2024-07-01 14:26:50 +00:00
|
|
|
<?php
|
|
|
|
|
|
|
|
namespace App\Http\Controllers\Api;
|
|
|
|
|
|
|
|
use App\Http\Controllers\Controller;
|
|
|
|
use App\Models\PrivateKey;
|
|
|
|
use Illuminate\Http\Request;
|
2024-07-09 08:45:10 +00:00
|
|
|
use OpenApi\Attributes as OA;
|
2024-07-01 14:26:50 +00:00
|
|
|
|
|
|
|
class SecurityController extends Controller
|
|
|
|
{
|
2024-07-09 08:45:10 +00:00
|
|
|
private function removeSensitiveData($team)
|
|
|
|
{
|
|
|
|
$token = auth()->user()->currentAccessToken();
|
|
|
|
if ($token->can('view:sensitive')) {
|
|
|
|
return serializeApiResponse($team);
|
|
|
|
}
|
|
|
|
$team->makeHidden([
|
|
|
|
'private_key',
|
|
|
|
]);
|
|
|
|
|
|
|
|
return serializeApiResponse($team);
|
|
|
|
}
|
|
|
|
|
|
|
|
#[OA\Get(
|
|
|
|
summary: 'List',
|
|
|
|
description: 'List all private keys.',
|
|
|
|
path: '/security/keys',
|
|
|
|
security: [
|
|
|
|
['bearerAuth' => []],
|
|
|
|
],
|
|
|
|
tags: ['Private Keys'],
|
|
|
|
responses: [
|
|
|
|
new OA\Response(
|
|
|
|
response: 200,
|
|
|
|
description: 'Get all private keys.',
|
|
|
|
content: [
|
|
|
|
new OA\MediaType(
|
|
|
|
mediaType: 'application/json',
|
|
|
|
schema: new OA\Schema(
|
|
|
|
type: 'array',
|
|
|
|
items: new OA\Items(ref: '#/components/schemas/PrivateKey')
|
|
|
|
)
|
|
|
|
),
|
|
|
|
]),
|
|
|
|
new OA\Response(
|
|
|
|
response: 401,
|
|
|
|
ref: '#/components/responses/401',
|
|
|
|
),
|
|
|
|
new OA\Response(
|
|
|
|
response: 400,
|
|
|
|
ref: '#/components/responses/400',
|
|
|
|
),
|
|
|
|
]
|
|
|
|
)]
|
2024-07-01 14:26:50 +00:00
|
|
|
public function keys(Request $request)
|
|
|
|
{
|
|
|
|
$teamId = getTeamIdFromToken();
|
|
|
|
if (is_null($teamId)) {
|
|
|
|
return invalidTokenResponse();
|
|
|
|
}
|
|
|
|
$keys = PrivateKey::where('team_id', $teamId)->get();
|
|
|
|
|
2024-07-09 08:45:10 +00:00
|
|
|
return response()->json($this->removeSensitiveData($keys));
|
2024-07-01 14:26:50 +00:00
|
|
|
}
|
|
|
|
|
2024-07-09 08:45:10 +00:00
|
|
|
#[OA\Get(
|
|
|
|
summary: 'Get',
|
|
|
|
description: 'Get key by UUID.',
|
|
|
|
path: '/security/keys/{uuid}',
|
|
|
|
security: [
|
|
|
|
['bearerAuth' => []],
|
|
|
|
],
|
|
|
|
tags: ['Private Keys'],
|
|
|
|
parameters: [
|
|
|
|
new OA\Parameter(name: 'uuid', in: 'path', required: true, description: 'Private Key Uuid', schema: new OA\Schema(type: 'integer')),
|
|
|
|
],
|
|
|
|
responses: [
|
|
|
|
new OA\Response(
|
|
|
|
response: 200,
|
|
|
|
description: 'Get all private keys.',
|
|
|
|
content: [
|
|
|
|
new OA\MediaType(
|
|
|
|
mediaType: 'application/json',
|
|
|
|
schema: new OA\Schema(
|
|
|
|
type: 'array',
|
|
|
|
items: new OA\Items(ref: '#/components/schemas/PrivateKey')
|
|
|
|
)
|
|
|
|
),
|
|
|
|
]),
|
|
|
|
new OA\Response(
|
|
|
|
response: 401,
|
|
|
|
ref: '#/components/responses/401',
|
|
|
|
),
|
|
|
|
new OA\Response(
|
|
|
|
response: 400,
|
|
|
|
ref: '#/components/responses/400',
|
|
|
|
),
|
|
|
|
new OA\Response(
|
|
|
|
response: 404,
|
|
|
|
description: 'Private Key not found.',
|
|
|
|
),
|
|
|
|
]
|
|
|
|
)]
|
2024-07-01 14:26:50 +00:00
|
|
|
public function key_by_uuid(Request $request)
|
|
|
|
{
|
|
|
|
$teamId = getTeamIdFromToken();
|
|
|
|
if (is_null($teamId)) {
|
|
|
|
return invalidTokenResponse();
|
|
|
|
}
|
|
|
|
|
|
|
|
$key = PrivateKey::where('team_id', $teamId)->where('uuid', $request->uuid)->first();
|
|
|
|
|
|
|
|
if (is_null($key)) {
|
|
|
|
return response()->json([
|
2024-07-03 11:13:38 +00:00
|
|
|
'message' => 'Private Key not found.',
|
2024-07-01 14:26:50 +00:00
|
|
|
], 404);
|
|
|
|
}
|
|
|
|
|
2024-07-09 08:45:10 +00:00
|
|
|
return response()->json($this->removeSensitiveData($key));
|
2024-07-01 14:26:50 +00:00
|
|
|
}
|
|
|
|
|
2024-07-09 08:45:10 +00:00
|
|
|
#[OA\Post(
|
|
|
|
summary: 'Create',
|
|
|
|
description: 'Create a new private key.',
|
|
|
|
path: '/security/keys',
|
|
|
|
security: [
|
|
|
|
['bearerAuth' => []],
|
|
|
|
],
|
|
|
|
tags: ['Private Keys'],
|
|
|
|
requestBody: new OA\RequestBody(
|
|
|
|
required: true,
|
|
|
|
content: [
|
|
|
|
'application/json' => new OA\MediaType(
|
|
|
|
mediaType: 'application/json',
|
|
|
|
schema: new OA\Schema(
|
|
|
|
type: 'object',
|
|
|
|
required: ['private_key'],
|
|
|
|
properties: [
|
|
|
|
'name' => ['type' => 'string'],
|
|
|
|
'description' => ['type' => 'string'],
|
|
|
|
'private_key' => ['type' => 'string'],
|
|
|
|
],
|
|
|
|
additionalProperties: false,
|
|
|
|
)
|
|
|
|
),
|
|
|
|
]
|
|
|
|
),
|
|
|
|
responses: [
|
|
|
|
new OA\Response(
|
|
|
|
response: 201,
|
|
|
|
description: 'The created private key\'s UUID.',
|
|
|
|
content: [
|
|
|
|
new OA\MediaType(
|
|
|
|
mediaType: 'application/json',
|
|
|
|
schema: new OA\Schema(
|
|
|
|
type: 'object',
|
|
|
|
properties: [
|
|
|
|
'uuid' => ['type' => 'string'],
|
|
|
|
]
|
|
|
|
)
|
|
|
|
),
|
|
|
|
]),
|
|
|
|
new OA\Response(
|
|
|
|
response: 401,
|
|
|
|
ref: '#/components/responses/401',
|
|
|
|
),
|
|
|
|
new OA\Response(
|
|
|
|
response: 400,
|
|
|
|
ref: '#/components/responses/400',
|
|
|
|
),
|
|
|
|
]
|
|
|
|
)]
|
2024-07-01 14:26:50 +00:00
|
|
|
public function create_key(Request $request)
|
|
|
|
{
|
|
|
|
$teamId = getTeamIdFromToken();
|
|
|
|
if (is_null($teamId)) {
|
|
|
|
return invalidTokenResponse();
|
|
|
|
}
|
|
|
|
$return = validateIncomingRequest($request);
|
|
|
|
if ($return instanceof \Illuminate\Http\JsonResponse) {
|
|
|
|
return $return;
|
|
|
|
}
|
|
|
|
$validator = customApiValidator($request->all(), [
|
|
|
|
'name' => 'string|max:255',
|
|
|
|
'description' => 'string|max:255',
|
|
|
|
'private_key' => 'required|string',
|
|
|
|
]);
|
|
|
|
|
|
|
|
if ($validator->fails()) {
|
|
|
|
$errors = $validator->errors();
|
|
|
|
|
|
|
|
return response()->json([
|
|
|
|
'message' => 'Validation failed.',
|
|
|
|
'errors' => $errors,
|
|
|
|
], 422);
|
|
|
|
}
|
|
|
|
if (! $request->name) {
|
|
|
|
$request->offsetSet('name', generate_random_name());
|
|
|
|
}
|
|
|
|
if (! $request->description) {
|
|
|
|
$request->offsetSet('description', 'Created by Coolify via API');
|
|
|
|
}
|
|
|
|
$key = PrivateKey::create([
|
|
|
|
'team_id' => $teamId,
|
|
|
|
'name' => $request->name,
|
|
|
|
'description' => $request->description,
|
|
|
|
'private_key' => $request->private_key,
|
|
|
|
]);
|
|
|
|
|
2024-07-03 11:13:38 +00:00
|
|
|
return response()->json(serializeApiResponse([
|
|
|
|
'uuid' => $key->uuid,
|
|
|
|
]))->setStatusCode(201);
|
2024-07-01 14:26:50 +00:00
|
|
|
}
|
|
|
|
|
2024-07-09 08:45:10 +00:00
|
|
|
#[OA\Patch(
|
|
|
|
summary: 'Update',
|
|
|
|
description: 'Update a private key.',
|
|
|
|
path: '/security/keys',
|
|
|
|
security: [
|
|
|
|
['bearerAuth' => []],
|
|
|
|
],
|
|
|
|
tags: ['Private Keys'],
|
|
|
|
requestBody: new OA\RequestBody(
|
|
|
|
required: true,
|
|
|
|
content: [
|
|
|
|
'application/json' => new OA\MediaType(
|
|
|
|
mediaType: 'application/json',
|
|
|
|
schema: new OA\Schema(
|
|
|
|
type: 'object',
|
|
|
|
required: ['private_key'],
|
|
|
|
properties: [
|
|
|
|
'name' => ['type' => 'string'],
|
|
|
|
'description' => ['type' => 'string'],
|
|
|
|
'private_key' => ['type' => 'string'],
|
|
|
|
],
|
|
|
|
additionalProperties: false,
|
|
|
|
)
|
|
|
|
),
|
|
|
|
]
|
|
|
|
),
|
|
|
|
responses: [
|
|
|
|
new OA\Response(
|
|
|
|
response: 201,
|
|
|
|
description: 'The updated private key\'s UUID.',
|
|
|
|
content: [
|
|
|
|
new OA\MediaType(
|
|
|
|
mediaType: 'application/json',
|
|
|
|
schema: new OA\Schema(
|
|
|
|
type: 'object',
|
|
|
|
properties: [
|
|
|
|
'uuid' => ['type' => 'string'],
|
|
|
|
]
|
|
|
|
)
|
|
|
|
),
|
|
|
|
]),
|
|
|
|
new OA\Response(
|
|
|
|
response: 401,
|
|
|
|
ref: '#/components/responses/401',
|
|
|
|
),
|
|
|
|
new OA\Response(
|
|
|
|
response: 400,
|
|
|
|
ref: '#/components/responses/400',
|
|
|
|
),
|
|
|
|
]
|
|
|
|
)]
|
2024-07-01 14:26:50 +00:00
|
|
|
public function update_key(Request $request)
|
|
|
|
{
|
|
|
|
$allowedFields = ['name', 'description', 'private_key'];
|
|
|
|
$teamId = getTeamIdFromToken();
|
|
|
|
if (is_null($teamId)) {
|
|
|
|
return invalidTokenResponse();
|
|
|
|
}
|
|
|
|
$return = validateIncomingRequest($request);
|
|
|
|
if ($return instanceof \Illuminate\Http\JsonResponse) {
|
|
|
|
return $return;
|
|
|
|
}
|
|
|
|
|
|
|
|
$validator = customApiValidator($request->all(), [
|
|
|
|
'name' => 'string|max:255',
|
|
|
|
'description' => 'string|max:255',
|
|
|
|
'private_key' => 'required|string',
|
|
|
|
]);
|
|
|
|
|
|
|
|
$extraFields = array_diff(array_keys($request->all()), $allowedFields);
|
|
|
|
if ($validator->fails() || ! empty($extraFields)) {
|
|
|
|
$errors = $validator->errors();
|
|
|
|
if (! empty($extraFields)) {
|
|
|
|
foreach ($extraFields as $field) {
|
|
|
|
$errors->add($field, 'This field is not allowed.');
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return response()->json([
|
|
|
|
'message' => 'Validation failed.',
|
|
|
|
'errors' => $errors,
|
|
|
|
], 422);
|
|
|
|
}
|
|
|
|
$foundKey = PrivateKey::where('team_id', $teamId)->where('uuid', $request->uuid)->first();
|
|
|
|
if (is_null($foundKey)) {
|
|
|
|
return response()->json([
|
2024-07-03 11:13:38 +00:00
|
|
|
'message' => 'Private Key not found.',
|
2024-07-01 14:26:50 +00:00
|
|
|
], 404);
|
|
|
|
}
|
|
|
|
$foundKey->update($request->all());
|
|
|
|
|
2024-07-03 11:13:38 +00:00
|
|
|
return response()->json(serializeApiResponse([
|
|
|
|
'uuid' => $foundKey->uuid,
|
|
|
|
]))->setStatusCode(201);
|
2024-07-01 14:26:50 +00:00
|
|
|
}
|
|
|
|
|
2024-07-09 08:45:10 +00:00
|
|
|
#[OA\Delete(
|
|
|
|
summary: 'Delete',
|
|
|
|
description: 'Delete a private key.',
|
|
|
|
path: '/security/keys/{uuid}',
|
|
|
|
security: [
|
|
|
|
['bearerAuth' => []],
|
|
|
|
],
|
|
|
|
tags: ['Private Keys'],
|
|
|
|
parameters: [
|
|
|
|
new OA\Parameter(name: 'uuid', in: 'path', required: true, description: 'Private Key Uuid', schema: new OA\Schema(type: 'integer')),
|
|
|
|
],
|
|
|
|
responses: [
|
|
|
|
new OA\Response(
|
|
|
|
response: 200,
|
|
|
|
description: 'Private Key deleted.',
|
|
|
|
content: [
|
|
|
|
new OA\MediaType(
|
|
|
|
mediaType: 'application/json',
|
|
|
|
schema: new OA\Schema(
|
|
|
|
type: 'object',
|
|
|
|
properties: [
|
|
|
|
'message' => ['type' => 'string', 'example' => 'Private Key deleted.'],
|
|
|
|
]
|
|
|
|
)
|
|
|
|
),
|
|
|
|
]),
|
|
|
|
new OA\Response(
|
|
|
|
response: 401,
|
|
|
|
ref: '#/components/responses/401',
|
|
|
|
),
|
|
|
|
new OA\Response(
|
|
|
|
response: 400,
|
|
|
|
ref: '#/components/responses/400',
|
|
|
|
),
|
|
|
|
new OA\Response(
|
|
|
|
response: 404,
|
|
|
|
description: 'Private Key not found.',
|
|
|
|
),
|
|
|
|
]
|
|
|
|
)]
|
2024-07-01 14:26:50 +00:00
|
|
|
public function delete_key(Request $request)
|
|
|
|
{
|
|
|
|
$teamId = getTeamIdFromToken();
|
|
|
|
if (is_null($teamId)) {
|
|
|
|
return invalidTokenResponse();
|
|
|
|
}
|
|
|
|
if (! $request->uuid) {
|
2024-07-03 11:13:38 +00:00
|
|
|
return response()->json(['message' => 'UUID is required.'], 422);
|
2024-07-01 14:26:50 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
$key = PrivateKey::where('team_id', $teamId)->where('uuid', $request->uuid)->first();
|
|
|
|
if (is_null($key)) {
|
2024-07-03 11:13:38 +00:00
|
|
|
return response()->json(['message' => 'Private Key not found.'], 404);
|
2024-07-01 14:26:50 +00:00
|
|
|
}
|
2024-07-02 14:12:04 +00:00
|
|
|
$key->forceDelete();
|
2024-07-01 14:26:50 +00:00
|
|
|
|
|
|
|
return response()->json([
|
2024-07-03 11:13:38 +00:00
|
|
|
'message' => 'Private Key deleted.',
|
2024-07-01 14:26:50 +00:00
|
|
|
]);
|
|
|
|
}
|
|
|
|
}
|