feat: token permissions
feat: handle sensitive data feat: handle read-only data
This commit is contained in:
parent
1249b1ece9
commit
c39d6dd407
@ -21,6 +21,27 @@
|
||||
|
||||
class ApplicationsController extends Controller
|
||||
{
|
||||
private function removeSensitiveData($application)
|
||||
{
|
||||
$token = auth()->user()->currentAccessToken();
|
||||
if ($token->can('view:sensitive')) {
|
||||
return serializeApiResponse($application);
|
||||
}
|
||||
$application->makeHidden([
|
||||
'custom_labels',
|
||||
'dockerfile',
|
||||
'docker_compose',
|
||||
'docker_compose_raw',
|
||||
'manual_webhook_secret_bitbucket',
|
||||
'manual_webhook_secret_gitea',
|
||||
'manual_webhook_secret_github',
|
||||
'manual_webhook_secret_gitlab',
|
||||
'private_key_id',
|
||||
]);
|
||||
|
||||
return serializeApiResponse($application);
|
||||
}
|
||||
|
||||
public function applications(Request $request)
|
||||
{
|
||||
$teamId = getTeamIdFromToken();
|
||||
@ -32,7 +53,7 @@ public function applications(Request $request)
|
||||
$applications->push($projects->pluck('applications')->flatten());
|
||||
$applications = $applications->flatten();
|
||||
$applications = $applications->map(function ($application) {
|
||||
return serializeApiResponse($application);
|
||||
return $this->removeSensitiveData($application);
|
||||
});
|
||||
|
||||
return response()->json([
|
||||
@ -484,10 +505,6 @@ public function application_by_uuid(Request $request)
|
||||
if (! $uuid) {
|
||||
return response()->json(['success' => false, 'message' => 'UUID is required.'], 400);
|
||||
}
|
||||
$return = validateIncomingRequest($request);
|
||||
if ($return instanceof \Illuminate\Http\JsonResponse) {
|
||||
return $return;
|
||||
}
|
||||
$application = Application::ownedByCurrentTeamAPI($teamId)->where('uuid', $request->uuid)->first();
|
||||
if (! $application) {
|
||||
return response()->json(['success' => false, 'message' => 'Application not found.'], 404);
|
||||
@ -495,7 +512,7 @@ public function application_by_uuid(Request $request)
|
||||
|
||||
return response()->json([
|
||||
'success' => true,
|
||||
'data' => serializeApiResponse($application),
|
||||
'data' => $this->removeSensitiveData($application),
|
||||
]);
|
||||
}
|
||||
|
||||
@ -625,7 +642,7 @@ public function update_by_uuid(Request $request)
|
||||
|
||||
return response()->json([
|
||||
'success' => true,
|
||||
'data' => serializeApiResponse($application),
|
||||
'data' => $this->removeSensitiveData($application),
|
||||
]);
|
||||
}
|
||||
|
||||
@ -635,10 +652,6 @@ public function envs_by_uuid(Request $request)
|
||||
if (is_null($teamId)) {
|
||||
return invalidTokenResponse();
|
||||
}
|
||||
$return = validateIncomingRequest($request);
|
||||
if ($return instanceof \Illuminate\Http\JsonResponse) {
|
||||
return $return;
|
||||
}
|
||||
$application = Application::ownedByCurrentTeamAPI($teamId)->where('uuid', $request->uuid)->first();
|
||||
|
||||
if (! $application) {
|
||||
|
@ -20,6 +20,27 @@
|
||||
|
||||
class DatabasesController extends Controller
|
||||
{
|
||||
private function removeSensitiveData($database)
|
||||
{
|
||||
$token = auth()->user()->currentAccessToken();
|
||||
if ($token->can('view:sensitive')) {
|
||||
return serializeApiResponse($database);
|
||||
}
|
||||
|
||||
$database->makeHidden([
|
||||
'internal_db_url',
|
||||
'external_db_url',
|
||||
'postgres_password',
|
||||
'dragonfly_password',
|
||||
'redis_password',
|
||||
'mongo_initdb_root_password',
|
||||
'keydb_password',
|
||||
'clickhouse_admin_password',
|
||||
]);
|
||||
|
||||
return serializeApiResponse($database);
|
||||
}
|
||||
|
||||
public function databases(Request $request)
|
||||
{
|
||||
$teamId = getTeamIdFromToken();
|
||||
@ -32,7 +53,7 @@ public function databases(Request $request)
|
||||
$databases = $databases->merge($project->databases());
|
||||
}
|
||||
$databases = $databases->map(function ($database) {
|
||||
return serializeApiResponse($database);
|
||||
return $this->removeSensitiveData($database);
|
||||
});
|
||||
|
||||
return response()->json([
|
||||
@ -57,7 +78,7 @@ public function database_by_uuid(Request $request)
|
||||
|
||||
return response()->json([
|
||||
'success' => true,
|
||||
'data' => serializeApiResponse($database),
|
||||
'data' => $this->removeSensitiveData($database),
|
||||
]);
|
||||
}
|
||||
|
||||
|
@ -20,6 +20,20 @@
|
||||
|
||||
class DeployController extends Controller
|
||||
{
|
||||
private function removeSensitiveData($deployment)
|
||||
{
|
||||
$token = auth()->user()->currentAccessToken();
|
||||
if ($token->can('view:sensitive')) {
|
||||
return serializeApiResponse($deployment);
|
||||
}
|
||||
|
||||
$deployment->makeHidden([
|
||||
'logs',
|
||||
]);
|
||||
|
||||
return serializeApiResponse($deployment);
|
||||
}
|
||||
|
||||
public function deployments(Request $request)
|
||||
{
|
||||
$teamId = getTeamIdFromToken();
|
||||
@ -61,7 +75,7 @@ public function deployment_by_uuid(Request $request)
|
||||
|
||||
return response()->json([
|
||||
'success' => true,
|
||||
'data' => serializeApiResponse($deployment->makeHidden('logs')),
|
||||
'data' => $this->removeSensitiveData($deployment),
|
||||
]);
|
||||
}
|
||||
|
||||
|
@ -7,17 +7,36 @@
|
||||
|
||||
class TeamController extends Controller
|
||||
{
|
||||
private function removeSensitiveData($team)
|
||||
{
|
||||
$token = auth()->user()->currentAccessToken();
|
||||
if ($token->can('view:sensitive')) {
|
||||
return serializeApiResponse($team);
|
||||
}
|
||||
$team->makeHidden([
|
||||
'smtp_username',
|
||||
'smtp_password',
|
||||
'resend_api_key',
|
||||
'telegram_token',
|
||||
]);
|
||||
|
||||
return serializeApiResponse($team);
|
||||
}
|
||||
|
||||
public function teams(Request $request)
|
||||
{
|
||||
$teamId = getTeamIdFromToken();
|
||||
if (is_null($teamId)) {
|
||||
return invalidTokenResponse();
|
||||
}
|
||||
$teams = auth()->user()->teams;
|
||||
$teams = auth()->user()->teams->sortBy('id');
|
||||
$teams = $teams->map(function ($team) {
|
||||
return $this->removeSensitiveData($team);
|
||||
});
|
||||
|
||||
return response()->json([
|
||||
'success' => true,
|
||||
'data' => serializeApiResponse($teams),
|
||||
'data' => $teams,
|
||||
]);
|
||||
}
|
||||
|
||||
@ -33,6 +52,7 @@ public function team_by_id(Request $request)
|
||||
if (is_null($team)) {
|
||||
return response()->json(['success' => false, 'message' => 'Team not found.', 'docs' => 'https://coolify.io/docs/api-reference/get-team-by-teamid'], 404);
|
||||
}
|
||||
$team = $this->removeSensitiveData($team);
|
||||
|
||||
return response()->json([
|
||||
'success' => true,
|
||||
@ -52,10 +72,11 @@ public function members_by_id(Request $request)
|
||||
if (is_null($team)) {
|
||||
return response()->json(['success' => false, 'message' => 'Team not found.', 'docs' => 'https://coolify.io/docs/api-reference/get-team-by-teamid-members'], 404);
|
||||
}
|
||||
$members = $team->members;
|
||||
|
||||
return response()->json([
|
||||
'success' => true,
|
||||
'data' => serializeApiResponse($team->members),
|
||||
'data' => serializeApiResponse($members),
|
||||
]);
|
||||
}
|
||||
|
||||
|
@ -67,5 +67,7 @@ class Kernel extends HttpKernel
|
||||
'signed' => \App\Http\Middleware\ValidateSignature::class,
|
||||
'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
|
||||
'verified' => \Illuminate\Auth\Middleware\EnsureEmailIsVerified::class,
|
||||
'abilities' => \Laravel\Sanctum\Http\Middleware\CheckAbilities::class,
|
||||
'ability' => \Laravel\Sanctum\Http\Middleware\CheckForAnyAbility::class,
|
||||
];
|
||||
}
|
||||
|
25
app/Http/Middleware/OnlyRootApiToken.php
Normal file
25
app/Http/Middleware/OnlyRootApiToken.php
Normal file
@ -0,0 +1,25 @@
|
||||
<?php
|
||||
|
||||
namespace App\Http\Middleware;
|
||||
|
||||
use Closure;
|
||||
use Illuminate\Http\Request;
|
||||
use Symfony\Component\HttpFoundation\Response;
|
||||
|
||||
class OnlyRootApiToken
|
||||
{
|
||||
/**
|
||||
* Handle an incoming request.
|
||||
*
|
||||
* @param \Closure(\Illuminate\Http\Request): (\Symfony\Component\HttpFoundation\Response) $next
|
||||
*/
|
||||
public function handle(Request $request, Closure $next): Response
|
||||
{
|
||||
$token = auth()->user()->currentAccessToken();
|
||||
if ($token->can('*')) {
|
||||
return $next($request);
|
||||
}
|
||||
|
||||
return response()->json(['success' => false, 'message' => 'You are not allowed to perform this action.'], 403);
|
||||
}
|
||||
}
|
28
app/Http/Middleware/ReadOnlyApiToken.php
Normal file
28
app/Http/Middleware/ReadOnlyApiToken.php
Normal file
@ -0,0 +1,28 @@
|
||||
<?php
|
||||
|
||||
namespace App\Http\Middleware;
|
||||
|
||||
use Closure;
|
||||
use Illuminate\Http\Request;
|
||||
use Symfony\Component\HttpFoundation\Response;
|
||||
|
||||
class ReadOnlyApiToken
|
||||
{
|
||||
/**
|
||||
* Handle an incoming request.
|
||||
*
|
||||
* @param \Closure(\Illuminate\Http\Request): (\Symfony\Component\HttpFoundation\Response) $next
|
||||
*/
|
||||
public function handle(Request $request, Closure $next): Response
|
||||
{
|
||||
$token = auth()->user()->currentAccessToken();
|
||||
if ($token->can('*')) {
|
||||
return $next($request);
|
||||
}
|
||||
if ($token->can('read-only')) {
|
||||
return response()->json(['success' => false, 'message' => 'You are not allowed to perform this action.'], 403);
|
||||
}
|
||||
|
||||
return $next($request);
|
||||
}
|
||||
}
|
@ -332,8 +332,7 @@ public function handle(): void
|
||||
private function backup_standalone_mongodb(string $databaseWithCollections): void
|
||||
{
|
||||
try {
|
||||
ray($this->database->toArray());
|
||||
$url = $this->database->get_db_url(useInternal: true);
|
||||
$url = $this->database->internal_db_url;
|
||||
if ($databaseWithCollections === 'all') {
|
||||
$commands[] = 'mkdir -p '.$this->backup_dir;
|
||||
if (str($this->database->image)->startsWith('mongo:4.0')) {
|
||||
|
@ -46,10 +46,8 @@ class General extends Component
|
||||
|
||||
public function mount()
|
||||
{
|
||||
$this->db_url = $this->database->get_db_url(true);
|
||||
if ($this->database->is_public) {
|
||||
$this->db_url_public = $this->database->get_db_url();
|
||||
}
|
||||
$this->db_url = $this->database->internal_db_url;
|
||||
$this->db_url_public = $this->database->external_db_url;
|
||||
$this->server = data_get($this->database, 'destination.server');
|
||||
}
|
||||
|
||||
@ -87,13 +85,12 @@ public function instantSave()
|
||||
return;
|
||||
}
|
||||
StartDatabaseProxy::run($this->database);
|
||||
$this->db_url_public = $this->database->get_db_url();
|
||||
$this->dispatch('success', 'Database is now publicly accessible.');
|
||||
} else {
|
||||
StopDatabaseProxy::run($this->database);
|
||||
$this->db_url_public = null;
|
||||
$this->dispatch('success', 'Database is no longer publicly accessible.');
|
||||
}
|
||||
$this->db_url_public = $this->database->external_db_url;
|
||||
$this->database->save();
|
||||
} catch (\Throwable $e) {
|
||||
$this->database->is_public = ! $this->database->is_public;
|
||||
|
@ -44,10 +44,8 @@ class General extends Component
|
||||
|
||||
public function mount()
|
||||
{
|
||||
$this->db_url = $this->database->get_db_url(true);
|
||||
if ($this->database->is_public) {
|
||||
$this->db_url_public = $this->database->get_db_url();
|
||||
}
|
||||
$this->db_url = $this->database->internal_db_url;
|
||||
$this->db_url_public = $this->database->external_db_url;
|
||||
$this->server = data_get($this->database, 'destination.server');
|
||||
}
|
||||
|
||||
@ -102,13 +100,12 @@ public function instantSave()
|
||||
return;
|
||||
}
|
||||
StartDatabaseProxy::run($this->database);
|
||||
$this->db_url_public = $this->database->get_db_url();
|
||||
$this->dispatch('success', 'Database is now publicly accessible.');
|
||||
} else {
|
||||
StopDatabaseProxy::run($this->database);
|
||||
$this->db_url_public = null;
|
||||
$this->dispatch('success', 'Database is no longer publicly accessible.');
|
||||
}
|
||||
$this->db_url_public = $this->database->external_db_url;
|
||||
$this->database->save();
|
||||
} catch (\Throwable $e) {
|
||||
$this->database->is_public = ! $this->database->is_public;
|
||||
|
@ -46,10 +46,8 @@ class General extends Component
|
||||
|
||||
public function mount()
|
||||
{
|
||||
$this->db_url = $this->database->get_db_url(true);
|
||||
if ($this->database->is_public) {
|
||||
$this->db_url_public = $this->database->get_db_url();
|
||||
}
|
||||
$this->db_url = $this->database->internal_db_url;
|
||||
$this->db_url_public = $this->database->external_db_url;
|
||||
$this->server = data_get($this->database, 'destination.server');
|
||||
|
||||
}
|
||||
@ -108,13 +106,12 @@ public function instantSave()
|
||||
return;
|
||||
}
|
||||
StartDatabaseProxy::run($this->database);
|
||||
$this->db_url_public = $this->database->get_db_url();
|
||||
$this->dispatch('success', 'Database is now publicly accessible.');
|
||||
} else {
|
||||
StopDatabaseProxy::run($this->database);
|
||||
$this->db_url_public = null;
|
||||
$this->dispatch('success', 'Database is no longer publicly accessible.');
|
||||
}
|
||||
$this->db_url_public = $this->database->external_db_url;
|
||||
$this->database->save();
|
||||
} catch (\Throwable $e) {
|
||||
$this->database->is_public = ! $this->database->is_public;
|
||||
|
@ -52,10 +52,8 @@ class General extends Component
|
||||
|
||||
public function mount()
|
||||
{
|
||||
$this->db_url = $this->database->get_db_url(true);
|
||||
if ($this->database->is_public) {
|
||||
$this->db_url_public = $this->database->get_db_url();
|
||||
}
|
||||
$this->db_url = $this->database->internal_db_url;
|
||||
$this->db_url_public = $this->database->external_db_url;
|
||||
$this->server = data_get($this->database, 'destination.server');
|
||||
|
||||
}
|
||||
@ -114,13 +112,12 @@ public function instantSave()
|
||||
return;
|
||||
}
|
||||
StartDatabaseProxy::run($this->database);
|
||||
$this->db_url_public = $this->database->get_db_url();
|
||||
$this->dispatch('success', 'Database is now publicly accessible.');
|
||||
} else {
|
||||
StopDatabaseProxy::run($this->database);
|
||||
$this->db_url_public = null;
|
||||
$this->dispatch('success', 'Database is no longer publicly accessible.');
|
||||
}
|
||||
$this->db_url_public = $this->database->external_db_url;
|
||||
$this->database->save();
|
||||
} catch (\Throwable $e) {
|
||||
$this->database->is_public = ! $this->database->is_public;
|
||||
|
@ -50,10 +50,8 @@ class General extends Component
|
||||
|
||||
public function mount()
|
||||
{
|
||||
$this->db_url = $this->database->get_db_url(true);
|
||||
if ($this->database->is_public) {
|
||||
$this->db_url_public = $this->database->get_db_url();
|
||||
}
|
||||
$this->db_url = $this->database->internal_db_url;
|
||||
$this->db_url_public = $this->database->external_db_url;
|
||||
$this->server = data_get($this->database, 'destination.server');
|
||||
|
||||
}
|
||||
@ -115,13 +113,12 @@ public function instantSave()
|
||||
return;
|
||||
}
|
||||
StartDatabaseProxy::run($this->database);
|
||||
$this->db_url_public = $this->database->get_db_url();
|
||||
$this->dispatch('success', 'Database is now publicly accessible.');
|
||||
} else {
|
||||
StopDatabaseProxy::run($this->database);
|
||||
$this->db_url_public = null;
|
||||
$this->dispatch('success', 'Database is no longer publicly accessible.');
|
||||
}
|
||||
$this->db_url_public = $this->database->external_db_url;
|
||||
$this->database->save();
|
||||
} catch (\Throwable $e) {
|
||||
$this->database->is_public = ! $this->database->is_public;
|
||||
|
@ -52,10 +52,8 @@ class General extends Component
|
||||
|
||||
public function mount()
|
||||
{
|
||||
$this->db_url = $this->database->get_db_url(true);
|
||||
if ($this->database->is_public) {
|
||||
$this->db_url_public = $this->database->get_db_url();
|
||||
}
|
||||
$this->db_url = $this->database->internal_db_url;
|
||||
$this->db_url_public = $this->database->external_db_url;
|
||||
$this->server = data_get($this->database, 'destination.server');
|
||||
}
|
||||
|
||||
@ -113,13 +111,12 @@ public function instantSave()
|
||||
return;
|
||||
}
|
||||
StartDatabaseProxy::run($this->database);
|
||||
$this->db_url_public = $this->database->get_db_url();
|
||||
$this->dispatch('success', 'Database is now publicly accessible.');
|
||||
} else {
|
||||
StopDatabaseProxy::run($this->database);
|
||||
$this->db_url_public = null;
|
||||
$this->dispatch('success', 'Database is no longer publicly accessible.');
|
||||
}
|
||||
$this->db_url_public = $this->database->external_db_url;
|
||||
$this->database->save();
|
||||
} catch (\Throwable $e) {
|
||||
$this->database->is_public = ! $this->database->is_public;
|
||||
|
@ -72,10 +72,8 @@ public function getListeners()
|
||||
|
||||
public function mount()
|
||||
{
|
||||
$this->db_url = $this->database->get_db_url(true);
|
||||
if ($this->database->is_public) {
|
||||
$this->db_url_public = $this->database->get_db_url();
|
||||
}
|
||||
$this->db_url = $this->database->internal_db_url;
|
||||
$this->db_url_public = $this->database->external_db_url;
|
||||
$this->server = data_get($this->database, 'destination.server');
|
||||
}
|
||||
|
||||
@ -118,13 +116,12 @@ public function instantSave()
|
||||
return;
|
||||
}
|
||||
StartDatabaseProxy::run($this->database);
|
||||
$this->db_url_public = $this->database->get_db_url();
|
||||
$this->dispatch('success', 'Database is now publicly accessible.');
|
||||
} else {
|
||||
StopDatabaseProxy::run($this->database);
|
||||
$this->db_url_public = null;
|
||||
$this->dispatch('success', 'Database is no longer publicly accessible.');
|
||||
}
|
||||
$this->db_url_public = $this->database->external_db_url;
|
||||
$this->database->save();
|
||||
} catch (\Throwable $e) {
|
||||
$this->database->is_public = ! $this->database->is_public;
|
||||
|
@ -46,10 +46,8 @@ class General extends Component
|
||||
|
||||
public function mount()
|
||||
{
|
||||
$this->db_url = $this->database->get_db_url(true);
|
||||
if ($this->database->is_public) {
|
||||
$this->db_url_public = $this->database->get_db_url();
|
||||
}
|
||||
$this->db_url = $this->database->internal_db_url;
|
||||
$this->db_url_public = $this->database->external_db_url;
|
||||
$this->server = data_get($this->database, 'destination.server');
|
||||
|
||||
}
|
||||
@ -102,13 +100,12 @@ public function instantSave()
|
||||
return;
|
||||
}
|
||||
StartDatabaseProxy::run($this->database);
|
||||
$this->db_url_public = $this->database->get_db_url();
|
||||
$this->dispatch('success', 'Database is now publicly accessible.');
|
||||
} else {
|
||||
StopDatabaseProxy::run($this->database);
|
||||
$this->db_url_public = null;
|
||||
$this->dispatch('success', 'Database is no longer publicly accessible.');
|
||||
}
|
||||
$this->db_url_public = $this->database->external_db_url;
|
||||
$this->database->save();
|
||||
} catch (\Throwable $e) {
|
||||
$this->database->is_public = ! $this->database->is_public;
|
||||
|
@ -10,6 +10,12 @@ class ApiTokens extends Component
|
||||
|
||||
public $tokens = [];
|
||||
|
||||
public bool $viewSensitiveData = false;
|
||||
|
||||
public bool $readOnly = true;
|
||||
|
||||
public array $permissions = ['read-only'];
|
||||
|
||||
public function render()
|
||||
{
|
||||
return view('livewire.security.api-tokens');
|
||||
@ -17,7 +23,33 @@ public function render()
|
||||
|
||||
public function mount()
|
||||
{
|
||||
$this->tokens = auth()->user()->tokens;
|
||||
$this->tokens = auth()->user()->tokens->sortByDesc('created_at');
|
||||
}
|
||||
|
||||
public function updatedViewSensitiveData()
|
||||
{
|
||||
if ($this->viewSensitiveData) {
|
||||
$this->permissions[] = 'view:sensitive';
|
||||
$this->permissions = array_diff($this->permissions, ['*']);
|
||||
} else {
|
||||
$this->permissions = array_diff($this->permissions, ['view:sensitive']);
|
||||
}
|
||||
if (count($this->permissions) == 0) {
|
||||
$this->permissions = ['*'];
|
||||
}
|
||||
}
|
||||
|
||||
public function updatedReadOnly()
|
||||
{
|
||||
if ($this->readOnly) {
|
||||
$this->permissions[] = 'read-only';
|
||||
$this->permissions = array_diff($this->permissions, ['*']);
|
||||
} else {
|
||||
$this->permissions = array_diff($this->permissions, ['read-only']);
|
||||
}
|
||||
if (count($this->permissions) == 0) {
|
||||
$this->permissions = ['*'];
|
||||
}
|
||||
}
|
||||
|
||||
public function addNewToken()
|
||||
@ -26,7 +58,13 @@ public function addNewToken()
|
||||
$this->validate([
|
||||
'description' => 'required|min:3|max:255',
|
||||
]);
|
||||
$token = auth()->user()->createToken($this->description);
|
||||
// if ($this->viewSensitiveData) {
|
||||
// $this->permissions[] = 'view:sensitive';
|
||||
// }
|
||||
// if ($this->readOnly) {
|
||||
// $this->permissions[] = 'read-only';
|
||||
// }
|
||||
$token = auth()->user()->createToken($this->description, $this->permissions);
|
||||
$this->tokens = auth()->user()->tokens;
|
||||
session()->flash('token', $token->plainTextToken);
|
||||
} catch (\Exception $e) {
|
||||
|
@ -195,7 +195,7 @@ public function type(): string
|
||||
protected function internalDbUrl(): Attribute
|
||||
{
|
||||
return new Attribute(
|
||||
get: fn () => "clickhouse://{$this->clickhouse_user}:{$this->clickhouse_password}@{$this->uuid}:9000/{$this->clickhouse_db}",
|
||||
get: fn () => "clickhouse://{$this->clickhouse_admin_user}:{$this->clickhouse_admin_password}@{$this->uuid}:9000/{$this->clickhouse_db}",
|
||||
);
|
||||
}
|
||||
|
||||
@ -204,7 +204,7 @@ protected function externalDbUrl(): Attribute
|
||||
return new Attribute(
|
||||
get: function () {
|
||||
if ($this->is_public && $this->public_port) {
|
||||
return "clickhouse://{$this->clickhouse_user}:{$this->clickhouse_password}@{$this->destination->server->getIp}:{$this->public_port}/{$this->clickhouse_db}";
|
||||
return "clickhouse://{$this->clickhouse_admin_user}:{$this->clickhouse_admin_password}@{$this->destination->server->getIp}:{$this->public_port}/{$this->clickhouse_db}";
|
||||
}
|
||||
|
||||
return null;
|
||||
@ -212,15 +212,6 @@ protected function externalDbUrl(): Attribute
|
||||
);
|
||||
}
|
||||
|
||||
public function get_db_url(bool $useInternal = false)
|
||||
{
|
||||
if ($this->is_public && ! $useInternal) {
|
||||
return $this->externalDbUrl;
|
||||
} else {
|
||||
return $this->internalDbUrl;
|
||||
}
|
||||
}
|
||||
|
||||
public function environment()
|
||||
{
|
||||
return $this->belongsTo(Environment::class);
|
||||
|
@ -212,15 +212,6 @@ protected function externalDbUrl(): Attribute
|
||||
);
|
||||
}
|
||||
|
||||
public function get_db_url(bool $useInternal = false)
|
||||
{
|
||||
if ($this->is_public && ! $useInternal) {
|
||||
return $this->externalDbUrl;
|
||||
} else {
|
||||
return $this->internalDbUrl;
|
||||
}
|
||||
}
|
||||
|
||||
public function environment()
|
||||
{
|
||||
return $this->belongsTo(Environment::class);
|
||||
|
@ -212,15 +212,6 @@ protected function externalDbUrl(): Attribute
|
||||
);
|
||||
}
|
||||
|
||||
public function get_db_url(bool $useInternal = false)
|
||||
{
|
||||
if ($this->is_public && ! $useInternal) {
|
||||
return $this->externalDbUrl;
|
||||
} else {
|
||||
return $this->internalDbUrl;
|
||||
}
|
||||
}
|
||||
|
||||
public function environment()
|
||||
{
|
||||
return $this->belongsTo(Environment::class);
|
||||
|
@ -212,15 +212,6 @@ protected function externalDbUrl(): Attribute
|
||||
);
|
||||
}
|
||||
|
||||
public function get_db_url(bool $useInternal = false)
|
||||
{
|
||||
if ($this->is_public && ! $useInternal) {
|
||||
return $this->externalDbUrl;
|
||||
} else {
|
||||
return $this->internalDbUrl;
|
||||
}
|
||||
}
|
||||
|
||||
public function environment()
|
||||
{
|
||||
return $this->belongsTo(Environment::class);
|
||||
|
@ -232,15 +232,6 @@ protected function externalDbUrl(): Attribute
|
||||
);
|
||||
}
|
||||
|
||||
public function get_db_url(bool $useInternal = false)
|
||||
{
|
||||
if ($this->is_public && ! $useInternal) {
|
||||
return $this->externalDbUrl;
|
||||
} else {
|
||||
return $this->internalDbUrl;
|
||||
}
|
||||
}
|
||||
|
||||
public function environment()
|
||||
{
|
||||
return $this->belongsTo(Environment::class);
|
||||
|
@ -213,15 +213,6 @@ protected function externalDbUrl(): Attribute
|
||||
);
|
||||
}
|
||||
|
||||
public function get_db_url(bool $useInternal = false)
|
||||
{
|
||||
if ($this->is_public && ! $useInternal) {
|
||||
return $this->externalDbUrl;
|
||||
} else {
|
||||
return $this->internalDbUrl;
|
||||
}
|
||||
}
|
||||
|
||||
public function environment()
|
||||
{
|
||||
return $this->belongsTo(Environment::class);
|
||||
|
@ -213,15 +213,6 @@ protected function externalDbUrl(): Attribute
|
||||
);
|
||||
}
|
||||
|
||||
public function get_db_url(bool $useInternal = false)
|
||||
{
|
||||
if ($this->is_public && ! $useInternal) {
|
||||
return $this->externalDbUrl;
|
||||
} else {
|
||||
return $this->internalDbUrl;
|
||||
}
|
||||
}
|
||||
|
||||
public function environment()
|
||||
{
|
||||
return $this->belongsTo(Environment::class);
|
||||
|
@ -208,15 +208,6 @@ protected function externalDbUrl(): Attribute
|
||||
);
|
||||
}
|
||||
|
||||
public function get_db_url(bool $useInternal = false)
|
||||
{
|
||||
if ($this->is_public && ! $useInternal) {
|
||||
return $this->externalDbUrl;
|
||||
} else {
|
||||
return $this->internalDbUrl;
|
||||
}
|
||||
}
|
||||
|
||||
public function environment()
|
||||
{
|
||||
return $this->belongsTo(Environment::class);
|
||||
|
@ -19,37 +19,67 @@ function invalidTokenResponse()
|
||||
|
||||
function serializeApiResponse($data)
|
||||
{
|
||||
if (! $data instanceof Collection) {
|
||||
$data = collect($data);
|
||||
}
|
||||
$data = $data->sortKeys();
|
||||
|
||||
$created_at = data_get($data, 'created_at');
|
||||
$updated_at = data_get($data, 'updated_at');
|
||||
if ($data instanceof Collection) {
|
||||
$data = $data->map(function ($d) {
|
||||
$d = collect($d)->sortKeys();
|
||||
$created_at = data_get($d, 'created_at');
|
||||
$updated_at = data_get($d, 'updated_at');
|
||||
if ($created_at) {
|
||||
unset($data['created_at']);
|
||||
$data['created_at'] = $created_at;
|
||||
unset($d['created_at']);
|
||||
$d['created_at'] = $created_at;
|
||||
|
||||
}
|
||||
if ($updated_at) {
|
||||
unset($data['updated_at']);
|
||||
$data['updated_at'] = $updated_at;
|
||||
unset($d['updated_at']);
|
||||
$d['updated_at'] = $updated_at;
|
||||
}
|
||||
if (data_get($data, 'name')) {
|
||||
$data = $data->prepend($data['name'], 'name');
|
||||
if (data_get($d, 'name')) {
|
||||
$d = $d->prepend($d['name'], 'name');
|
||||
}
|
||||
if (data_get($data, 'description')) {
|
||||
$data = $data->prepend($data['description'], 'description');
|
||||
if (data_get($d, 'description')) {
|
||||
$d = $d->prepend($d['description'], 'description');
|
||||
}
|
||||
if (data_get($data, 'uuid')) {
|
||||
$data = $data->prepend($data['uuid'], 'uuid');
|
||||
if (data_get($d, 'uuid')) {
|
||||
$d = $d->prepend($d['uuid'], 'uuid');
|
||||
}
|
||||
|
||||
if (data_get($data, 'id')) {
|
||||
$data = $data->prepend($data['id'], 'id');
|
||||
if (! is_null(data_get($d, 'id'))) {
|
||||
$d = $d->prepend($d['id'], 'id');
|
||||
}
|
||||
|
||||
return $d;
|
||||
});
|
||||
|
||||
return $data;
|
||||
} else {
|
||||
$d = collect($data)->sortKeys();
|
||||
$created_at = data_get($d, 'created_at');
|
||||
$updated_at = data_get($d, 'updated_at');
|
||||
if ($created_at) {
|
||||
unset($d['created_at']);
|
||||
$d['created_at'] = $created_at;
|
||||
|
||||
}
|
||||
if ($updated_at) {
|
||||
unset($d['updated_at']);
|
||||
$d['updated_at'] = $updated_at;
|
||||
}
|
||||
if (data_get($d, 'name')) {
|
||||
$d = $d->prepend($d['name'], 'name');
|
||||
}
|
||||
if (data_get($d, 'description')) {
|
||||
$d = $d->prepend($d['description'], 'description');
|
||||
}
|
||||
if (data_get($d, 'uuid')) {
|
||||
$d = $d->prepend($d['uuid'], 'uuid');
|
||||
}
|
||||
|
||||
if (! is_null(data_get($d, 'id'))) {
|
||||
$d = $d->prepend($d['id'], 'id');
|
||||
}
|
||||
|
||||
return $d;
|
||||
}
|
||||
}
|
||||
|
||||
function sharedDataApplications()
|
||||
|
@ -3,29 +3,59 @@
|
||||
API Tokens | Coolify
|
||||
</x-slot>
|
||||
<x-security.navbar />
|
||||
<div class="flex gap-2">
|
||||
<h2 class="pb-4">API Tokens</h2>
|
||||
<x-helper
|
||||
helper="Tokens are created with the current team as scope. You will only have access to this team's resources." />
|
||||
<div class="pb-4 ">
|
||||
<h2>API Tokens</h2>
|
||||
<div>Tokens are created with the current team as scope. You will only have access to this team's resources.
|
||||
</div>
|
||||
<h4>Create New Token</h4>
|
||||
<form class="flex items-end gap-2 pt-4" wire:submit='addNewToken'>
|
||||
</div>
|
||||
<h3>New Token</h3>
|
||||
<form class="flex flex-col gap-2 pt-4" wire:submit='addNewToken'>
|
||||
<div class="flex items-end gap-2">
|
||||
<x-forms.input required id="description" label="Description" />
|
||||
<x-forms.button type="submit">Create New Token</x-forms.button>
|
||||
</div>
|
||||
<div class="flex">
|
||||
Permissions <x-helper class="px-1" helper="These permissions will be granted to the token." /><span
|
||||
class="pr-1">:</span>
|
||||
<div class="flex gap-1 font-bold dark:text-white">
|
||||
@if ($permissions)
|
||||
@foreach ($permissions as $permission)
|
||||
@if ($permission === '*')
|
||||
<div>All (root/admin access), be careful!</div>
|
||||
@else
|
||||
<div>{{ $permission }}</div>
|
||||
@endif
|
||||
@endforeach
|
||||
@endif
|
||||
</div>
|
||||
</div>
|
||||
<h4>Token Permissions</h4>
|
||||
<div class="w-64">
|
||||
<x-forms.checkbox label="Read-only" wire:model.live="readOnly"></x-forms.checkbox>
|
||||
<x-forms.checkbox label="View Sensitive Data" wire:model.live="viewSensitiveData"></x-forms.checkbox>
|
||||
</div>
|
||||
</form>
|
||||
@if (session()->has('token'))
|
||||
<div class="py-4 font-bold dark:text-warning">Please copy this token now. For your security, it won't be shown again.
|
||||
<div class="py-4 font-bold dark:text-warning">Please copy this token now. For your security, it won't be shown
|
||||
again.
|
||||
</div>
|
||||
<div class="pb-4 font-bold dark:text-white"> {{ session('token') }}</div>
|
||||
@endif
|
||||
<h4 class="py-4">Issued Tokens</h4>
|
||||
<h3 class="py-4">Issued Tokens</h3>
|
||||
<div class="grid gap-2 lg:grid-cols-1">
|
||||
@forelse ($tokens as $token)
|
||||
<div class="flex items-center gap-2">
|
||||
<div
|
||||
class="flex items-center gap-2 group-hover:dark:text-white p-2 border border-coolgray-200 hover:dark:text-white hover:no-underline min-w-[24rem] cursor-default">
|
||||
<div>{{ $token->name }}</div>
|
||||
<div class="flex flex-col gap-1 p-2 border dark:border-coolgray-200 hover:no-underline">
|
||||
<div>Description: {{ $token->name }}</div>
|
||||
<div>Last used: {{ $token->last_used_at ? $token->last_used_at->diffForHumans() : 'Never' }}</div>
|
||||
<div class="flex gap-1">
|
||||
@if ($token->abilities)
|
||||
Abilities:
|
||||
@foreach ($token->abilities as $ability)
|
||||
<div class="font-bold dark:text-white">{{ $ability }}</div>
|
||||
@endforeach
|
||||
@endif
|
||||
</div>
|
||||
|
||||
<x-modal-confirmation isErrorButton action="revoke({{ data_get($token, 'id') }})">
|
||||
<x-slot:button-title>
|
||||
Revoke token
|
||||
|
@ -10,6 +10,8 @@
|
||||
use App\Http\Controllers\Api\ServersController;
|
||||
use App\Http\Controllers\Api\TeamController;
|
||||
use App\Http\Middleware\ApiAllowed;
|
||||
use App\Http\Middleware\OnlyRootApiToken;
|
||||
use App\Http\Middleware\ReadOnlyApiToken;
|
||||
use App\Models\InstanceSettings;
|
||||
use Illuminate\Http\Request;
|
||||
use Illuminate\Support\Facades\Http;
|
||||
@ -31,7 +33,7 @@
|
||||
});
|
||||
|
||||
Route::group([
|
||||
'middleware' => ['auth:sanctum'],
|
||||
'middleware' => ['auth:sanctum', OnlyRootApiToken::class],
|
||||
'prefix' => 'v1',
|
||||
], function () {
|
||||
Route::get('/enable', function () {
|
||||
@ -81,13 +83,13 @@
|
||||
Route::get('/projects/{uuid}/{environment_name}', [ProjectController::class, 'environment_details']);
|
||||
|
||||
Route::get('/security/keys', [SecurityController::class, 'keys']);
|
||||
Route::post('/security/keys', [SecurityController::class, 'create_key']);
|
||||
Route::post('/security/keys', [SecurityController::class, 'create_key'])->middleware([ReadOnlyApiToken::class]);
|
||||
|
||||
Route::get('/security/keys/{uuid}', [SecurityController::class, 'key_by_uuid']);
|
||||
Route::patch('/security/keys/{uuid}', [SecurityController::class, 'update_key']);
|
||||
Route::delete('/security/keys/{uuid}', [SecurityController::class, 'delete_key']);
|
||||
Route::patch('/security/keys/{uuid}', [SecurityController::class, 'update_key'])->middleware([ReadOnlyApiToken::class]);
|
||||
Route::delete('/security/keys/{uuid}', [SecurityController::class, 'delete_key'])->middleware([ReadOnlyApiToken::class]);
|
||||
|
||||
Route::match(['get', 'post'], '/deploy', [DeployController::class, 'deploy']);
|
||||
Route::match(['get', 'post'], '/deploy', [DeployController::class, 'deploy'])->middleware([ReadOnlyApiToken::class]);
|
||||
|
||||
Route::get('/deployments', [DeployController::class, 'deployments']);
|
||||
Route::get('/deployments/{uuid}', [DeployController::class, 'deployment_by_uuid']);
|
||||
@ -99,29 +101,29 @@
|
||||
Route::get('/resources', [ResourcesController::class, 'resources']);
|
||||
|
||||
Route::get('/applications', [ApplicationsController::class, 'applications']);
|
||||
Route::post('/applications', [ApplicationsController::class, 'create_application']);
|
||||
Route::post('/applications', [ApplicationsController::class, 'create_application'])->middleware([ReadOnlyApiToken::class]);
|
||||
|
||||
Route::get('/applications/{uuid}', [ApplicationsController::class, 'application_by_uuid']);
|
||||
Route::patch('/applications/{uuid}', [ApplicationsController::class, 'update_by_uuid']);
|
||||
Route::delete('/applications/{uuid}', [ApplicationsController::class, 'delete_by_uuid']);
|
||||
Route::patch('/applications/{uuid}', [ApplicationsController::class, 'update_by_uuid'])->middleware([ReadOnlyApiToken::class]);
|
||||
Route::delete('/applications/{uuid}', [ApplicationsController::class, 'delete_by_uuid'])->middleware([ReadOnlyApiToken::class]);
|
||||
|
||||
Route::get('/applications/{uuid}/envs', [ApplicationsController::class, 'envs_by_uuid']);
|
||||
Route::post('/applications/{uuid}/envs', [ApplicationsController::class, 'create_env']);
|
||||
Route::post('/applications/{uuid}/envs/bulk', [ApplicationsController::class, 'create_bulk_envs']);
|
||||
Route::post('/applications/{uuid}/envs', [ApplicationsController::class, 'create_env'])->middleware([ReadOnlyApiToken::class]);
|
||||
Route::post('/applications/{uuid}/envs/bulk', [ApplicationsController::class, 'create_bulk_envs'])->middleware([ReadOnlyApiToken::class]);
|
||||
Route::patch('/applications/{uuid}/envs', [ApplicationsController::class, 'update_env_by_uuid']);
|
||||
Route::delete('/applications/{uuid}/envs/{env_uuid}', [ApplicationsController::class, 'delete_env_by_uuid']);
|
||||
Route::delete('/applications/{uuid}/envs/{env_uuid}', [ApplicationsController::class, 'delete_env_by_uuid'])->middleware([ReadOnlyApiToken::class]);
|
||||
|
||||
Route::match(['get', 'post'], '/applications/{uuid}/action/deploy', [ApplicationsController::class, 'action_deploy']);
|
||||
Route::match(['get', 'post'], '/applications/{uuid}/action/restart', [ApplicationsController::class, 'action_restart']);
|
||||
Route::match(['get', 'post'], '/applications/{uuid}/action/stop', [ApplicationsController::class, 'action_stop']);
|
||||
Route::match(['get', 'post'], '/applications/{uuid}/action/deploy', [ApplicationsController::class, 'action_deploy'])->middleware([ReadOnlyApiToken::class]);
|
||||
Route::match(['get', 'post'], '/applications/{uuid}/action/restart', [ApplicationsController::class, 'action_restart'])->middleware([ReadOnlyApiToken::class]);
|
||||
Route::match(['get', 'post'], '/applications/{uuid}/action/stop', [ApplicationsController::class, 'action_stop'])->middleware([ReadOnlyApiToken::class]);
|
||||
|
||||
Route::get('/databases', [DatabasesController::class, 'databases']);
|
||||
Route::post('/databases', [DatabasesController::class, 'create_database']);
|
||||
Route::post('/databases', [DatabasesController::class, 'create_database'])->middleware([ReadOnlyApiToken::class]);
|
||||
Route::get('/databases/{uuid}', [DatabasesController::class, 'database_by_uuid']);
|
||||
// Route::patch('/databases/{uuid}', [DatabasesController::class, 'update_by_uuid']);
|
||||
Route::delete('/databases/{uuid}', [DatabasesController::class, 'delete_by_uuid']);
|
||||
Route::delete('/databases/{uuid}', [DatabasesController::class, 'delete_by_uuid'])->middleware([ReadOnlyApiToken::class]);
|
||||
|
||||
Route::delete('/envs/{env_uuid}', [EnvironmentVariablesController::class, 'delete_env_by_uuid']);
|
||||
Route::delete('/envs/{env_uuid}', [EnvironmentVariablesController::class, 'delete_env_by_uuid'])->middleware([ReadOnlyApiToken::class]);
|
||||
|
||||
});
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user