wip(api,ssh): private keys and sessions

Author: heiytor

api/routes/device.go

@@ -5,7 +5,6 @@ import (
 	"strconv"
 
 	"github.com/shellhub-io/shellhub/api/pkg/gateway"
-	"github.com/shellhub-io/shellhub/pkg/api/query"
 	"github.com/shellhub-io/shellhub/pkg/api/requests"
 	"github.com/shellhub-io/shellhub/pkg/models"
 )
@@ -44,45 +43,45 @@ func (h *Handler) GetDeviceList(c gateway.Context) error {
 		return err
 	}
 
-	if c.QueryParam("connector") != "" {
-		filter := []query.Filter{
-			{
-				Type: query.FilterTypeProperty,
-				Params: &query.FilterProperty{
-					Name:     "info.platform",
-					Operator: "eq",
-					Value:    "connector",
-				},
-			},
-			{
-				Type: query.FilterTypeOperator,
-				Params: &query.FilterOperator{
-					Name: "and",
-				},
-			},
-		}
-
-		req.Filters.Data = append(req.Filters.Data, filter...)
-	} else {
-		filter := []query.Filter{
-			{
-				Type: query.FilterTypeProperty,
-				Params: &query.FilterProperty{
-					Name:     "info.platform",
-					Operator: "ne",
-					Value:    "connector",
-				},
-			},
-			{
-				Type: query.FilterTypeOperator,
-				Params: &query.FilterOperator{
-					Name: "and",
-				},
-			},
-		}
-
-		req.Filters.Data = append(req.Filters.Data, filter...)
-	}
+	// if c.QueryParam("connector") != "" {
+	// 	filter := []query.Filter{
+	// 		{
+	// 			Type: query.FilterTypeProperty,
+	// 			Params: &query.FilterProperty{
+	// 				Name:     "info.platform",
+	// 				Operator: "eq",
+	// 				Value:    "connector",
+	// 			},
+	// 		},
+	// 		{
+	// 			Type: query.FilterTypeOperator,
+	// 			Params: &query.FilterOperator{
+	// 				Name: "and",
+	// 			},
+	// 		},
+	// 	}
+	//
+	// 	req.Filters.Data = append(req.Filters.Data, filter...)
+	// } else {
+	// 	filter := []query.Filter{
+	// 		{
+	// 			Type: query.FilterTypeProperty,
+	// 			Params: &query.FilterProperty{
+	// 				Name:     "info.platform",
+	// 				Operator: "ne",
+	// 				Value:    "connector",
+	// 			},
+	// 		},
+	// 		{
+	// 			Type: query.FilterTypeOperator,
+	// 			Params: &query.FilterOperator{
+	// 				Name: "and",
+	// 			},
+	// 		},
+	// 	}
+	//
+	// 	req.Filters.Data = append(req.Filters.Data, filter...)
+	// }
 
 	if err := c.Validate(req); err != nil {
 		return err

api/routes/session.go

@@ -62,6 +62,11 @@ func (h *Handler) GetSession(c gateway.Context) error {
 }
 
 func (h *Handler) UpdateSession(c gateway.Context) error {
+	println("!2222222")
+	println("!2222222")
+	println("!2222222")
+	println("!2222222")
+
 	var req requests.SessionUpdate
 	if err := c.Bind(&req); err != nil {
 		return err
@@ -79,6 +84,11 @@ func (h *Handler) UpdateSession(c gateway.Context) error {
 }
 
 func (h *Handler) CreateSession(c gateway.Context) error {
+	println("!1111111")
+	println("!1111111")
+	println("!1111111")
+	println("!1111111")
+
 	var req requests.SessionCreate
 	if err := c.Bind(&req); err != nil {
 		return err

api/services/auth.go

@@ -88,7 +88,7 @@ func (s *service) AuthDevice(ctx context.Context, req requests.DeviceAuth, remot
 	}
 
 	uidSHA := sha256.Sum256(structhash.Dump(auth, 1))
-	device, err := s.store.DeviceGet(ctx, models.UID(hex.EncodeToString(uidSHA[:])))
+	device, err := s.store.DeviceGet(ctx, store.DeviceIdentID, hex.EncodeToString(uidSHA[:]))
 	if err != nil {
 		if err != store.ErrNoDocuments {
 			return nil, err

api/services/device.go

@@ -3,7 +3,9 @@ package services
 import (
 	"context"
 
+	"github.com/shellhub-io/shellhub/api/store"
 	"github.com/shellhub-io/shellhub/pkg/api/requests"
+	"github.com/shellhub-io/shellhub/pkg/envs"
 	"github.com/shellhub-io/shellhub/pkg/models"
 )
 
@@ -22,11 +24,64 @@ type DeviceService interface {
 }
 
 func (s *service) ListDevices(ctx context.Context, req *requests.DeviceList) ([]models.Device, int, error) {
-	return nil, 0, nil
+	// if req.DeviceStatus == models.DeviceStatusRemoved {
+	// 	// TODO: unique DeviceList
+	// 	removed, count, err := s.store.DeviceRemovedList(ctx, req.TenantID, req.Paginator, req.Filters, req.Sorter)
+	// 	if err != nil {
+	// 		return nil, 0, err
+	// 	}
+	//
+	// 	devices := make([]models.Device, 0, len(removed))
+	// 	for _, device := range removed {
+	// 		devices = append(devices, *device.Device)
+	// 	}
+	//
+	// 	return devices, count, nil
+	// }
+	//
+	// if req.TenantID != "" {
+	// 	ns, err := s.store.NamespaceGet(ctx, req.TenantID, s.store.Options().CountAcceptedDevices())
+	// 	if err != nil {
+	// 		return nil, 0, NewErrNamespaceNotFound(req.TenantID, err)
+	// 	}
+	//
+	// 	if ns.HasMaxDevices() {
+	// 		switch {
+	// 		case envs.IsCloud():
+	// 			removed, err := s.store.DeviceRemovedCount(ctx, ns.TenantID)
+	// 			if err != nil {
+	// 				return nil, 0, NewErrDeviceRemovedCount(err)
+	// 			}
+	//
+	// 			if ns.HasLimitDevicesReached(removed) {
+	// 				return s.store.DeviceList(ctx, req.DeviceStatus, req.Paginator, req.Filters, req.Sorter, store.DeviceAcceptableFromRemoved)
+	// 			}
+	// 		case envs.IsEnterprise():
+	// 			fallthrough
+	// 		case envs.IsCommunity():
+	// 			if ns.HasMaxDevicesReached() {
+	// 				return s.store.DeviceList(ctx, req.DeviceStatus, req.Paginator, req.Filters, req.Sorter, store.DeviceAcceptableAsFalse)
+	// 			}
+	// 		}
+	// 	}
+	// }
+
+	return s.store.DeviceList(
+		ctx,
+		s.store.Options().InNamespace(req.TenantID),
+		s.store.Options().Filter(req.Filters),
+		s.store.Options().Paginate(req.Paginator),
+		s.store.Options().Order(req.Sorter),
+	)
 }
 
 func (s *service) GetDevice(ctx context.Context, uid models.UID) (*models.Device, error) {
-	return nil, nil
+	device, err := s.store.DeviceGet(ctx, store.DeviceIdentID, string(uid))
+	if err != nil {
+		return nil, NewErrDeviceNotFound(uid, err)
+	}
+
+	return device, nil
 }
 
 // DeleteDevice deletes a device from a namespace.
@@ -38,7 +93,26 @@ func (s *service) GetDevice(ctx context.Context, uid models.UID) (*models.Device
 // NewErrNamespaceNotFound(tenant, err), if the usage cannot be reported, ErrReport or if the store function that
 // delete the device fails.
 func (s *service) DeleteDevice(ctx context.Context, uid models.UID, tenant string) error {
-	return nil
+	ns, err := s.store.NamespaceGet(ctx, store.NamespaceIdentID, tenant)
+	if err != nil {
+		return NewErrNamespaceNotFound(tenant, err)
+	}
+
+	device, err := s.store.DeviceGet(ctx, store.DeviceIdentID, string(uid))
+	if err != nil {
+		return NewErrDeviceNotFound(uid, err)
+	}
+
+	// If the namespace has a limit of devices, we change the device's slot status to removed.
+	// This way, we can keep track of the number of devices that were removed from the namespace and void the device
+	// switching.
+	if envs.IsCloud() && envs.HasBilling() && !ns.Billing.IsActive() {
+		if err := s.store.DeviceRemovedInsert(ctx, tenant, device); err != nil {
+			return NewErrDeviceRemovedInsert(err)
+		}
+	}
+
+	return s.store.DeviceDelete(ctx, uid)
 }
 
 func (s *service) RenameDevice(ctx context.Context, uid models.UID, name, tenant string) error {
@@ -50,7 +124,12 @@ func (s *service) RenameDevice(ctx context.Context, uid models.UID, name, tenant
 // It receives a context, used to "control" the request flow and, the namespace name from a models.Namespace and a
 // device name from models.Device.
 func (s *service) LookupDevice(ctx context.Context, namespace, name string) (*models.Device, error) {
-	return nil, nil
+	device, err := s.store.DeviceGet(ctx, store.DeviceIdentName, name)
+	if err != nil {
+		return nil, NewErrDeviceLookupNotFound(namespace, name, err)
+	}
+
+	return device, nil
 }
 
 func (s *service) OfflineDevice(ctx context.Context, uid models.UID) error {

api/services/sshkeys.go

@@ -2,11 +2,17 @@ package services
 
 import (
 	"context"
+	"crypto/rand"
+	"crypto/rsa"
+	"crypto/x509"
+	"encoding/pem"
 
 	"github.com/shellhub-io/shellhub/pkg/api/query"
 	"github.com/shellhub-io/shellhub/pkg/api/requests"
 	"github.com/shellhub-io/shellhub/pkg/api/responses"
+	"github.com/shellhub-io/shellhub/pkg/clock"
 	"github.com/shellhub-io/shellhub/pkg/models"
+	"golang.org/x/crypto/ssh"
 )
 
 type SSHKeysService interface {
@@ -53,5 +59,28 @@ func (s *service) DeletePublicKey(ctx context.Context, fingerprint, tenant strin
 }
 
 func (s *service) CreatePrivateKey(ctx context.Context) (*models.PrivateKey, error) {
-	return nil, nil
+	key, err := rsa.GenerateKey(rand.Reader, 4096)
+	if err != nil {
+		return nil, err
+	}
+
+	pubKey, err := ssh.NewPublicKey(&key.PublicKey)
+	if err != nil {
+		return nil, err
+	}
+
+	privateKey := &models.PrivateKey{
+		Data: pem.EncodeToMemory(&pem.Block{
+			Type:  "RSA PRIVATE KEY",
+			Bytes: x509.MarshalPKCS1PrivateKey(key),
+		}),
+		Fingerprint: ssh.FingerprintLegacyMD5(pubKey),
+		CreatedAt:   clock.Now(),
+	}
+
+	if err := s.store.PrivateKeyCreate(ctx, privateKey); err != nil {
+		return nil, err
+	}
+
+	return privateKey, nil
 }

api/services/task.go

@@ -1,9 +1,14 @@
 package services
 
 import (
+	"bufio"
+	"bytes"
 	"context"
+	"slices"
+	"time"
 
 	"github.com/shellhub-io/shellhub/pkg/worker"
+	log "github.com/sirupsen/logrus"
 )
 
 const (
@@ -14,6 +19,38 @@ const (
 // newline-separated list of device UIDs.
 func (s *service) DevicesHeartbeat() worker.TaskHandler {
 	return func(ctx context.Context, payload []byte) error {
+		log.WithField("task", TaskDevicesHeartbeat.String()).
+			Info("executing heartbeat task")
+
+		scanner := bufio.NewScanner(bytes.NewReader(payload))
+		scanner.Split(bufio.ScanLines)
+
+		uids := make([]string, 0)
+		for scanner.Scan() {
+			uid := scanner.Text()
+			if uid == "" {
+				continue
+			}
+
+			uids = append(uids, uid)
+		}
+
+		slices.Sort(uids)
+		uids = slices.Compact(uids)
+
+		mCount, err := s.store.DeviceUpdateSeenAt(ctx, uids, time.Now())
+		if err != nil {
+			log.WithField("task", TaskDevicesHeartbeat.String()).
+				WithError(err).
+				Error("failed to complete the heartbeat task")
+
+			return err
+		}
+
+		log.WithField("task", TaskDevicesHeartbeat.String()).
+			WithField("modified_count", mCount).
+			Info("finishing heartbeat task")
+
 		return nil
 	}
 }

api/store/device.go

@@ -2,6 +2,7 @@ package store
 
 import (
 	"context"
+	"time"
 
 	"github.com/shellhub-io/shellhub/pkg/api/query"
 	"github.com/shellhub-io/shellhub/pkg/models"
@@ -19,11 +20,18 @@ const (
 	DeviceAcceptableAsFalse
 )
 
+type DeviceIdent string
+
+const (
+	DeviceIdentID   DeviceIdent = "id"
+	DeviceIdentName DeviceIdent = "name"
+)
+
 type DeviceStore interface {
 	DeviceCreate(ctx context.Context, device *models.Device) (insertedID string, err error)
 
-	DeviceList(ctx context.Context, status models.DeviceStatus, pagination query.Paginator, filters query.Filters, sorter query.Sorter, acceptable DeviceAcceptable) ([]models.Device, int, error)
-	DeviceGet(ctx context.Context, uid models.UID) (*models.Device, error)
+	DeviceList(ctx context.Context, opts ...QueryOption) ([]models.Device, int, error)
+	DeviceGet(ctx context.Context, ident DeviceIdent, val string) (*models.Device, error)
 
 	// DeviceConflicts reports whether the target contains conflicting attributes with the database. Pass zero values for
 	// attributes you do not wish to match on. For example, the following call checks for conflicts based on email only:
@@ -34,11 +42,7 @@ type DeviceStore interface {
 	// It returns an array of conflicting attribute fields and an error, if any.
 	DeviceConflicts(ctx context.Context, target *models.DeviceConflicts) (conflicts []string, has bool, err error)
 
-	// DeviceUpdate updates a device with the specified UID that belongs to the specified namespace. It returns [ErrNoDocuments] if none device is found.
-	DeviceUpdate(ctx context.Context, tenant, uid string, changes *models.DeviceChanges) error
-	// DeviceBulkdUpdate updates a list of devices. Different than [DeviceStore.DeviceUpdate], it does not differentiate namespaces.
-	// It returns the number of  modified devices and an error if any.
-	DeviceBulkUpdate(ctx context.Context, uids []string, changes *models.DeviceChanges) (modifiedCount int64, err error)
+	DeviceUpdateSeenAt(ctx context.Context, ids []string, to time.Time) (updatedCount int64, err error)
 
 	DeviceDelete(ctx context.Context, uid models.UID) error
 	DeviceRename(ctx context.Context, uid models.UID, hostname string) error