dave/coolify
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

fix: root + read:sensive could read senstive data with a middlewarew

Browse Source
This commit is contained in:
Andras Bacsai
2024-12-09 11:10:35 +01:00
parent ff74fb7385
commit 3fa7d03db7
10 changed files with 74 additions and 70 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
app/Http/Controllers/Api/ServersController.php
View File

@@ -19,25 +19,22 @@ class ServersController extends Controller
{
private function removeSensitiveDataFromSettings($settings)
{
$token = auth()->user()->currentAccessToken();
if ($token->can('read:sensitive')) {
return serializeApiResponse($settings);
if (request()->attributes->get('can_read_sensitive', false) === false) {
$settings = $settings->makeHidden([
'sentinel_token',
]);
}
$settings = $settings->makeHidden([
'sentinel_token',
]);
return serializeApiResponse($settings);
}
private function removeSensitiveData($server)
{
$token = auth()->user()->currentAccessToken();
$server->makeHidden([
'id',
]);
if ($token->can('read:sensitive')) {
return serializeApiResponse($server);
if (request()->attributes->get('can_read_sensitive', false) === false) {
// Do nothing
}
return serializeApiResponse($server);