dave/coolify
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

feat(auth): implement authorization checks for server updates across multiple components

Browse Source 
- Added authorization checks using the `authorize` method in various Livewire components to ensure only authorized users can update server settings.
- Updated `ServerPolicy` to restrict update permissions to admin users and their respective teams.
- Enhanced security and access control for server management functionalities.
This commit is contained in:
Andras Bacsai
2025-08-22 13:02:11 +02:00
parent 0748ef3ee5
commit 3ffc751f1a
10 changed files with 47 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
app/Livewire/Server/Proxy.php
View File

@@ -5,10 +5,13 @@ namespace App\Livewire\Server;
use App\Actions\Proxy\CheckConfiguration;
use App\Actions\Proxy\SaveConfiguration;
use App\Models\Server;
use Illuminate\Foundation\Auth\Access\AuthorizesRequests;
use Livewire\Component;
class Proxy extends Component
{
use AuthorizesRequests;
public Server $server;
public ?string $selectedProxy = null;
@@ -47,6 +50,7 @@ class Proxy extends Component
public function changeProxy()
{
$this->authorize('update', $this->server);
$this->server->proxy = null;
$this->server->save();
@@ -56,6 +60,7 @@ class Proxy extends Component
public function selectProxy($proxy_type)
{
try {
$this->authorize('update', $this->server);
$this->server->changeProxy($proxy_type, async: false);
$this->selectedProxy = $this->server->proxy->type;
@@ -68,6 +73,7 @@ class Proxy extends Component
public function instantSave()
{
try {
$this->authorize('update', $this->server);
$this->validate();
$this->server->settings->save();
$this->dispatch('success', 'Settings saved.');
@@ -79,6 +85,7 @@ class Proxy extends Component
public function instantSaveRedirect()
{
try {
$this->authorize('update', $this->server);
$this->server->proxy->redirect_enabled = $this->redirect_enabled;
$this->server->save();
$this->server->setupDefaultRedirect();
@@ -91,6 +98,7 @@ class Proxy extends Component
public function submit()
{
try {
$this->authorize('update', $this->server);
SaveConfiguration::run($this->server, $this->proxy_settings);
$this->server->proxy->redirect_url = $this->redirect_url;
$this->server->save();
@@ -104,6 +112,7 @@ class Proxy extends Component
public function reset_proxy_configuration()
{
try {
$this->authorize('update', $this->server);
$this->proxy_settings = CheckConfiguration::run($this->server, true);
SaveConfiguration::run($this->server, $this->proxy_settings);
$this->server->save();