middleware should allow, not deny
This commit is contained in:
Kael
@@ -29,7 +29,7 @@ class ApplicationsController extends Controller
|
|||||||
$application->makeHidden([
|
$application->makeHidden([
|
||||||
'id',
|
'id',
|
||||||
]);
|
]);
|
||||||
if ($token->can('view:sensitive')) {
|
if ($token->can('read:sensitive')) {
|
||||||
return serializeApiResponse($application);
|
return serializeApiResponse($application);
|
||||||
}
|
}
|
||||||
$application->makeHidden([
|
$application->makeHidden([
|
||||||
|
|||||||
@@ -24,7 +24,7 @@ class DatabasesController extends Controller
|
|||||||
'id',
|
'id',
|
||||||
'laravel_through_key',
|
'laravel_through_key',
|
||||||
]);
|
]);
|
||||||
if ($token->can('view:sensitive')) {
|
if ($token->can('read:sensitive')) {
|
||||||
return serializeApiResponse($database);
|
return serializeApiResponse($database);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -17,7 +17,7 @@ class DeployController extends Controller
|
|||||||
private function removeSensitiveData($deployment)
|
private function removeSensitiveData($deployment)
|
||||||
{
|
{
|
||||||
$token = auth()->user()->currentAccessToken();
|
$token = auth()->user()->currentAccessToken();
|
||||||
if ($token->can('view:sensitive')) {
|
if ($token->can('read:sensitive')) {
|
||||||
return serializeApiResponse($deployment);
|
return serializeApiResponse($deployment);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -12,7 +12,7 @@ class SecurityController extends Controller
|
|||||||
private function removeSensitiveData($team)
|
private function removeSensitiveData($team)
|
||||||
{
|
{
|
||||||
$token = auth()->user()->currentAccessToken();
|
$token = auth()->user()->currentAccessToken();
|
||||||
if ($token->can('view:sensitive')) {
|
if ($token->can('read:sensitive')) {
|
||||||
return serializeApiResponse($team);
|
return serializeApiResponse($team);
|
||||||
}
|
}
|
||||||
$team->makeHidden([
|
$team->makeHidden([
|
||||||
|
|||||||
@@ -20,7 +20,7 @@ class ServersController extends Controller
|
|||||||
private function removeSensitiveDataFromSettings($settings)
|
private function removeSensitiveDataFromSettings($settings)
|
||||||
{
|
{
|
||||||
$token = auth()->user()->currentAccessToken();
|
$token = auth()->user()->currentAccessToken();
|
||||||
if ($token->can('view:sensitive')) {
|
if ($token->can('read:sensitive')) {
|
||||||
return serializeApiResponse($settings);
|
return serializeApiResponse($settings);
|
||||||
}
|
}
|
||||||
$settings = $settings->makeHidden([
|
$settings = $settings->makeHidden([
|
||||||
@@ -36,7 +36,7 @@ class ServersController extends Controller
|
|||||||
$server->makeHidden([
|
$server->makeHidden([
|
||||||
'id',
|
'id',
|
||||||
]);
|
]);
|
||||||
if ($token->can('view:sensitive')) {
|
if ($token->can('read:sensitive')) {
|
||||||
return serializeApiResponse($server);
|
return serializeApiResponse($server);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -22,7 +22,7 @@ class ServicesController extends Controller
|
|||||||
$service->makeHidden([
|
$service->makeHidden([
|
||||||
'id',
|
'id',
|
||||||
]);
|
]);
|
||||||
if ($token->can('view:sensitive')) {
|
if ($token->can('read:sensitive')) {
|
||||||
return serializeApiResponse($service);
|
return serializeApiResponse($service);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -15,7 +15,7 @@ class TeamController extends Controller
|
|||||||
'custom_server_limit',
|
'custom_server_limit',
|
||||||
'pivot',
|
'pivot',
|
||||||
]);
|
]);
|
||||||
if ($token->can('view:sensitive')) {
|
if ($token->can('read:sensitive')) {
|
||||||
return serializeApiResponse($team);
|
return serializeApiResponse($team);
|
||||||
}
|
}
|
||||||
$team->makeHidden([
|
$team->makeHidden([
|
||||||
|
|||||||
@@ -1,28 +0,0 @@
|
|||||||
<?php
|
|
||||||
|
|
||||||
namespace App\Http\Middleware;
|
|
||||||
|
|
||||||
use Closure;
|
|
||||||
use Illuminate\Http\Request;
|
|
||||||
use Symfony\Component\HttpFoundation\Response;
|
|
||||||
|
|
||||||
class IgnoreReadOnlyApiToken
|
|
||||||
{
|
|
||||||
/**
|
|
||||||
* Handle an incoming request.
|
|
||||||
*
|
|
||||||
* @param \Closure(\Illuminate\Http\Request): (\Symfony\Component\HttpFoundation\Response) $next
|
|
||||||
*/
|
|
||||||
public function handle(Request $request, Closure $next): Response
|
|
||||||
{
|
|
||||||
$token = auth()->user()->currentAccessToken();
|
|
||||||
if ($token->can('*')) {
|
|
||||||
return $next($request);
|
|
||||||
}
|
|
||||||
if ($token->can('read-only')) {
|
|
||||||
return response()->json(['message' => 'You are not allowed to perform this action.'], 403);
|
|
||||||
}
|
|
||||||
|
|
||||||
return $next($request);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
@@ -1,25 +0,0 @@
|
|||||||
<?php
|
|
||||||
|
|
||||||
namespace App\Http\Middleware;
|
|
||||||
|
|
||||||
use Closure;
|
|
||||||
use Illuminate\Http\Request;
|
|
||||||
use Symfony\Component\HttpFoundation\Response;
|
|
||||||
|
|
||||||
class OnlyRootApiToken
|
|
||||||
{
|
|
||||||
/**
|
|
||||||
* Handle an incoming request.
|
|
||||||
*
|
|
||||||
* @param \Closure(\Illuminate\Http\Request): (\Symfony\Component\HttpFoundation\Response) $next
|
|
||||||
*/
|
|
||||||
public function handle(Request $request, Closure $next): Response
|
|
||||||
{
|
|
||||||
$token = auth()->user()->currentAccessToken();
|
|
||||||
if ($token->can('*')) {
|
|
||||||
return $next($request);
|
|
||||||
}
|
|
||||||
|
|
||||||
return response()->json(['message' => 'You are not allowed to perform this action.'], 403);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
@@ -11,12 +11,7 @@ class ApiTokens extends Component
|
|||||||
|
|
||||||
public $tokens = [];
|
public $tokens = [];
|
||||||
|
|
||||||
public bool $viewSensitiveData = false;
|
public array $permissions = ['read'];
|
||||||
public bool $readOnly = true;
|
|
||||||
public bool $rootAccess = false;
|
|
||||||
public bool $triggerDeploy = false;
|
|
||||||
|
|
||||||
public array $permissions = ['read-only'];
|
|
||||||
|
|
||||||
public $isApiEnabled;
|
public $isApiEnabled;
|
||||||
|
|
||||||
@@ -31,60 +26,13 @@ class ApiTokens extends Component
|
|||||||
$this->tokens = auth()->user()->tokens->sortByDesc('created_at');
|
$this->tokens = auth()->user()->tokens->sortByDesc('created_at');
|
||||||
}
|
}
|
||||||
|
|
||||||
public function updatedViewSensitiveData()
|
public function updated()
|
||||||
{
|
|
||||||
if ($this->viewSensitiveData) {
|
|
||||||
$this->permissions[] = 'view:sensitive';
|
|
||||||
$this->permissions = array_diff($this->permissions, ['*']);
|
|
||||||
$this->rootAccess = false;
|
|
||||||
} else {
|
|
||||||
$this->permissions = array_diff($this->permissions, ['view:sensitive']);
|
|
||||||
}
|
|
||||||
$this->makeSureOneIsSelected();
|
|
||||||
}
|
|
||||||
|
|
||||||
public function updatedReadOnly()
|
|
||||||
{
|
|
||||||
if ($this->readOnly) {
|
|
||||||
$this->permissions[] = 'read-only';
|
|
||||||
$this->permissions = array_diff($this->permissions, ['*']);
|
|
||||||
$this->rootAccess = false;
|
|
||||||
} else {
|
|
||||||
$this->permissions = array_diff($this->permissions, ['read-only']);
|
|
||||||
}
|
|
||||||
$this->makeSureOneIsSelected();
|
|
||||||
}
|
|
||||||
|
|
||||||
public function updatedRootAccess()
|
|
||||||
{
|
|
||||||
if ($this->rootAccess) {
|
|
||||||
$this->permissions = ['*'];
|
|
||||||
$this->readOnly = false;
|
|
||||||
$this->viewSensitiveData = false;
|
|
||||||
$this->triggerDeploy = false;
|
|
||||||
} else {
|
|
||||||
$this->readOnly = true;
|
|
||||||
$this->permissions = ['read-only'];
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
public function updatedTriggerDeploy()
|
|
||||||
{
|
|
||||||
if ($this->triggerDeploy) {
|
|
||||||
$this->permissions[] = 'trigger-deploy';
|
|
||||||
$this->permissions = array_diff($this->permissions, ['*']);
|
|
||||||
$this->rootAccess = false;
|
|
||||||
} else {
|
|
||||||
$this->permissions = array_diff($this->permissions, ['trigger-deploy']);
|
|
||||||
}
|
|
||||||
$this->makeSureOneIsSelected();
|
|
||||||
}
|
|
||||||
|
|
||||||
public function makeSureOneIsSelected()
|
|
||||||
{
|
{
|
||||||
if (count($this->permissions) == 0) {
|
if (count($this->permissions) == 0) {
|
||||||
$this->permissions = ['read-only'];
|
$this->permissions = ['read'];
|
||||||
$this->readOnly = true;
|
}
|
||||||
|
if (in_array('read:sensitive', $this->permissions) && !in_array('read', $this->permissions)) {
|
||||||
|
$this->permissions[] = 'read';
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -94,7 +42,7 @@ class ApiTokens extends Component
|
|||||||
$this->validate([
|
$this->validate([
|
||||||
'description' => 'required|min:3|max:255',
|
'description' => 'required|min:3|max:255',
|
||||||
]);
|
]);
|
||||||
$token = auth()->user()->createToken($this->description, $this->permissions);
|
$token = auth()->user()->createToken($this->description, array_values($this->permissions));
|
||||||
$this->tokens = auth()->user()->tokens;
|
$this->tokens = auth()->user()->tokens;
|
||||||
session()->flash('token', $token->plainTextToken);
|
session()->flash('token', $token->plainTextToken);
|
||||||
} catch (\Exception $e) {
|
} catch (\Exception $e) {
|
||||||
|
|||||||
@@ -15,6 +15,7 @@ class Checkbox extends Component
|
|||||||
public ?string $id = null,
|
public ?string $id = null,
|
||||||
public ?string $name = null,
|
public ?string $name = null,
|
||||||
public ?string $value = null,
|
public ?string $value = null,
|
||||||
|
public ?string $domValue = null,
|
||||||
public ?string $label = null,
|
public ?string $label = null,
|
||||||
public ?string $helper = null,
|
public ?string $helper = null,
|
||||||
public string|bool $instantSave = false,
|
public string|bool $instantSave = false,
|
||||||
|
|||||||
@@ -0,0 +1,44 @@
|
|||||||
|
<?php
|
||||||
|
|
||||||
|
use App\Models\PersonalAccessToken;
|
||||||
|
use Illuminate\Database\Migrations\Migration;
|
||||||
|
use Illuminate\Database\Schema\Blueprint;
|
||||||
|
use Illuminate\Support\Facades\Schema;
|
||||||
|
|
||||||
|
return new class extends Migration
|
||||||
|
{
|
||||||
|
/**
|
||||||
|
* Run the migrations.
|
||||||
|
*/
|
||||||
|
public function up(): void
|
||||||
|
{
|
||||||
|
$tokens = PersonalAccessToken::all();
|
||||||
|
foreach ($tokens as $token) {
|
||||||
|
$abilities = collect();
|
||||||
|
if (in_array('*', $token->abilities)) $abilities->push('write', 'read', 'read:sensitive');
|
||||||
|
if (in_array('read-only', $token->abilities)) $abilities->push('read');
|
||||||
|
if (in_array('view:sensitive', $token->abilities)) $abilities->push('read', 'read:sensitive');
|
||||||
|
$token->abilities = $abilities->unique()->values()->all();
|
||||||
|
$token->save();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Reverse the migrations.
|
||||||
|
*/
|
||||||
|
public function down(): void
|
||||||
|
{
|
||||||
|
$tokens = PersonalAccessToken::all();
|
||||||
|
foreach ($tokens as $token) {
|
||||||
|
$abilities = collect();
|
||||||
|
if (in_array('write', $token->abilities)) {
|
||||||
|
$abilities->push('*');
|
||||||
|
} else {
|
||||||
|
if (in_array('read', $token->abilities)) $abilities->push('read-only');
|
||||||
|
if (in_array('read:sensitive', $token->abilities)) $abilities->push('view:sensitive');
|
||||||
|
}
|
||||||
|
$token->abilities = $abilities->unique()->values()->all();
|
||||||
|
$token->save();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
};
|
||||||
@@ -5,6 +5,7 @@
|
|||||||
'disabled' => false,
|
'disabled' => false,
|
||||||
'instantSave' => false,
|
'instantSave' => false,
|
||||||
'value' => null,
|
'value' => null,
|
||||||
|
'domValue' => null,
|
||||||
'hideLabel' => false,
|
'hideLabel' => false,
|
||||||
'fullWidth' => false,
|
'fullWidth' => false,
|
||||||
])
|
])
|
||||||
@@ -33,5 +34,7 @@
|
|||||||
<span class="flex-grow"></span>
|
<span class="flex-grow"></span>
|
||||||
<input @disabled($disabled) type="checkbox" {{ $attributes->merge(['class' => $defaultClass]) }}
|
<input @disabled($disabled) type="checkbox" {{ $attributes->merge(['class' => $defaultClass]) }}
|
||||||
@if ($instantSave) wire:loading.attr="disabled" wire:click='{{ $instantSave === 'instantSave' || $instantSave == '1' ? 'instantSave' : $instantSave }}'
|
@if ($instantSave) wire:loading.attr="disabled" wire:click='{{ $instantSave === 'instantSave' || $instantSave == '1' ? 'instantSave' : $instantSave }}'
|
||||||
wire:model={{ $id }} @else wire:model={{ $value ?? $id }} @endif />
|
wire:model="{{ $id }}" @else wire:model="{{ $value ?? $id }}" @endif
|
||||||
|
@if ($domValue) value="{{ $domValue }}" @endif
|
||||||
|
/>
|
||||||
</div>
|
</div>
|
||||||
|
|||||||
@@ -25,21 +25,20 @@
|
|||||||
<div class="flex gap-1 font-bold dark:text-white">
|
<div class="flex gap-1 font-bold dark:text-white">
|
||||||
@if ($permissions)
|
@if ($permissions)
|
||||||
@foreach ($permissions as $permission)
|
@foreach ($permissions as $permission)
|
||||||
@if ($permission === '*')
|
<div>{{ $permission }}</div>
|
||||||
<div>Root access, be careful!</div>
|
|
||||||
@else
|
|
||||||
<div>{{ $permission }}</div>
|
|
||||||
@endif
|
|
||||||
@endforeach
|
@endforeach
|
||||||
@endif
|
@endif
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
|
@if (in_array('write', $permissions))
|
||||||
|
<div class="font-bold text-warning">Root access, be careful!</div>
|
||||||
|
@endif
|
||||||
<h4>Token Permissions</h4>
|
<h4>Token Permissions</h4>
|
||||||
<div class="w-64">
|
<div class="w-64">
|
||||||
<x-forms.checkbox label="Root Access" wire:model.live="rootAccess"></x-forms.checkbox>
|
<x-forms.checkbox label="read" wire:model.live="permissions" domValue="read" :checked="in_array('read', $permissions)"></x-forms.checkbox>
|
||||||
<x-forms.checkbox label="Read-only" wire:model.live="readOnly"></x-forms.checkbox>
|
<x-forms.checkbox label="read:sensitive" wire:model.live="permissions" domValue="read:sensitive" helper="Responses will include secrets, logs, passwords, and compose file contents" :checked="in_array('read:sensitive', $permissions)"></x-forms.checkbox>
|
||||||
<x-forms.checkbox label="View Sensitive Data" wire:model.live="viewSensitiveData"></x-forms.checkbox>
|
<x-forms.checkbox label="write" wire:model.live="permissions" domValue="write" helper="Root access, be careful!" :checked="in_array('write', $permissions)"></x-forms.checkbox>
|
||||||
<x-forms.checkbox label="Trigger Deploy Webhooks" wire:model.live="triggerDeploy"></x-forms.checkbox>
|
<x-forms.checkbox label="deploy" wire:model.live="permissions" domValue="deploy" helper="Can trigger deploy webhooks" :checked="in_array('deploy', $permissions)"></x-forms.checkbox>
|
||||||
</div>
|
</div>
|
||||||
</form>
|
</form>
|
||||||
@if (session()->has('token'))
|
@if (session()->has('token'))
|
||||||
|
|||||||
158
routes/api.php
158
routes/api.php
@@ -11,8 +11,6 @@ use App\Http\Controllers\Api\ServersController;
|
|||||||
use App\Http\Controllers\Api\ServicesController;
|
use App\Http\Controllers\Api\ServicesController;
|
||||||
use App\Http\Controllers\Api\TeamController;
|
use App\Http\Controllers\Api\TeamController;
|
||||||
use App\Http\Middleware\ApiAllowed;
|
use App\Http\Middleware\ApiAllowed;
|
||||||
use App\Http\Middleware\IgnoreReadOnlyApiToken;
|
|
||||||
use App\Http\Middleware\OnlyRootApiToken;
|
|
||||||
use App\Jobs\PushServerUpdateJob;
|
use App\Jobs\PushServerUpdateJob;
|
||||||
use App\Models\Server;
|
use App\Models\Server;
|
||||||
use Illuminate\Support\Facades\Route;
|
use Illuminate\Support\Facades\Route;
|
||||||
@@ -21,7 +19,7 @@ Route::get('/health', [OtherController::class, 'healthcheck']);
|
|||||||
Route::post('/feedback', [OtherController::class, 'feedback']);
|
Route::post('/feedback', [OtherController::class, 'feedback']);
|
||||||
|
|
||||||
Route::group([
|
Route::group([
|
||||||
'middleware' => ['auth:sanctum', OnlyRootApiToken::class],
|
'middleware' => ['auth:sanctum', 'ability:write'],
|
||||||
'prefix' => 'v1',
|
'prefix' => 'v1',
|
||||||
], function () {
|
], function () {
|
||||||
Route::get('/enable', [OtherController::class, 'enable_api']);
|
Route::get('/enable', [OtherController::class, 'enable_api']);
|
||||||
@@ -31,105 +29,103 @@ Route::group([
|
|||||||
'middleware' => ['auth:sanctum', ApiAllowed::class],
|
'middleware' => ['auth:sanctum', ApiAllowed::class],
|
||||||
'prefix' => 'v1',
|
'prefix' => 'v1',
|
||||||
], function () {
|
], function () {
|
||||||
Route::get('/version', [OtherController::class, 'version']);
|
Route::get('/version', [OtherController::class, 'version'])->middleware(['ability:read']);
|
||||||
|
|
||||||
Route::get('/teams', [TeamController::class, 'teams']);
|
Route::get('/teams', [TeamController::class, 'teams'])->middleware(['ability:read']);
|
||||||
Route::get('/teams/current', [TeamController::class, 'current_team']);
|
Route::get('/teams/current', [TeamController::class, 'current_team'])->middleware(['ability:read']);
|
||||||
Route::get('/teams/current/members', [TeamController::class, 'current_team_members']);
|
Route::get('/teams/current/members', [TeamController::class, 'current_team_members'])->middleware(['ability:read']);
|
||||||
Route::get('/teams/{id}', [TeamController::class, 'team_by_id']);
|
Route::get('/teams/{id}', [TeamController::class, 'team_by_id'])->middleware(['ability:read']);
|
||||||
Route::get('/teams/{id}/members', [TeamController::class, 'members_by_id']);
|
Route::get('/teams/{id}/members', [TeamController::class, 'members_by_id'])->middleware(['ability:read']);
|
||||||
|
|
||||||
Route::get('/projects', [ProjectController::class, 'projects']);
|
Route::get('/projects', [ProjectController::class, 'projects'])->middleware(['ability:read']);
|
||||||
Route::get('/projects/{uuid}', [ProjectController::class, 'project_by_uuid']);
|
Route::get('/projects/{uuid}', [ProjectController::class, 'project_by_uuid'])->middleware(['ability:read']);
|
||||||
Route::get('/projects/{uuid}/{environment_name}', [ProjectController::class, 'environment_details']);
|
Route::get('/projects/{uuid}/{environment_name}', [ProjectController::class, 'environment_details'])->middleware(['ability:read']);
|
||||||
|
|
||||||
Route::post('/projects', [ProjectController::class, 'create_project']);
|
Route::post('/projects', [ProjectController::class, 'create_project'])->middleware(['ability:read']);
|
||||||
Route::patch('/projects/{uuid}', [ProjectController::class, 'update_project']);
|
Route::patch('/projects/{uuid}', [ProjectController::class, 'update_project'])->middleware(['ability:write']);
|
||||||
Route::delete('/projects/{uuid}', [ProjectController::class, 'delete_project']);
|
Route::delete('/projects/{uuid}', [ProjectController::class, 'delete_project'])->middleware(['ability:write']);
|
||||||
|
|
||||||
Route::get('/security/keys', [SecurityController::class, 'keys']);
|
Route::get('/security/keys', [SecurityController::class, 'keys'])->middleware(['ability:read']);
|
||||||
Route::post('/security/keys', [SecurityController::class, 'create_key'])->middleware([IgnoreReadOnlyApiToken::class]);
|
Route::post('/security/keys', [SecurityController::class, 'create_key'])->middleware(['ability:write']);
|
||||||
|
|
||||||
Route::get('/security/keys/{uuid}', [SecurityController::class, 'key_by_uuid']);
|
Route::get('/security/keys/{uuid}', [SecurityController::class, 'key_by_uuid'])->middleware(['ability:read']);
|
||||||
Route::patch('/security/keys/{uuid}', [SecurityController::class, 'update_key'])->middleware([IgnoreReadOnlyApiToken::class]);
|
Route::patch('/security/keys/{uuid}', [SecurityController::class, 'update_key'])->middleware(['ability:write']);
|
||||||
Route::delete('/security/keys/{uuid}', [SecurityController::class, 'delete_key'])->middleware([IgnoreReadOnlyApiToken::class]);
|
Route::delete('/security/keys/{uuid}', [SecurityController::class, 'delete_key'])->middleware(['ability:write']);
|
||||||
|
|
||||||
Route::match(['get', 'post'], '/deploy', [DeployController::class, 'deploy'])
|
Route::match(['get', 'post'], '/deploy', [DeployController::class, 'deploy'])->middleware(['ability:write,deploy']);
|
||||||
->middleware([IgnoreReadOnlyApiToken::class, 'auth:sanctum', 'ability:trigger-deploy']);
|
Route::get('/deployments', [DeployController::class, 'deployments'])->middleware(['ability:read']);
|
||||||
Route::get('/deployments', [DeployController::class, 'deployments']);
|
Route::get('/deployments/{uuid}', [DeployController::class, 'deployment_by_uuid'])->middleware(['ability:read']);
|
||||||
Route::get('/deployments/{uuid}', [DeployController::class, 'deployment_by_uuid']);
|
|
||||||
|
|
||||||
Route::get('/servers', [ServersController::class, 'servers']);
|
Route::get('/servers', [ServersController::class, 'servers'])->middleware(['ability:read']);
|
||||||
Route::get('/servers/{uuid}', [ServersController::class, 'server_by_uuid']);
|
Route::get('/servers/{uuid}', [ServersController::class, 'server_by_uuid'])->middleware(['ability:read']);
|
||||||
Route::get('/servers/{uuid}/domains', [ServersController::class, 'domains_by_server']);
|
Route::get('/servers/{uuid}/domains', [ServersController::class, 'domains_by_server'])->middleware(['ability:read']);
|
||||||
Route::get('/servers/{uuid}/resources', [ServersController::class, 'resources_by_server']);
|
Route::get('/servers/{uuid}/resources', [ServersController::class, 'resources_by_server'])->middleware(['ability:read']);
|
||||||
|
|
||||||
Route::get('/servers/{uuid}/validate', [ServersController::class, 'validate_server']);
|
Route::get('/servers/{uuid}/validate', [ServersController::class, 'validate_server'])->middleware(['ability:read']);
|
||||||
|
|
||||||
Route::post('/servers', [ServersController::class, 'create_server']);
|
Route::post('/servers', [ServersController::class, 'create_server'])->middleware(['ability:read']);
|
||||||
Route::patch('/servers/{uuid}', [ServersController::class, 'update_server']);
|
Route::patch('/servers/{uuid}', [ServersController::class, 'update_server'])->middleware(['ability:write']);
|
||||||
Route::delete('/servers/{uuid}', [ServersController::class, 'delete_server']);
|
Route::delete('/servers/{uuid}', [ServersController::class, 'delete_server'])->middleware(['ability:write']);
|
||||||
|
|
||||||
Route::get('/resources', [ResourcesController::class, 'resources']);
|
Route::get('/resources', [ResourcesController::class, 'resources'])->middleware(['ability:read']);
|
||||||
|
|
||||||
Route::get('/applications', [ApplicationsController::class, 'applications']);
|
Route::get('/applications', [ApplicationsController::class, 'applications'])->middleware(['ability:read']);
|
||||||
Route::post('/applications/public', [ApplicationsController::class, 'create_public_application'])->middleware([IgnoreReadOnlyApiToken::class]);
|
Route::post('/applications/public', [ApplicationsController::class, 'create_public_application'])->middleware(['ability:write']);
|
||||||
Route::post('/applications/private-github-app', [ApplicationsController::class, 'create_private_gh_app_application'])->middleware([IgnoreReadOnlyApiToken::class]);
|
Route::post('/applications/private-github-app', [ApplicationsController::class, 'create_private_gh_app_application'])->middleware(['ability:write']);
|
||||||
Route::post('/applications/private-deploy-key', [ApplicationsController::class, 'create_private_deploy_key_application'])->middleware([IgnoreReadOnlyApiToken::class]);
|
Route::post('/applications/private-deploy-key', [ApplicationsController::class, 'create_private_deploy_key_application'])->middleware(['ability:write']);
|
||||||
Route::post('/applications/dockerfile', [ApplicationsController::class, 'create_dockerfile_application'])->middleware([IgnoreReadOnlyApiToken::class]);
|
Route::post('/applications/dockerfile', [ApplicationsController::class, 'create_dockerfile_application'])->middleware(['ability:write']);
|
||||||
Route::post('/applications/dockerimage', [ApplicationsController::class, 'create_dockerimage_application'])->middleware([IgnoreReadOnlyApiToken::class]);
|
Route::post('/applications/dockerimage', [ApplicationsController::class, 'create_dockerimage_application'])->middleware(['ability:write']);
|
||||||
Route::post('/applications/dockercompose', [ApplicationsController::class, 'create_dockercompose_application'])->middleware([IgnoreReadOnlyApiToken::class]);
|
Route::post('/applications/dockercompose', [ApplicationsController::class, 'create_dockercompose_application'])->middleware(['ability:write']);
|
||||||
|
|
||||||
Route::get('/applications/{uuid}', [ApplicationsController::class, 'application_by_uuid']);
|
Route::get('/applications/{uuid}', [ApplicationsController::class, 'application_by_uuid'])->middleware(['ability:read']);
|
||||||
Route::patch('/applications/{uuid}', [ApplicationsController::class, 'update_by_uuid'])->middleware([IgnoreReadOnlyApiToken::class]);
|
Route::patch('/applications/{uuid}', [ApplicationsController::class, 'update_by_uuid'])->middleware(['ability:write']);
|
||||||
Route::delete('/applications/{uuid}', [ApplicationsController::class, 'delete_by_uuid'])->middleware([IgnoreReadOnlyApiToken::class]);
|
Route::delete('/applications/{uuid}', [ApplicationsController::class, 'delete_by_uuid'])->middleware(['ability:write']);
|
||||||
|
|
||||||
Route::get('/applications/{uuid}/envs', [ApplicationsController::class, 'envs']);
|
Route::get('/applications/{uuid}/envs', [ApplicationsController::class, 'envs'])->middleware(['ability:read']);
|
||||||
Route::post('/applications/{uuid}/envs', [ApplicationsController::class, 'create_env'])->middleware([IgnoreReadOnlyApiToken::class]);
|
Route::post('/applications/{uuid}/envs', [ApplicationsController::class, 'create_env'])->middleware(['ability:write']);
|
||||||
Route::patch('/applications/{uuid}/envs/bulk', [ApplicationsController::class, 'create_bulk_envs'])->middleware([IgnoreReadOnlyApiToken::class]);
|
Route::patch('/applications/{uuid}/envs/bulk', [ApplicationsController::class, 'create_bulk_envs'])->middleware(['ability:write']);
|
||||||
Route::patch('/applications/{uuid}/envs', [ApplicationsController::class, 'update_env_by_uuid'])->middleware([IgnoreReadOnlyApiToken::class]);
|
Route::patch('/applications/{uuid}/envs', [ApplicationsController::class, 'update_env_by_uuid'])->middleware(['ability:write']);
|
||||||
Route::delete('/applications/{uuid}/envs/{env_uuid}', [ApplicationsController::class, 'delete_env_by_uuid'])->middleware([IgnoreReadOnlyApiToken::class]);
|
Route::delete('/applications/{uuid}/envs/{env_uuid}', [ApplicationsController::class, 'delete_env_by_uuid'])->middleware(['ability:write']);
|
||||||
// Route::post('/applications/{uuid}/execute', [ApplicationsController::class, 'execute_command_by_uuid'])->middleware([OnlyRootApiToken::class]);
|
// Route::post('/applications/{uuid}/execute', [ApplicationsController::class, 'execute_command_by_uuid'])->middleware(['ability:write']);
|
||||||
|
|
||||||
Route::match(['get', 'post'], '/applications/{uuid}/start', [ApplicationsController::class, 'action_deploy'])->middleware([IgnoreReadOnlyApiToken::class]);
|
Route::match(['get', 'post'], '/applications/{uuid}/start', [ApplicationsController::class, 'action_deploy'])->middleware(['ability:write']);
|
||||||
Route::match(['get', 'post'], '/applications/{uuid}/restart', [ApplicationsController::class, 'action_restart'])->middleware([IgnoreReadOnlyApiToken::class]);
|
Route::match(['get', 'post'], '/applications/{uuid}/restart', [ApplicationsController::class, 'action_restart'])->middleware(['ability:write']);
|
||||||
Route::match(['get', 'post'], '/applications/{uuid}/stop', [ApplicationsController::class, 'action_stop'])->middleware([IgnoreReadOnlyApiToken::class]);
|
Route::match(['get', 'post'], '/applications/{uuid}/stop', [ApplicationsController::class, 'action_stop'])->middleware(['ability:write']);
|
||||||
|
|
||||||
Route::get('/databases', [DatabasesController::class, 'databases']);
|
Route::get('/databases', [DatabasesController::class, 'databases'])->middleware(['ability:read']);
|
||||||
Route::post('/databases/postgresql', [DatabasesController::class, 'create_database_postgresql'])->middleware([IgnoreReadOnlyApiToken::class]);
|
Route::post('/databases/postgresql', [DatabasesController::class, 'create_database_postgresql'])->middleware(['ability:write']);
|
||||||
Route::post('/databases/mysql', [DatabasesController::class, 'create_database_mysql'])->middleware([IgnoreReadOnlyApiToken::class]);
|
Route::post('/databases/mysql', [DatabasesController::class, 'create_database_mysql'])->middleware(['ability:write']);
|
||||||
Route::post('/databases/mariadb', [DatabasesController::class, 'create_database_mariadb'])->middleware([IgnoreReadOnlyApiToken::class]);
|
Route::post('/databases/mariadb', [DatabasesController::class, 'create_database_mariadb'])->middleware(['ability:write']);
|
||||||
Route::post('/databases/mongodb', [DatabasesController::class, 'create_database_mongodb'])->middleware([IgnoreReadOnlyApiToken::class]);
|
Route::post('/databases/mongodb', [DatabasesController::class, 'create_database_mongodb'])->middleware(['ability:write']);
|
||||||
Route::post('/databases/redis', [DatabasesController::class, 'create_database_redis'])->middleware([IgnoreReadOnlyApiToken::class]);
|
Route::post('/databases/redis', [DatabasesController::class, 'create_database_redis'])->middleware(['ability:write']);
|
||||||
Route::post('/databases/clickhouse', [DatabasesController::class, 'create_database_clickhouse'])->middleware([IgnoreReadOnlyApiToken::class]);
|
Route::post('/databases/clickhouse', [DatabasesController::class, 'create_database_clickhouse'])->middleware(['ability:write']);
|
||||||
Route::post('/databases/dragonfly', [DatabasesController::class, 'create_database_dragonfly'])->middleware([IgnoreReadOnlyApiToken::class]);
|
Route::post('/databases/dragonfly', [DatabasesController::class, 'create_database_dragonfly'])->middleware(['ability:write']);
|
||||||
Route::post('/databases/keydb', [DatabasesController::class, 'create_database_keydb'])->middleware([IgnoreReadOnlyApiToken::class]);
|
Route::post('/databases/keydb', [DatabasesController::class, 'create_database_keydb'])->middleware(['ability:write']);
|
||||||
|
|
||||||
Route::get('/databases/{uuid}', [DatabasesController::class, 'database_by_uuid']);
|
Route::get('/databases/{uuid}', [DatabasesController::class, 'database_by_uuid'])->middleware(['ability:read']);
|
||||||
Route::patch('/databases/{uuid}', [DatabasesController::class, 'update_by_uuid'])->middleware([IgnoreReadOnlyApiToken::class]);
|
Route::patch('/databases/{uuid}', [DatabasesController::class, 'update_by_uuid'])->middleware(['ability:write']);
|
||||||
Route::delete('/databases/{uuid}', [DatabasesController::class, 'delete_by_uuid'])->middleware([IgnoreReadOnlyApiToken::class]);
|
Route::delete('/databases/{uuid}', [DatabasesController::class, 'delete_by_uuid'])->middleware(['ability:write']);
|
||||||
|
|
||||||
Route::match(['get', 'post'], '/databases/{uuid}/start', [DatabasesController::class, 'action_deploy'])->middleware([IgnoreReadOnlyApiToken::class]);
|
Route::match(['get', 'post'], '/databases/{uuid}/start', [DatabasesController::class, 'action_deploy'])->middleware(['ability:write']);
|
||||||
Route::match(['get', 'post'], '/databases/{uuid}/restart', [DatabasesController::class, 'action_restart'])->middleware([IgnoreReadOnlyApiToken::class]);
|
Route::match(['get', 'post'], '/databases/{uuid}/restart', [DatabasesController::class, 'action_restart'])->middleware(['ability:write']);
|
||||||
Route::match(['get', 'post'], '/databases/{uuid}/stop', [DatabasesController::class, 'action_stop'])->middleware([IgnoreReadOnlyApiToken::class]);
|
Route::match(['get', 'post'], '/databases/{uuid}/stop', [DatabasesController::class, 'action_stop'])->middleware(['ability:write']);
|
||||||
|
|
||||||
Route::get('/services', [ServicesController::class, 'services']);
|
Route::get('/services', [ServicesController::class, 'services'])->middleware(['ability:read']);
|
||||||
Route::post('/services', [ServicesController::class, 'create_service'])->middleware([IgnoreReadOnlyApiToken::class]);
|
Route::post('/services', [ServicesController::class, 'create_service'])->middleware(['ability:write']);
|
||||||
|
|
||||||
Route::get('/services/{uuid}', [ServicesController::class, 'service_by_uuid']);
|
Route::get('/services/{uuid}', [ServicesController::class, 'service_by_uuid'])->middleware(['ability:read']);
|
||||||
// Route::patch('/services/{uuid}', [ServicesController::class, 'update_by_uuid'])->middleware([IgnoreReadOnlyApiToken::class]);
|
// Route::patch('/services/{uuid}', [ServicesController::class, 'update_by_uuid'])->middleware(['ability:write']);
|
||||||
Route::delete('/services/{uuid}', [ServicesController::class, 'delete_by_uuid'])->middleware([IgnoreReadOnlyApiToken::class]);
|
Route::delete('/services/{uuid}', [ServicesController::class, 'delete_by_uuid'])->middleware(['ability:write']);
|
||||||
|
|
||||||
Route::get('/services/{uuid}/envs', [ServicesController::class, 'envs']);
|
Route::get('/services/{uuid}/envs', [ServicesController::class, 'envs'])->middleware(['ability:read']);
|
||||||
Route::post('/services/{uuid}/envs', [ServicesController::class, 'create_env'])->middleware([IgnoreReadOnlyApiToken::class]);
|
Route::post('/services/{uuid}/envs', [ServicesController::class, 'create_env'])->middleware(['ability:write']);
|
||||||
Route::patch('/services/{uuid}/envs/bulk', [ServicesController::class, 'create_bulk_envs'])->middleware([IgnoreReadOnlyApiToken::class]);
|
Route::patch('/services/{uuid}/envs/bulk', [ServicesController::class, 'create_bulk_envs'])->middleware(['ability:write']);
|
||||||
Route::patch('/services/{uuid}/envs', [ServicesController::class, 'update_env_by_uuid'])->middleware([IgnoreReadOnlyApiToken::class]);
|
Route::patch('/services/{uuid}/envs', [ServicesController::class, 'update_env_by_uuid'])->middleware(['ability:write']);
|
||||||
Route::delete('/services/{uuid}/envs/{env_uuid}', [ServicesController::class, 'delete_env_by_uuid'])->middleware([IgnoreReadOnlyApiToken::class]);
|
Route::delete('/services/{uuid}/envs/{env_uuid}', [ServicesController::class, 'delete_env_by_uuid'])->middleware(['ability:write']);
|
||||||
|
|
||||||
Route::match(['get', 'post'], '/services/{uuid}/start', [ServicesController::class, 'action_deploy'])->middleware([IgnoreReadOnlyApiToken::class]);
|
|
||||||
Route::match(['get', 'post'], '/services/{uuid}/restart', [ServicesController::class, 'action_restart'])->middleware([IgnoreReadOnlyApiToken::class]);
|
|
||||||
Route::match(['get', 'post'], '/services/{uuid}/stop', [ServicesController::class, 'action_stop'])->middleware([IgnoreReadOnlyApiToken::class]);
|
|
||||||
|
|
||||||
|
Route::match(['get', 'post'], '/services/{uuid}/start', [ServicesController::class, 'action_deploy'])->middleware(['ability:write']);
|
||||||
|
Route::match(['get', 'post'], '/services/{uuid}/restart', [ServicesController::class, 'action_restart'])->middleware(['ability:write']);
|
||||||
|
Route::match(['get', 'post'], '/services/{uuid}/stop', [ServicesController::class, 'action_stop'])->middleware(['ability:write']);
|
||||||
});
|
});
|
||||||
|
|
||||||
Route::group([
|
Route::group([
|
||||||
|
|||||||
Reference in New Issue
Block a user