Created /api/v1/keys, access-requests, telemetry, agent. Documented endpoints at /api/v1/docs

2026-01-19 18:29:22 +00:00
parent a3036f74fc
commit a32b3dd17f
30 changed files with 1071 additions and 3 deletions
--- a/app/apps/keys/init.py
+++ b/app/apps/keys/init.py
--- a/app/apps/keys/admin.py
+++ b/app/apps/keys/admin.py
@@ -0,0 +1,11 @@
+from django.contrib import admin
+
+from .models import SSHKey
+
+
+@admin.register(SSHKey)
+class SSHKeyAdmin(admin.ModelAdmin):
+    list_display = ("id", "user", "name", "key_type", "fingerprint", "is_active", "created_at")
+    list_filter = ("is_active", "key_type")
+    search_fields = ("name", "user__username", "user__email", "fingerprint")
+    ordering = ("-created_at",)
--- a/app/apps/keys/apps.py
+++ b/app/apps/keys/apps.py
@@ -0,0 +1,7 @@
+from django.apps import AppConfig
+
+
+class KeysConfig(AppConfig):
+    default_auto_field = "django.db.models.BigAutoField"
+    name = "apps.keys"
+    verbose_name = "SSH Keys"
--- a/app/apps/keys/migrations/0001_initial.py
+++ b/app/apps/keys/migrations/0001_initial.py
@@ -0,0 +1,53 @@
+from django.conf import settings
+from django.db import migrations, models
+import django.db.models.deletion
+import django.utils.timezone
+
+
+class Migration(migrations.Migration):
+
+    initial = True
+
+    dependencies = [
+        migrations.swappable_dependency(settings.AUTH_USER_MODEL),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name="SSHKey",
+            fields=[
+                ("id", models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name="ID")),
+                ("name", models.CharField(max_length=128)),
+                ("public_key", models.TextField()),
+                ("key_type", models.CharField(max_length=32)),
+                ("fingerprint", models.CharField(db_index=True, max_length=128)),
+                ("is_active", models.BooleanField(db_index=True, default=True)),
+                ("created_at", models.DateTimeField(default=django.utils.timezone.now, editable=False)),
+                ("revoked_at", models.DateTimeField(blank=True, null=True)),
+                ("last_used_at", models.DateTimeField(blank=True, null=True)),
+                (
+                    "user",
+                    models.ForeignKey(
+                        on_delete=django.db.models.deletion.CASCADE,
+                        related_name="ssh_keys",
+                        to=settings.AUTH_USER_MODEL,
+                    ),
+                ),
+            ],
+            options={
+                "verbose_name": "SSH key",
+                "verbose_name_plural": "SSH keys",
+                "ordering": ["-created_at"],
+                "indexes": [
+                    models.Index(fields=["user", "is_active"], name="keys_user_active_idx"),
+                    models.Index(fields=["fingerprint"], name="keys_fingerprint_idx"),
+                ],
+                "constraints": [
+                    models.UniqueConstraint(
+                        fields=("user", "fingerprint"),
+                        name="unique_user_key_fingerprint",
+                    )
+                ],
+            },
+        ),
+    ]
--- a/app/apps/keys/migrations/init.py
+++ b/app/apps/keys/migrations/init.py
--- a/app/apps/keys/models.py
+++ b/app/apps/keys/models.py
@@ -0,0 +1,66 @@
+from __future__ import annotations
+
+import base64
+import binascii
+import hashlib
+
+from django.conf import settings
+from django.core.exceptions import ValidationError
+from django.db import models
+from django.utils import timezone
+
+
+def parse_public_key(public_key: str) -> tuple[str, str, str]:
+    trimmed = (public_key or "").strip()
+    parts = trimmed.split()
+    if len(parts) < 2:
+        raise ValidationError("Invalid SSH public key format.")
+    key_type, key_b64 = parts[0], parts[1]
+    try:
+        key_bytes = base64.b64decode(key_b64.encode("ascii"), validate=True)
+    except (binascii.Error, ValueError) as exc:
+        raise ValidationError("Invalid SSH public key format.") from exc
+    digest = hashlib.sha256(key_bytes).digest()
+    fingerprint = "SHA256:" + base64.b64encode(digest).decode("ascii").rstrip("=")
+    return key_type, key_b64, fingerprint
+
+
+class SSHKey(models.Model):
+    user = models.ForeignKey(
+        settings.AUTH_USER_MODEL, on_delete=models.CASCADE, related_name="ssh_keys"
+    )
+    name = models.CharField(max_length=128)
+    public_key = models.TextField()
+    key_type = models.CharField(max_length=32)
+    fingerprint = models.CharField(max_length=128, db_index=True)
+    is_active = models.BooleanField(default=True, db_index=True)
+    created_at = models.DateTimeField(default=timezone.now, editable=False)
+    revoked_at = models.DateTimeField(null=True, blank=True)
+    last_used_at = models.DateTimeField(null=True, blank=True)
+
+    class Meta:
+        verbose_name = "SSH key"
+        verbose_name_plural = "SSH keys"
+        indexes = [
+            models.Index(fields=["user", "is_active"], name="keys_user_active_idx"),
+            models.Index(fields=["fingerprint"], name="keys_fingerprint_idx"),
+        ]
+        constraints = [
+            models.UniqueConstraint(
+                fields=["user", "fingerprint"], name="unique_user_key_fingerprint"
+            )
+        ]
+        ordering = ["-created_at"]
+
+    def set_public_key(self, public_key: str) -> None:
+        key_type, key_b64, fingerprint = parse_public_key(public_key)
+        self.key_type = key_type
+        self.fingerprint = fingerprint
+        self.public_key = f"{key_type} {key_b64}"
+
+    def revoke(self) -> None:
+        self.is_active = False
+        self.revoked_at = timezone.now()
+
+    def __str__(self) -> str:
+        return f"{self.name} ({self.user_id})"