use Composer\Repository\ComposerRepository;
 use Composer\Repository\VcsRepository;
+use Composer\Util\Filesystem as ComposerFilesystem;
+use Composer\Util\Git as GitUtility;
 use Composer\Util\HttpDownloader;
+use Composer\Util\ProcessExecutor;
+use Composer\Util\Url;
+use Symfony\Component\DependencyInjection\Attribute\Autowire;
+use Symfony\Component\Filesystem\Filesystem;
 
-class ComposerClient
+readonly class ComposerClient
 {
+    private Filesystem $filesystem;
+
+    public function __construct(
+        #[Autowire(param: 'dirigent.storage.path')]
+        private string $storagePath,
+    ) {
+        $this->filesystem = new Filesystem();
+    }
+
     public function createComposerRepository(Package|Registry $registry, ?IOInterface $io = null, ?Config $config = null): ComposerRepository
     {
         $registry = $registry instanceof Package ? $registry->getMirrorRegistry() : $registry;
@@ -30,16 +47,42 @@ public function createComposerRepository(Package|Registry $registry, ?IOInterfac
 
     public function createVcsRepository(Package $package, ?IOInterface $io = null, ?Config $config = null): VcsRepository
     {
-        $repoUrl = $package->getRepositoryUrl();
+        $repositoryUrl = $package->getRepositoryUrl();
+        $repositoryCredentials = $package->getRepositoryCredentials();
 
-        $config ??= ConfigFactory::createForVcsRepository($repoUrl, $package->getRepositoryCredentials());
+        $config ??= ConfigFactory::createForVcsRepository($repositoryUrl, $repositoryCredentials);
         if (!$io) {
             $io = new NullIO();
             $io->loadConfiguration($config);
         }
         $httpDownloader = $this->createHttpDownloader($io, $config);
 
-        return new VcsRepository(['url' => $repoUrl], $io, $config, $httpDownloader);
+        $cacheRepositoryName = Preg::replace('{[^a-z0-9.]}i', '-', Url::sanitize($repositoryUrl));
+        $cachePath = $config->get('cache-vcs-dir') . '/' . $cacheRepositoryName . '/';
+
+        if (CredentialsType::SshKey === $repositoryCredentials->getType() && !$this->filesystem->exists($cachePath)) {
+            $gitUtility = new GitUtility(
+                $io,
+                $config,
+                $process = new ProcessExecutor($io),
+                new ComposerFilesystem($process),
+            );
+
+            $keyPath = "$this->storagePath/keys/$cacheRepositoryName";
+
+            $this->filesystem->mkdir(dirname($keyPath));
+            $this->filesystem->dumpFile($keyPath, str_replace("\r", '', $repositoryCredentials->getKey() . PHP_EOL));
+            $this->filesystem->chmod($keyPath, 0400);
+
+            $gitConfig = sprintf('core.sshCommand="/usr/bin/ssh -i %s"', $keyPath);
+            $gitUtility->runCommands([
+                ['git', 'clone', '-c', $gitConfig, '--mirror', '%url%', $cachePath],
+            ], $repositoryUrl, $cachePath, true, $lol);
+
+            dd($lol);
+        }
+
+        return new VcsRepository(['url' => $repositoryUrl], $io, $config, $httpDownloader);
     }
 
     public function createHttpDownloader(?IOInterface $io = null, ?Config $config = null): HttpDownloader

src/Controller/Dashboard/DashboardCredentialsController.php

@@ -47,5 +47,8 @@ public function configureFields(string $pageName): iterable
         yield TextField::new('token')
             ->setFormTypeOption('row_attr', ['data-credentials-field' => 'token'])
             ->onlyOnForms();
+        yield TextareaField::new('key')
+            ->setFormTypeOption('row_attr', ['data-credentials-field' => 'key'])
+            ->onlyOnForms();
     }
 }

src/Doctrine/Entity/Credentials.php

@@ -32,6 +32,9 @@ class Credentials
     #[ORM\Column(nullable: true)]
     private ?string $token = null;
 
+    #[ORM\Column(type: EncryptedTextType::TYPE, nullable: true)]
+    private ?string $key = null;
+
     public function getId(): ?int
     {
         return $this->id;
@@ -101,4 +104,14 @@ public function setToken(?string $token): void
     {
         $this->token = $token;
     }
+
+    public function getKey(): ?string
+    {
+        return $this->key;
+    }
+
+    public function setKey(?string $key): void
+    {
+        $this->key = $key;
+    }
 }

src/Doctrine/Entity/CredentialsType.php

@@ -8,4 +8,5 @@ enum CredentialsType: string
     case GithubOauthToken = 'github-oauth';
     case GitlabDeployToken = 'gitlab-dt';
     case GitlabPersonalAccessToken = 'gitlab-pat';
+    case SshKey = 'ssh-key';
 }

src/Package/PackageVcsRepositoryValidator.php

@@ -68,6 +68,7 @@ public function validate(Package $package): array
 
             return $result;
         } catch (\Exception $e) {
+            throw $e;
             return ['error' => '[' . $e::class . '] ' . $e->getMessage()];
         }
     }

templates/dashboard/credentials/js_assets.html.twig

@@ -3,6 +3,7 @@
     const usernameFieldRow = document.querySelector('[data-credentials-field="username"]');
     const passwordFieldRow = document.querySelector('[data-credentials-field="password"]');
     const tokenFieldRow = document.querySelector('[data-credentials-field="token"]');
+    const keyFieldRow = document.querySelector('[data-credentials-field="key"]');
 
     const initalType = document.querySelector('[name="Credentials[type]"]:checked')?.value ?? null;
     if (initalType) {
@@ -20,22 +21,32 @@
         usernameFieldRow.style.display = null;
         passwordFieldRow.style.display = null;
         tokenFieldRow.style.display = 'none';
+        keyFieldRow.style.display = 'none';
       } else if (type === 'github-oauth') {
         usernameFieldRow.style.display = 'none';
         passwordFieldRow.style.display = 'none';
         tokenFieldRow.style.display = null;
+        keyFieldRow.style.display = 'none';
       } else if (type === 'gitlab-dt') {
         usernameFieldRow.style.display = null;
         passwordFieldRow.style.display = 'none';
         tokenFieldRow.style.display = null;
+        keyFieldRow.style.display = 'none';
       } else if (type === 'gitlab-pat') {
         usernameFieldRow.style.display = 'none';
         passwordFieldRow.style.display = 'none';
         tokenFieldRow.style.display = null;
+        keyFieldRow.style.display = 'none';
+      } else if (type === 'ssh-key') {
+        usernameFieldRow.style.display = 'none';
+        passwordFieldRow.style.display = 'none';
+        tokenFieldRow.style.display = 'none';
+        keyFieldRow.style.display = null;
       } else {
         usernameFieldRow.style.display = null;
         passwordFieldRow.style.display = null;
         tokenFieldRow.style.display = null;
+        keyFieldRow.style.display = null;
       }
     }
   }