dave/coolify
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

middleware should allow, not deny

Browse Source
This commit is contained in:
Kael
2024-10-30 19:06:50 +11:00
parent d4d63ff273
commit 6520235667
15 changed files with 149 additions and 211 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
app/Http/Controllers/Api/ApplicationsController.php
View File

@@ -29,7 +29,7 @@ class ApplicationsController extends Controller
$application->makeHidden([
'id',
]);
if ($token->can('view:sensitive')) {
if ($token->can('read:sensitive')) {
return serializeApiResponse($application);
}
$application->makeHidden([

2
app/Http/Controllers/Api/DatabasesController.php
View File

@@ -24,7 +24,7 @@ class DatabasesController extends Controller
'id',
'laravel_through_key',
]);
if ($token->can('view:sensitive')) {
if ($token->can('read:sensitive')) {
return serializeApiResponse($database);
}

2
app/Http/Controllers/Api/DeployController.php
View File

@@ -17,7 +17,7 @@ class DeployController extends Controller
private function removeSensitiveData($deployment)
{
$token = auth()->user()->currentAccessToken();
if ($token->can('view:sensitive')) {
if ($token->can('read:sensitive')) {
return serializeApiResponse($deployment);
}

2
app/Http/Controllers/Api/SecurityController.php
View File

@@ -12,7 +12,7 @@ class SecurityController extends Controller
private function removeSensitiveData($team)
{
$token = auth()->user()->currentAccessToken();
if ($token->can('view:sensitive')) {
if ($token->can('read:sensitive')) {
return serializeApiResponse($team);
}
$team->makeHidden([

4
app/Http/Controllers/Api/ServersController.php
View File

@@ -20,7 +20,7 @@ class ServersController extends Controller
private function removeSensitiveDataFromSettings($settings)
{
$token = auth()->user()->currentAccessToken();
if ($token->can('view:sensitive')) {
if ($token->can('read:sensitive')) {
return serializeApiResponse($settings);
}
$settings = $settings->makeHidden([
@@ -36,7 +36,7 @@ class ServersController extends Controller
$server->makeHidden([
'id',
]);
if ($token->can('view:sensitive')) {
if ($token->can('read:sensitive')) {
return serializeApiResponse($server);
}

2
app/Http/Controllers/Api/ServicesController.php
View File

@@ -22,7 +22,7 @@ class ServicesController extends Controller
$service->makeHidden([
'id',
]);
if ($token->can('view:sensitive')) {
if ($token->can('read:sensitive')) {
return serializeApiResponse($service);
}

2
app/Http/Controllers/Api/TeamController.php
View File

@@ -15,7 +15,7 @@ class TeamController extends Controller
'custom_server_limit',
'pivot',
]);
if ($token->can('view:sensitive')) {
if ($token->can('read:sensitive')) {
return serializeApiResponse($team);
}
$team->makeHidden([

28
app/Http/Middleware/IgnoreReadOnlyApiToken.php
View File

@@ -1,28 +0,0 @@
<?php
namespace App\Http\Middleware;
use Closure;
use Illuminate\Http\Request;
use Symfony\Component\HttpFoundation\Response;
class IgnoreReadOnlyApiToken
{
/**
* Handle an incoming request.
*
* @param \Closure(\Illuminate\Http\Request): (\Symfony\Component\HttpFoundation\Response) $next
*/
public function handle(Request $request, Closure $next): Response
{
$token = auth()->user()->currentAccessToken();
if ($token->can('*')) {
return $next($request);
}
if ($token->can('read-only')) {
return response()->json(['message' => 'You are not allowed to perform this action.'], 403);
}
return $next($request);
}
}

25
app/Http/Middleware/OnlyRootApiToken.php
View File

@@ -1,25 +0,0 @@
<?php
namespace App\Http\Middleware;
use Closure;
use Illuminate\Http\Request;
use Symfony\Component\HttpFoundation\Response;
class OnlyRootApiToken
{
/**
* Handle an incoming request.
*
* @param \Closure(\Illuminate\Http\Request): (\Symfony\Component\HttpFoundation\Response) $next
*/
public function handle(Request $request, Closure $next): Response
{
$token = auth()->user()->currentAccessToken();
if ($token->can('*')) {
return $next($request);
}
return response()->json(['message' => 'You are not allowed to perform this action.'], 403);
}
}