From a6ae81f5b50d07c93307671bb016c0a4744d46fd Mon Sep 17 00:00:00 2001
From: Johannes <git@digbox.de>
Date: Sun, 7 Sep 2025 15:46:11 +0200
Subject: [PATCH] feat: Add SSH-Key support for secure deployment
 authentication

- upload.sh: Conditional SSH-Key vs. password authentication
- Automatic detection of SSH-Keys via FTP_SSH_KEY variable
- CloudPanel-compatible SSH-Key integration
- .env.upload.example: Added SSH-Key documentation
- Secure SFTP uploads without passwords in code
---
 deployment/scripts/.env.upload.example |  4 +++
 deployment/scripts/upload.sh           | 45 ++++++++++++++++++++------
 2 files changed, 40 insertions(+), 9 deletions(-)

diff --git a/deployment/scripts/.env.upload.example b/deployment/scripts/.env.upload.example
index 87d7ef4..864b0ba 100644
--- a/deployment/scripts/.env.upload.example
+++ b/deployment/scripts/.env.upload.example
@@ -16,6 +16,10 @@ FTP_PATH="/htdocs"
 # SSH/SFTP Port (Standard: 22)
 FTP_PORT="22"
 
+# SSH-Key Authentifizierung (Optional, für SSH-Key-only Server)
+# Falls gesetzt, wird SSH-Key statt Passwort verwendet
+# FTP_SSH_KEY="$HOME/.ssh/id_rsa"
+
 # Beispiele für verschiedene Provider:
 # Strato:     FTP_HOST="ftp.strato.de"     FTP_PATH="/htdocs"
 # 1&1:        FTP_HOST="ftp.1und1.de"      FTP_PATH="/htdocs"  
diff --git a/deployment/scripts/upload.sh b/deployment/scripts/upload.sh
index 1b54bcc..196aea4 100755
--- a/deployment/scripts/upload.sh
+++ b/deployment/scripts/upload.sh
@@ -35,6 +35,15 @@ echo "   Host: $FTP_HOST"
 echo "   User: $FTP_USER"
 echo "   Port: $FTP_PORT"
 echo "   Path: $FTP_PATH"
+
+# SSH-Key Authentifizierung prüfen
+if [ -n "$FTP_SSH_KEY" ] && [ -f "$FTP_SSH_KEY" ]; then
+    echo "   Auth: SSH-Key ($FTP_SSH_KEY)"
+    USE_SSH_KEY=1
+else
+    echo "   Auth: Passwort"
+    USE_SSH_KEY=0
+fi
 echo ""
 
 # Prüfe ob wir im deployment/scripts/ Ordner sind und wechsle zur Projekt-Root
@@ -74,17 +83,35 @@ if [[ ! "$response" =~ ^[Yy]$ ]]; then
 fi
 
 echo "📤 Uploade via SFTP..."
-lftp -c "
-set sftp:auto-confirm yes;
-set ssl:verify-certificate no;
-open sftp://$FTP_USER:$FTP_PASS@$FTP_HOST:$FTP_PORT;
-cd $FTP_PATH;
 
-lcd deployment/build;
-mirror --reverse --delete --verbose --exclude-glob=node_modules/ --exclude-glob=.git/ --exclude-glob=.* --exclude area/ ./ ./;
+if [ $USE_SSH_KEY -eq 1 ]; then
+    # SSH-Key Authentifizierung
+    lftp -c "
+    set sftp:auto-confirm yes;
+    set ssl:verify-certificate no;
+    set sftp:connect-program 'ssh -i $FTP_SSH_KEY -p $FTP_PORT -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null';
+    open sftp://$FTP_USER@$FTP_HOST;
+    cd $FTP_PATH;
+    
+    lcd deployment/build;
+    mirror --reverse --delete --verbose --exclude-glob=node_modules/ --exclude-glob=.git/ --exclude-glob=.* --exclude area/ ./ ./;
+    
+    bye
+    "
+else
+    # Passwort Authentifizierung
+    lftp -c "
+    set sftp:auto-confirm yes;
+    set ssl:verify-certificate no;
+    open sftp://$FTP_USER:$FTP_PASS@$FTP_HOST:$FTP_PORT;
+    cd $FTP_PATH;
 
-bye
-"
+    lcd deployment/build;
+    mirror --reverse --delete --verbose --exclude-glob=node_modules/ --exclude-glob=.git/ --exclude-glob=.* --exclude area/ ./ ./;
+
+    bye
+    "
+fi
 
 if [ $? -eq 0 ]; then
     echo "✅ Upload erfolgreich!"