🐛 fix(git):将SSH主机密钥检查从no改为yes以增强安全性
✨ feat(git):改进SSH URL检测和分支克隆逻辑 📝 docs(frontend):更新SSH公钥添加说明,移除CodeUp链接
This commit is contained in:
Image
parent
b095e7aa6c
commit
597d19dbfe
|
|
@ -2319,7 +2319,7 @@ async def _get_project_root(
|
||||||
await emit(f"🔄 正在获取仓库: {repo_url}")
|
await emit(f"🔄 正在获取仓库: {repo_url}")
|
||||||
|
|
||||||
# 检测是否为SSH URL(SSH链接不支持ZIP下载)
|
# 检测是否为SSH URL(SSH链接不支持ZIP下载)
|
||||||
is_ssh_url = repo_url.startswith('git@')
|
is_ssh_url = GitSSHOperations.is_ssh_url(repo_url)
|
||||||
|
|
||||||
# 解析仓库 URL 获取 owner/repo
|
# 解析仓库 URL 获取 owner/repo
|
||||||
parsed = urlparse(repo_url)
|
parsed = urlparse(repo_url)
|
||||||
|
|
@ -2602,7 +2602,7 @@ async def _get_project_root(
|
||||||
async def run_default_ssh_clone():
|
async def run_default_ssh_clone():
|
||||||
return await asyncio.to_thread(
|
return await asyncio.to_thread(
|
||||||
GitSSHOperations.clone_repo_with_ssh,
|
GitSSHOperations.clone_repo_with_ssh,
|
||||||
repo_url, ssh_private_key, base_path, "" # 空字符串表示使用默认分支
|
repo_url, ssh_private_key, base_path, branch
|
||||||
)
|
)
|
||||||
|
|
||||||
clone_task = asyncio.create_task(run_default_ssh_clone())
|
clone_task = asyncio.create_task(run_default_ssh_clone())
|
||||||
|
|
|
||||||
|
|
@ -229,7 +229,7 @@ class GitSSHOperations:
|
||||||
return url.startswith('git@') or url.startswith('ssh://')
|
return url.startswith('git@') or url.startswith('ssh://')
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def clone_repo_with_ssh(repo_url: str, private_key: str, target_dir: str, branch: str = "main") -> Dict[str, any]:
|
def clone_repo_with_ssh(repo_url: str, private_key: str, target_dir: str, branch: str = None) -> Dict[str, any]:
|
||||||
"""
|
"""
|
||||||
使用SSH密钥克隆Git仓库
|
使用SSH密钥克隆Git仓库
|
||||||
|
|
||||||
|
|
@ -260,7 +260,7 @@ class GitSSHOperations:
|
||||||
ssh_cmd_parts = [
|
ssh_cmd_parts = [
|
||||||
'ssh',
|
'ssh',
|
||||||
'-i', key_file,
|
'-i', key_file,
|
||||||
'-o', 'StrictHostKeyChecking=no',
|
'-o', 'StrictHostKeyChecking=yes',
|
||||||
'-o', 'UserKnownHostsFile=/dev/null',
|
'-o', 'UserKnownHostsFile=/dev/null',
|
||||||
'-o', 'PreferredAuthentications=publickey',
|
'-o', 'PreferredAuthentications=publickey',
|
||||||
'-o', 'IdentitiesOnly=yes' # 只使用指定的密钥,不使用系统默认密钥
|
'-o', 'IdentitiesOnly=yes' # 只使用指定的密钥,不使用系统默认密钥
|
||||||
|
|
@ -270,7 +270,11 @@ class GitSSHOperations:
|
||||||
print(f"[Git Clone] Using DeepAudit SSH key only: {key_file}")
|
print(f"[Git Clone] Using DeepAudit SSH key only: {key_file}")
|
||||||
|
|
||||||
# 执行git clone
|
# 执行git clone
|
||||||
cmd = ['git', 'clone', '--depth', '1', '--branch', branch, repo_url, target_dir]
|
cmd = ['git', 'clone', '--depth', '1']
|
||||||
|
if branch: # 只有明确指定分支时才添加
|
||||||
|
cmd.extend(['--branch', branch])
|
||||||
|
cmd.extend([repo_url, target_dir])
|
||||||
|
|
||||||
result = subprocess.run(
|
result = subprocess.run(
|
||||||
cmd,
|
cmd,
|
||||||
env=env,
|
env=env,
|
||||||
|
|
@ -414,7 +418,7 @@ class GitSSHOperations:
|
||||||
cmd = [
|
cmd = [
|
||||||
'ssh',
|
'ssh',
|
||||||
'-i', key_file,
|
'-i', key_file,
|
||||||
'-o', 'StrictHostKeyChecking=no',
|
'-o', 'StrictHostKeyChecking=yes',
|
||||||
'-o', 'UserKnownHostsFile=/dev/null',
|
'-o', 'UserKnownHostsFile=/dev/null',
|
||||||
'-o', 'ConnectTimeout=10',
|
'-o', 'ConnectTimeout=10',
|
||||||
'-o', 'PreferredAuthentications=publickey',
|
'-o', 'PreferredAuthentications=publickey',
|
||||||
|
|
@ -444,7 +448,7 @@ class GitSSHOperations:
|
||||||
'output': f'提示:服务器显示Anonymous表示公钥未添加到Git服务或未关联到您的账户。\n请在Git服务的设置中添加SSH公钥。\n\n原始输出:\n{output}'
|
'output': f'提示:服务器显示Anonymous表示公钥未添加到Git服务或未关联到您的账户。\n请在Git服务的设置中添加SSH公钥。\n\n原始输出:\n{output}'
|
||||||
}
|
}
|
||||||
|
|
||||||
# 检查是否认证成功(必须有用户名,不能是Anonymous)
|
# 检查是否认证成功
|
||||||
success_indicators = [
|
success_indicators = [
|
||||||
('successfully authenticated', True), # GitHub
|
('successfully authenticated', True), # GitHub
|
||||||
('hi ', True), # GitHub: "Hi username!"
|
('hi ', True), # GitHub: "Hi username!"
|
||||||
|
|
|
||||||
|
|
@ -487,7 +487,7 @@ export default function Account() {
|
||||||
)}
|
)}
|
||||||
|
|
||||||
<p className="text-xs text-muted-foreground">
|
<p className="text-xs text-muted-foreground">
|
||||||
请将此公钥添加到 <a href="https://github.com/settings/keys" target="_blank" rel="noopener noreferrer" className="text-primary hover:underline">GitHub</a> 或 <a href="https://gitlab.com/-/profile/keys" target="_blank" rel="noopener noreferrer" className="text-primary hover:underline">GitLab</a> 或 <a href="https://codeup.aliyun.com/" target="_blank" rel="noopener noreferrer" className="text-primary hover:underline">CodeUp</a> 账户
|
请将此公钥添加到 <a href="https://github.com/settings/keys" target="_blank" rel="noopener noreferrer" className="text-primary hover:underline">GitHub</a> 或 <a href="https://gitlab.com/-/profile/keys" target="_blank" rel="noopener noreferrer" className="text-primary hover:underline">GitLab</a> 账户
|
||||||
</p>
|
</p>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue