🐛 fix(git):将SSH主机密钥检查从no改为yes以增强安全性
✨ feat(git):改进SSH URL检测和分支克隆逻辑 📝 docs(frontend):更新SSH公钥添加说明,移除CodeUp链接
This commit is contained in:
Image
parent
b095e7aa6c
commit
597d19dbfe
|
|
@ -2319,7 +2319,7 @@ async def _get_project_root(
|
|||
await emit(f"🔄 正在获取仓库: {repo_url}")
|
||||
|
||||
# 检测是否为SSH URL(SSH链接不支持ZIP下载)
|
||||
is_ssh_url = repo_url.startswith('git@')
|
||||
is_ssh_url = GitSSHOperations.is_ssh_url(repo_url)
|
||||
|
||||
# 解析仓库 URL 获取 owner/repo
|
||||
parsed = urlparse(repo_url)
|
||||
|
|
@ -2602,7 +2602,7 @@ async def _get_project_root(
|
|||
async def run_default_ssh_clone():
|
||||
return await asyncio.to_thread(
|
||||
GitSSHOperations.clone_repo_with_ssh,
|
||||
repo_url, ssh_private_key, base_path, "" # 空字符串表示使用默认分支
|
||||
repo_url, ssh_private_key, base_path, branch
|
||||
)
|
||||
|
||||
clone_task = asyncio.create_task(run_default_ssh_clone())
|
||||
|
|
|
|||
|
|
@ -229,7 +229,7 @@ class GitSSHOperations:
|
|||
return url.startswith('git@') or url.startswith('ssh://')
|
||||
|
||||
@staticmethod
|
||||
def clone_repo_with_ssh(repo_url: str, private_key: str, target_dir: str, branch: str = "main") -> Dict[str, any]:
|
||||
def clone_repo_with_ssh(repo_url: str, private_key: str, target_dir: str, branch: str = None) -> Dict[str, any]:
|
||||
"""
|
||||
使用SSH密钥克隆Git仓库
|
||||
|
||||
|
|
@ -260,7 +260,7 @@ class GitSSHOperations:
|
|||
ssh_cmd_parts = [
|
||||
'ssh',
|
||||
'-i', key_file,
|
||||
'-o', 'StrictHostKeyChecking=no',
|
||||
'-o', 'StrictHostKeyChecking=yes',
|
||||
'-o', 'UserKnownHostsFile=/dev/null',
|
||||
'-o', 'PreferredAuthentications=publickey',
|
||||
'-o', 'IdentitiesOnly=yes' # 只使用指定的密钥,不使用系统默认密钥
|
||||
|
|
@ -270,7 +270,11 @@ class GitSSHOperations:
|
|||
print(f"[Git Clone] Using DeepAudit SSH key only: {key_file}")
|
||||
|
||||
# 执行git clone
|
||||
cmd = ['git', 'clone', '--depth', '1', '--branch', branch, repo_url, target_dir]
|
||||
cmd = ['git', 'clone', '--depth', '1']
|
||||
if branch: # 只有明确指定分支时才添加
|
||||
cmd.extend(['--branch', branch])
|
||||
cmd.extend([repo_url, target_dir])
|
||||
|
||||
result = subprocess.run(
|
||||
cmd,
|
||||
env=env,
|
||||
|
|
@ -414,7 +418,7 @@ class GitSSHOperations:
|
|||
cmd = [
|
||||
'ssh',
|
||||
'-i', key_file,
|
||||
'-o', 'StrictHostKeyChecking=no',
|
||||
'-o', 'StrictHostKeyChecking=yes',
|
||||
'-o', 'UserKnownHostsFile=/dev/null',
|
||||
'-o', 'ConnectTimeout=10',
|
||||
'-o', 'PreferredAuthentications=publickey',
|
||||
|
|
@ -444,7 +448,7 @@ class GitSSHOperations:
|
|||
'output': f'提示:服务器显示Anonymous表示公钥未添加到Git服务或未关联到您的账户。\n请在Git服务的设置中添加SSH公钥。\n\n原始输出:\n{output}'
|
||||
}
|
||||
|
||||
# 检查是否认证成功(必须有用户名,不能是Anonymous)
|
||||
# 检查是否认证成功
|
||||
success_indicators = [
|
||||
('successfully authenticated', True), # GitHub
|
||||
('hi ', True), # GitHub: "Hi username!"
|
||||
|
|
|
|||
|
|
@ -487,7 +487,7 @@ export default function Account() {
|
|||
)}
|
||||
|
||||
<p className="text-xs text-muted-foreground">
|
||||
请将此公钥添加到 <a href="https://github.com/settings/keys" target="_blank" rel="noopener noreferrer" className="text-primary hover:underline">GitHub</a> 或 <a href="https://gitlab.com/-/profile/keys" target="_blank" rel="noopener noreferrer" className="text-primary hover:underline">GitLab</a> 或 <a href="https://codeup.aliyun.com/" target="_blank" rel="noopener noreferrer" className="text-primary hover:underline">CodeUp</a> 账户
|
||||
请将此公钥添加到 <a href="https://github.com/settings/keys" target="_blank" rel="noopener noreferrer" className="text-primary hover:underline">GitHub</a> 或 <a href="https://gitlab.com/-/profile/keys" target="_blank" rel="noopener noreferrer" className="text-primary hover:underline">GitLab</a> 账户
|
||||
</p>
|
||||
</div>
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue