dave/coolify
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

feat(terminal-access): implement terminal access control for servers and containers, including UI updates and backend logic

Browse Source
This commit is contained in:
Andras Bacsai
2025-05-29 14:09:05 +02:00
parent e9deaca8cd
commit 46b4cfac68
11 changed files with 149 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
app/Livewire/Project/Shared/ExecuteContainerCommand.php
View File

@@ -49,17 +49,18 @@ class ExecuteContainerCommand extends Component
if (! auth()->user()->isAdmin()) {
abort(403);
}
$this->parameters = get_route_parameters();
$this->containers = collect();
$this->servers = collect();
if (data_get($this->parameters, 'application_uuid')) {
$this->type = 'application';
$this->resource = Application::where('uuid', $this->parameters['application_uuid'])->firstOrFail();
if ($this->resource->destination->server->isFunctional()) {
if ($this->resource->destination->server->isFunctional() && $this->resource->destination->server->isTerminalEnabled()) {
$this->servers = $this->servers->push($this->resource->destination->server);
}
foreach ($this->resource->additional_servers as $server) {
if ($server->isFunctional()) {
if ($server->isFunctional() && $server->isTerminalEnabled()) {
$this->servers = $this->servers->push($server);
}
}
@@ -71,14 +72,14 @@ class ExecuteContainerCommand extends Component
abort(404);
}
$this->resource = $resource;
if ($this->resource->destination->server->isFunctional()) {
if ($this->resource->destination->server->isFunctional() && $this->resource->destination->server->isTerminalEnabled()) {
$this->servers = $this->servers->push($this->resource->destination->server);
}
$this->loadContainers();
} elseif (data_get($this->parameters, 'service_uuid')) {
$this->type = 'service';
$this->resource = Service::where('uuid', $this->parameters['service_uuid'])->firstOrFail();
if ($this->resource->server->isFunctional()) {
if ($this->resource->server->isFunctional() && $this->resource->server->isTerminalEnabled()) {
$this->servers = $this->servers->push($this->resource->server);
}
$this->loadContainers();

38
app/Livewire/Server/Advanced.php
View File

@@ -4,9 +4,12 @@ namespace App\Livewire\Server;
use App\Helpers\SslHelper;
use App\Jobs\RegenerateSslCertJob;
use App\Models\InstanceSettings;
use App\Models\Server;
use App\Models\SslCertificate;
use Carbon\Carbon;
use Illuminate\Support\Facades\Auth;
use Illuminate\Support\Facades\Hash;
use Livewire\Attributes\Validate;
use Livewire\Component;
@@ -36,6 +39,9 @@ class Advanced extends Component
#[Validate(['integer', 'min:1'])]
public int $dynamicTimeout = 1;
#[Validate(['boolean'])]
public bool $isTerminalEnabled = false;
public function mount(string $server_uuid)
{
try {
@@ -63,6 +69,37 @@ class Advanced extends Component
$this->showCertificate = ! $this->showCertificate;
}
public function toggleTerminal($password)
{
try {
// Check if user is admin or owner
if (! auth()->user()->isAdmin()) {
throw new \Exception('Only team administrators and owners can modify terminal access.');
}
// Verify password unless two-step confirmation is disabled
if (! data_get(InstanceSettings::get(), 'disable_two_step_confirmation')) {
if (! Hash::check($password, Auth::user()->password)) {
$this->addError('password', 'The provided password is incorrect.');
return;
}
}
// Toggle the terminal setting
$this->server->settings->is_terminal_enabled = ! $this->server->settings->is_terminal_enabled;
$this->server->settings->save();
// Update the local property
$this->isTerminalEnabled = $this->server->settings->is_terminal_enabled;
$status = $this->isTerminalEnabled ? 'enabled' : 'disabled';
$this->dispatch('success', "Terminal access has been {$status}.");
} catch (\Throwable $e) {
return handleError($e, $this);
}
}
public function saveCaCertificate()
{
try {
@@ -149,6 +186,7 @@ class Advanced extends Component
$this->dynamicTimeout = $this->server->settings->dynamic_timeout;
$this->serverDiskUsageNotificationThreshold = $this->server->settings->server_disk_usage_notification_threshold;
$this->serverDiskUsageCheckFrequency = $this->server->settings->server_disk_usage_check_frequency;
$this->isTerminalEnabled = $this->server->settings->is_terminal_enabled;
}
}

4
app/Livewire/Terminal/Index.php
View File

@@ -21,7 +21,9 @@ class Index extends Component
if (! auth()->user()->isAdmin()) {
abort(403);
}
$this->servers = Server::isReachable()->get();
$this->servers = Server::isReachable()->get()->filter(function ($server) {
return $server->isTerminalEnabled();
});
}
public function loadContainers()

5
app/Models/Server.php
View File

@@ -952,6 +952,11 @@ $schema://$host {
}
}
public function isTerminalEnabled()
{
return $this->settings->is_terminal_enabled ?? false;
}
public function isSwarm()
{
return data_get($this, 'settings.is_swarm_manager') || data_get($this, 'settings.is_swarm_worker');

2
app/Models/ServerSetting.php
View File

@@ -28,6 +28,7 @@ use OpenApi\Attributes as OA;
'is_sentinel_enabled' => ['type' => 'boolean'],
'is_swarm_manager' => ['type' => 'boolean'],
'is_swarm_worker' => ['type' => 'boolean'],
'is_terminal_enabled' => ['type' => 'boolean'],
'is_usable' => ['type' => 'boolean'],
'logdrain_axiom_api_key' => ['type' => 'string'],
'logdrain_axiom_dataset_name' => ['type' => 'string'],
@@ -59,6 +60,7 @@ class ServerSetting extends Model
'sentinel_token' => 'encrypted',
'is_reachable' => 'boolean',
'is_usable' => 'boolean',
'is_terminal_enabled' => 'boolean',
];
protected static function booted()