Merge branch 'main' of https://github.com/Infisical/infisical into chore/unify-license-key

Author: gupta-piyush19

backend/package-lock.json

@@ -110,6 +110,7 @@
     "@types/resolve": "^1.20.6",
     "@types/safe-regex": "^1.1.6",
     "@types/sjcl": "^1.0.34",
+    "@types/ssh2": "^1.15.5",
     "@types/uuid": "^9.0.7",
     "@typescript-eslint/eslint-plugin": "^6.20.0",
     "@typescript-eslint/parser": "^6.20.0",
@@ -257,6 +258,7 @@
     "sjcl": "^1.0.8",
     "smee-client": "^2.0.0",
     "snowflake-sdk": "^1.14.0",
+    "ssh2": "^1.17.0",
     "tedious": "^18.2.1",
     "tweetnacl": "^1.0.3",
     "tweetnacl-util": "^0.15.1",

backend/package.json

@@ -9,6 +9,11 @@ import {
   SanitizedPostgresAccountWithResourceSchema,
   UpdatePostgresAccountSchema
 } from "@app/ee/services/pam-resource/postgres/postgres-resource-schemas";
+import {
+  CreateSSHAccountSchema,
+  SanitizedSSHAccountWithResourceSchema,
+  UpdateSSHAccountSchema
+} from "@app/ee/services/pam-resource/ssh/ssh-resource-schemas";
 
 import { registerPamResourceEndpoints } from "./pam-account-endpoints";
 
@@ -30,5 +35,14 @@ export const PAM_ACCOUNT_REGISTER_ROUTER_MAP: Record<PamResource, (server: Fasti
       createAccountSchema: CreateMySQLAccountSchema,
       updateAccountSchema: UpdateMySQLAccountSchema
     });
+  },
+  [PamResource.SSH]: async (server: FastifyZodProvider) => {
+    registerPamResourceEndpoints({
+      server,
+      resourceType: PamResource.SSH,
+      accountResponseSchema: SanitizedSSHAccountWithResourceSchema,
+      createAccountSchema: CreateSSHAccountSchema,
+      updateAccountSchema: UpdateSSHAccountSchema
+    });
   }
 };

backend/src/ee/routes/v1/pam-account-routers/index.ts

@@ -2,16 +2,21 @@ import { z } from "zod";
 
 import { PamFoldersSchema } from "@app/db/schemas";
 import { EventType } from "@app/ee/services/audit-log/audit-log-types";
+import { PamAccountOrderBy, PamAccountView } from "@app/ee/services/pam-account/pam-account-enums";
 import { SanitizedMySQLAccountWithResourceSchema } from "@app/ee/services/pam-resource/mysql/mysql-resource-schemas";
 import { PamResource } from "@app/ee/services/pam-resource/pam-resource-enums";
 import { SanitizedPostgresAccountWithResourceSchema } from "@app/ee/services/pam-resource/postgres/postgres-resource-schemas";
+import { SanitizedSSHAccountWithResourceSchema } from "@app/ee/services/pam-resource/ssh/ssh-resource-schemas";
 import { BadRequestError } from "@app/lib/errors";
+import { removeTrailingSlash } from "@app/lib/fn";
 import { ms } from "@app/lib/ms";
+import { OrderByDirection } from "@app/lib/types";
 import { readLimit, writeLimit } from "@app/server/config/rateLimiter";
 import { verifyAuth } from "@app/server/plugins/auth/verify-auth";
 import { AuthMode } from "@app/services/auth/auth-type";
 
 const SanitizedAccountSchema = z.union([
+  SanitizedSSHAccountWithResourceSchema, // ORDER MATTERS
   SanitizedPostgresAccountWithResourceSchema,
   SanitizedMySQLAccountWithResourceSchema
 ]);
@@ -26,33 +31,69 @@ export const registerPamAccountRouter = async (server: FastifyZodProvider) => {
     schema: {
       description: "List PAM accounts",
       querystring: z.object({
-        projectId: z.string().uuid()
+        projectId: z.string().uuid(),
+        accountPath: z.string().trim().default("/").transform(removeTrailingSlash),
+        accountView: z.nativeEnum(PamAccountView).default(PamAccountView.Flat),
+        offset: z.coerce.number().min(0).default(0),
+        limit: z.coerce.number().min(1).max(100).default(100),
+        orderBy: z.nativeEnum(PamAccountOrderBy).default(PamAccountOrderBy.Name),
+        orderDirection: z.nativeEnum(OrderByDirection).default(OrderByDirection.ASC),
+        search: z.string().trim().optional(),
+        filterResourceIds: z
+          .string()
+          .transform((val) =>
+            val
+              .split(",")
+              .map((s) => s.trim())
+              .filter(Boolean)
+          )
+          .optional()
       }),
       response: {
         200: z.object({
           accounts: SanitizedAccountSchema.array(),
-          folders: PamFoldersSchema.array()
+          folders: PamFoldersSchema.array(),
+          totalCount: z.number().default(0),
+          folderId: z.string().optional(),
+          folderPaths: z.record(z.string(), z.string())
         })
       }
     },
     onRequest: verifyAuth([AuthMode.JWT]),
     handler: async (req) => {
-      const response = await server.services.pamAccount.list(req.query.projectId, req.permission);
+      const { projectId, accountPath, accountView, limit, offset, search, orderBy, orderDirection, filterResourceIds } =
+        req.query;
+
+      const { accounts, folders, totalCount, folderId, folderPaths } = await server.services.pamAccount.list({
+        actorId: req.permission.id,
+        actor: req.permission.type,
+        actorAuthMethod: req.permission.authMethod,
+        actorOrgId: req.permission.orgId,
+        projectId,
+        accountPath,
+        accountView,
+        limit,
+        offset,
+        search,
+        orderBy,
+        orderDirection,
+        filterResourceIds
+      });
 
       await server.services.auditLog.createAuditLog({
         ...req.auditLogInfo,
         orgId: req.permission.orgId,
-        projectId: req.query.projectId,
+        projectId,
         event: {
           type: EventType.PAM_ACCOUNT_LIST,
           metadata: {
-            accountCount: response.accounts.length,
-            folderCount: response.folders.length
+            accountCount: accounts.length,
+            folderCount: folders.length
           }
         }
       });
 
-      return response;
+      return { accounts, folders, totalCount, folderId, folderPaths };
     }
   });
 
@@ -93,7 +134,7 @@ export const registerPamAccountRouter = async (server: FastifyZodProvider) => {
           gatewayClientPrivateKey: z.string(),
           gatewayServerCertificateChain: z.string(),
           relayHost: z.string(),
-          metadata: z.record(z.string(), z.string()).optional()
+          metadata: z.record(z.string(), z.string().optional()).optional()
         })
       }
     },

backend/src/ee/routes/v1/pam-account-routers/pam-account-router.ts

@@ -9,6 +9,11 @@ import {
   SanitizedPostgresResourceSchema,
   UpdatePostgresResourceSchema
 } from "@app/ee/services/pam-resource/postgres/postgres-resource-schemas";
+import {
+  CreateSSHResourceSchema,
+  SanitizedSSHResourceSchema,
+  UpdateSSHResourceSchema
+} from "@app/ee/services/pam-resource/ssh/ssh-resource-schemas";
 
 import { registerPamResourceEndpoints } from "./pam-resource-endpoints";
 
@@ -30,5 +35,14 @@ export const PAM_RESOURCE_REGISTER_ROUTER_MAP: Record<PamResource, (server: Fast
       createResourceSchema: CreateMySQLResourceSchema,
       updateResourceSchema: UpdateMySQLResourceSchema
     });
+  },
+  [PamResource.SSH]: async (server: FastifyZodProvider) => {
+    registerPamResourceEndpoints({
+      server,
+      resourceType: PamResource.SSH,
+      resourceResponseSchema: SanitizedSSHResourceSchema,
+      createResourceSchema: CreateSSHResourceSchema,
+      updateResourceSchema: UpdateSSHResourceSchema
+    });
   }
 };

backend/src/ee/routes/v1/pam-resource-routers/index.ts

@@ -5,19 +5,30 @@ import {
   MySQLResourceListItemSchema,
   SanitizedMySQLResourceSchema
 } from "@app/ee/services/pam-resource/mysql/mysql-resource-schemas";
+import { PamResourceOrderBy } from "@app/ee/services/pam-resource/pam-resource-enums";
 import {
   PostgresResourceListItemSchema,
   SanitizedPostgresResourceSchema
 } from "@app/ee/services/pam-resource/postgres/postgres-resource-schemas";
+import {
+  SanitizedSSHResourceSchema,
+  SSHResourceListItemSchema
+} from "@app/ee/services/pam-resource/ssh/ssh-resource-schemas";
+import { OrderByDirection } from "@app/lib/types";
 import { readLimit } from "@app/server/config/rateLimiter";
 import { verifyAuth } from "@app/server/plugins/auth/verify-auth";
 import { AuthMode } from "@app/services/auth/auth-type";
 
-const SanitizedResourceSchema = z.union([SanitizedPostgresResourceSchema, SanitizedMySQLResourceSchema]);
+const SanitizedResourceSchema = z.union([
+  SanitizedPostgresResourceSchema,
+  SanitizedMySQLResourceSchema,
+  SanitizedSSHResourceSchema
+]);
 
 const ResourceOptionsSchema = z.discriminatedUnion("resource", [
   PostgresResourceListItemSchema,
-  MySQLResourceListItemSchema
+  MySQLResourceListItemSchema,
+  SSHResourceListItemSchema
 ]);
 
 export const registerPamResourceRouter = async (server: FastifyZodProvider) => {
@@ -52,17 +63,46 @@ export const registerPamResourceRouter = async (server: FastifyZodProvider) => {
     schema: {
       description: "List PAM resources",
       querystring: z.object({
-        projectId: z.string().uuid()
+        projectId: z.string().uuid(),
+        offset: z.coerce.number().min(0).default(0),
+        limit: z.coerce.number().min(1).max(100).default(100),
+        orderBy: z.nativeEnum(PamResourceOrderBy).default(PamResourceOrderBy.Name),
+        orderDirection: z.nativeEnum(OrderByDirection).default(OrderByDirection.ASC),
+        search: z.string().trim().optional(),
+        filterResourceTypes: z
+          .string()
+          .transform((val) =>
+            val
+              .split(",")
+              .map((s) => s.trim())
+              .filter(Boolean)
+          )
+          .optional()
       }),
       response: {
         200: z.object({
-          resources: SanitizedResourceSchema.array()
+          resources: SanitizedResourceSchema.array(),
+          totalCount: z.number().default(0)
         })
       }
     },
     onRequest: verifyAuth([AuthMode.JWT]),
     handler: async (req) => {
-      const response = await server.services.pamResource.list(req.query.projectId, req.permission);
+      const { projectId, limit, offset, search, orderBy, orderDirection, filterResourceTypes } = req.query;
+
+      const { resources, totalCount } = await server.services.pamResource.list({
+        actorId: req.permission.id,
+        actor: req.permission.type,
+        actorAuthMethod: req.permission.authMethod,
+        actorOrgId: req.permission.orgId,
+        projectId,
+        limit,
+        offset,
+        search,
+        orderBy,
+        orderDirection,
+        filterResourceTypes
+      });
 
       await server.services.auditLog.createAuditLog({
         ...req.auditLogInfo,
@@ -71,12 +111,12 @@ export const registerPamResourceRouter = async (server: FastifyZodProvider) => {
         event: {
           type: EventType.PAM_RESOURCE_LIST,
           metadata: {
-            count: response.resources.length
+            count: resources.length
           }
         }
       });
 
-      return response;
+      return { resources, totalCount };
     }
   });
 };