feat: sftp 备份账号支持密钥添加 (#6677)

2025-01-19 08:19:15 +08:00 · 2024-10-10 18:11:51 +08:00 · 2024-10-10 18:11:51 +08:00 · d027a9a2ba
commit d027a9a2ba
parent b6aac773ea
4 changed files with 66 additions and 6 deletions
--- a/agent/utils/cloud_storage/client/sftp.go
+++ b/agent/utils/cloud_storage/client/sftp.go
@ -25,11 +25,28 @@ func NewSftpClient(vars map[string]interface{}) (*sftpClient, error) {
 	if len(port) == 0 {
 		global.LOG.Errorf("load param port from vars failed, err: not exist!")
 	}
-	password := loadParamFromVars("password", vars)
+	authMode := loadParamFromVars("authMode", vars)
+	passPhrase := loadParamFromVars("passPhrase", vars)
 	username := loadParamFromVars("username", vars)
+	password := loadParamFromVars("password", vars)
 	bucket := loadParamFromVars("bucket", vars)

-	auth := []ssh.AuthMethod{ssh.Password(password)}
+	var auth []ssh.AuthMethod
+	if authMode == "key" {
+		var signer ssh.Signer
+		var err error
+		if len(passPhrase) != 0 {
+			signer, err = ssh.ParsePrivateKeyWithPassphrase([]byte(password), []byte(passPhrase))
+		} else {
+			signer, err = ssh.ParsePrivateKey([]byte(password))
+		}
+		if err != nil {
+			return nil, err
+		}
+		auth = []ssh.AuthMethod{ssh.PublicKeys(signer)}
+	} else {
+		auth = []ssh.AuthMethod{ssh.Password(password)}
+	}
 	clientConfig := &ssh.ClientConfig{
 		User:    username,
 		Auth:    auth,
--- a/core/app/service/backup.go
+++ b/core/app/service/backup.go
@ -142,6 +142,15 @@ func (u *BackupService) SearchWithPage(req dto.SearchPageWithType) (int64, inter
 		if !item.RememberAuth {
 			item.AccessKey = ""
 			item.Credential = ""
+			if account.Type == constant.Sftp {
+				varMap := make(map[string]interface{})
+				if err := json.Unmarshal([]byte(item.Vars), &varMap); err != nil {
+					continue
+				}
+				delete(varMap, "passPhrase")
+				itemVars, _ := json.Marshal(varMap)
+				item.Vars = string(itemVars)
+			}
 		} else {
 			item.AccessKey = base64.StdEncoding.EncodeToString([]byte(item.AccessKey))
 			item.Credential = base64.StdEncoding.EncodeToString([]byte(item.Credential))
--- a/core/utils/cloud_storage/client/sftp.go
+++ b/core/utils/cloud_storage/client/sftp.go
@ -26,17 +26,23 @@ func NewSftpClient(vars map[string]interface{}) (*sftpClient, error) {
 		global.LOG.Errorf("load param port from vars failed, err: not exist!")
 	}
 	authMode := loadParamFromVars("authMode", vars)
-	privateKey := loadParamFromVars("privateKey", vars)
+	passPhrase := loadParamFromVars("passPhrase", vars)
 	password := loadParamFromVars("password", vars)
 	bucket := loadParamFromVars("bucket", vars)

 	var auth []ssh.AuthMethod
 	if authMode == "key" {
-		itemPrivateKey, err := ssh.ParsePrivateKey([]byte(privateKey))
+		var signer ssh.Signer
+		var err error
+		if len(passPhrase) != 0 {
+			signer, err = ssh.ParsePrivateKeyWithPassphrase([]byte(password), []byte(passPhrase))
+		} else {
+			signer, err = ssh.ParsePrivateKey([]byte(password))
+		}
 		if err != nil {
 			return nil, err
 		}
-		auth = []ssh.AuthMethod{ssh.PublicKeys(itemPrivateKey)}
+		auth = []ssh.AuthMethod{ssh.PublicKeys(signer)}
 	} else {
 		auth = []ssh.AuthMethod{ssh.Password(password)}
 	}
--- a/frontend/src/views/setting/backup-account/operate/index.vue
+++ b/frontend/src/views/setting/backup-account/operate/index.vue
@ -55,7 +55,34 @@
                <el-form-item :label="$t('commons.login.username')" prop="accessKey" :rules="[Rules.requiredInput]">
                    <el-input v-model.trim="dialogData.rowData!.accessKey" />
                </el-form-item>
-                <el-form-item :label="$t('commons.login.password')" prop="credential" :rules="[Rules.requiredInput]">
+
+                <div v-if="dialogData.rowData!.type === 'SFTP'">
+                    <el-form-item :label="$t('terminal.authMode')" prop="varsJson.authMode">
+                        <el-radio-group v-model="dialogData.rowData!.varsJson['authMode']">
+                            <el-radio value="password">{{ $t('terminal.passwordMode') }}</el-radio>
+                            <el-radio value="key">{{ $t('terminal.keyMode') }}</el-radio>
+                        </el-radio-group>
+                    </el-form-item>
+                </div>
+                <div v-if="dialogData.rowData!.type === 'SFTP' && dialogData.rowData!.varsJson['authMode'] === 'key'">
+                    <el-form-item :label="$t('terminal.key')" prop="credential" :rules="[Rules.requiredInput]">
+                        <el-input type="textarea" v-model="dialogData.rowData!.credential" />
+                    </el-form-item>
+                    <el-form-item :label="$t('terminal.keyPassword')" prop="varsJson.passPhrase">
+                        <el-input
+                            type="password"
+                            show-password
+                            clearable
+                            v-model="dialogData.rowData!.varsJson['passPhrase']"
+                        />
+                    </el-form-item>
+                </div>
+                <el-form-item
+                    v-else
+                    :label="$t('commons.login.password')"
+                    prop="credential"
+                    :rules="[Rules.requiredInput]"
+                >
                    <el-input type="password" clearable show-password v-model.trim="dialogData.rowData!.credential" />
                </el-form-item>
            </div>
@ -437,6 +464,7 @@ const changeType = async () => {
            }
        case 'SFTP':
            dialogData.value.rowData.varsJson['port'] = 22;
+            dialogData.value.rowData.varsJson['authMode'] = 'password';
    }
 };
 const changeFrom = () => {