Merge pull request #4067 from KaelWD/feat/deployment-token
feat: add deploy-only token permission
This commit is contained in:
Andras Bacsai
@@ -25,13 +25,10 @@ class ApplicationsController extends Controller
|
||||
{
|
||||
private function removeSensitiveData($application)
|
||||
{
|
||||
$token = auth()->user()->currentAccessToken();
|
||||
$application->makeHidden([
|
||||
'id',
|
||||
]);
|
||||
if ($token->can('view:sensitive')) {
|
||||
return serializeApiResponse($application);
|
||||
}
|
||||
if (request()->attributes->get('can_read_sensitive', false) === false) {
|
||||
$application->makeHidden([
|
||||
'custom_labels',
|
||||
'dockerfile',
|
||||
@@ -45,6 +42,7 @@ class ApplicationsController extends Controller
|
||||
'value',
|
||||
'real_value',
|
||||
]);
|
||||
}
|
||||
|
||||
return serializeApiResponse($application);
|
||||
}
|
||||
|
||||
@@ -19,15 +19,11 @@ class DatabasesController extends Controller
|
||||
{
|
||||
private function removeSensitiveData($database)
|
||||
{
|
||||
$token = auth()->user()->currentAccessToken();
|
||||
$database->makeHidden([
|
||||
'id',
|
||||
'laravel_through_key',
|
||||
]);
|
||||
if ($token->can('view:sensitive')) {
|
||||
return serializeApiResponse($database);
|
||||
}
|
||||
|
||||
if (request()->attributes->get('can_read_sensitive', false) === false) {
|
||||
$database->makeHidden([
|
||||
'internal_db_url',
|
||||
'external_db_url',
|
||||
@@ -38,6 +34,7 @@ class DatabasesController extends Controller
|
||||
'keydb_password',
|
||||
'clickhouse_admin_password',
|
||||
]);
|
||||
}
|
||||
|
||||
return serializeApiResponse($database);
|
||||
}
|
||||
|
||||
@@ -16,14 +16,11 @@ class DeployController extends Controller
|
||||
{
|
||||
private function removeSensitiveData($deployment)
|
||||
{
|
||||
$token = auth()->user()->currentAccessToken();
|
||||
if ($token->can('view:sensitive')) {
|
||||
return serializeApiResponse($deployment);
|
||||
}
|
||||
|
||||
if (request()->attributes->get('can_read_sensitive', false) === false) {
|
||||
$deployment->makeHidden([
|
||||
'logs',
|
||||
]);
|
||||
}
|
||||
|
||||
return serializeApiResponse($deployment);
|
||||
}
|
||||
|
||||
@@ -11,13 +11,11 @@ class SecurityController extends Controller
|
||||
{
|
||||
private function removeSensitiveData($team)
|
||||
{
|
||||
$token = auth()->user()->currentAccessToken();
|
||||
if ($token->can('view:sensitive')) {
|
||||
return serializeApiResponse($team);
|
||||
}
|
||||
if (request()->attributes->get('can_read_sensitive', false) === false) {
|
||||
$team->makeHidden([
|
||||
'private_key',
|
||||
]);
|
||||
}
|
||||
|
||||
return serializeApiResponse($team);
|
||||
}
|
||||
|
||||
@@ -19,25 +19,22 @@ class ServersController extends Controller
|
||||
{
|
||||
private function removeSensitiveDataFromSettings($settings)
|
||||
{
|
||||
$token = auth()->user()->currentAccessToken();
|
||||
if ($token->can('view:sensitive')) {
|
||||
return serializeApiResponse($settings);
|
||||
}
|
||||
if (request()->attributes->get('can_read_sensitive', false) === false) {
|
||||
$settings = $settings->makeHidden([
|
||||
'sentinel_token',
|
||||
]);
|
||||
}
|
||||
|
||||
return serializeApiResponse($settings);
|
||||
}
|
||||
|
||||
private function removeSensitiveData($server)
|
||||
{
|
||||
$token = auth()->user()->currentAccessToken();
|
||||
$server->makeHidden([
|
||||
'id',
|
||||
]);
|
||||
if ($token->can('view:sensitive')) {
|
||||
return serializeApiResponse($server);
|
||||
if (request()->attributes->get('can_read_sensitive', false) === false) {
|
||||
// Do nothing
|
||||
}
|
||||
|
||||
return serializeApiResponse($server);
|
||||
|
||||
@@ -18,18 +18,15 @@ class ServicesController extends Controller
|
||||
{
|
||||
private function removeSensitiveData($service)
|
||||
{
|
||||
$token = auth()->user()->currentAccessToken();
|
||||
$service->makeHidden([
|
||||
'id',
|
||||
]);
|
||||
if ($token->can('view:sensitive')) {
|
||||
return serializeApiResponse($service);
|
||||
}
|
||||
|
||||
if (request()->attributes->get('can_read_sensitive', false) === false) {
|
||||
$service->makeHidden([
|
||||
'docker_compose_raw',
|
||||
'docker_compose',
|
||||
]);
|
||||
}
|
||||
|
||||
return serializeApiResponse($service);
|
||||
}
|
||||
|
||||
@@ -10,20 +10,18 @@ class TeamController extends Controller
|
||||
{
|
||||
private function removeSensitiveData($team)
|
||||
{
|
||||
$token = auth()->user()->currentAccessToken();
|
||||
$team->makeHidden([
|
||||
'custom_server_limit',
|
||||
'pivot',
|
||||
]);
|
||||
if ($token->can('view:sensitive')) {
|
||||
return serializeApiResponse($team);
|
||||
}
|
||||
if (request()->attributes->get('can_read_sensitive', false) === false) {
|
||||
$team->makeHidden([
|
||||
'smtp_username',
|
||||
'smtp_password',
|
||||
'resend_api_key',
|
||||
'telegram_token',
|
||||
]);
|
||||
}
|
||||
|
||||
return serializeApiResponse($team);
|
||||
}
|
||||
|
||||
@@ -69,5 +69,7 @@ class Kernel extends HttpKernel
|
||||
'verified' => \Illuminate\Auth\Middleware\EnsureEmailIsVerified::class,
|
||||
'abilities' => \Laravel\Sanctum\Http\Middleware\CheckAbilities::class,
|
||||
'ability' => \Laravel\Sanctum\Http\Middleware\CheckForAnyAbility::class,
|
||||
'api.ability' => \App\Http\Middleware\ApiAbility::class,
|
||||
'api.sensitive' => \App\Http\Middleware\ApiSensitiveData::class,
|
||||
];
|
||||
}
|
||||
|
||||
27
app/Http/Middleware/ApiAbility.php
Normal file
27
app/Http/Middleware/ApiAbility.php
Normal file
@@ -0,0 +1,27 @@
|
||||
<?php
|
||||
|
||||
namespace App\Http\Middleware;
|
||||
|
||||
use Laravel\Sanctum\Http\Middleware\CheckForAnyAbility;
|
||||
|
||||
class ApiAbility extends CheckForAnyAbility
|
||||
{
|
||||
public function handle($request, $next, ...$abilities)
|
||||
{
|
||||
try {
|
||||
if ($request->user()->tokenCan('root')) {
|
||||
return $next($request);
|
||||
}
|
||||
|
||||
return parent::handle($request, $next, ...$abilities);
|
||||
} catch (\Illuminate\Auth\AuthenticationException $e) {
|
||||
return response()->json([
|
||||
'message' => 'Unauthenticated.',
|
||||
], 401);
|
||||
} catch (\Exception $e) {
|
||||
return response()->json([
|
||||
'message' => 'Missing required permissions: '.implode(', ', $abilities),
|
||||
], 403);
|
||||
}
|
||||
}
|
||||
}
|
||||
21
app/Http/Middleware/ApiSensitiveData.php
Normal file
21
app/Http/Middleware/ApiSensitiveData.php
Normal file
@@ -0,0 +1,21 @@
|
||||
<?php
|
||||
|
||||
namespace App\Http\Middleware;
|
||||
|
||||
use Closure;
|
||||
use Illuminate\Http\Request;
|
||||
|
||||
class ApiSensitiveData
|
||||
{
|
||||
public function handle(Request $request, Closure $next)
|
||||
{
|
||||
$token = $request->user()->currentAccessToken();
|
||||
|
||||
// Allow access to sensitive data if token has root or read:sensitive permission
|
||||
$request->attributes->add([
|
||||
'can_read_sensitive' => $token->can('root') || $token->can('read:sensitive'),
|
||||
]);
|
||||
|
||||
return $next($request);
|
||||
}
|
||||
}
|
||||
@@ -1,28 +0,0 @@
|
||||
<?php
|
||||
|
||||
namespace App\Http\Middleware;
|
||||
|
||||
use Closure;
|
||||
use Illuminate\Http\Request;
|
||||
use Symfony\Component\HttpFoundation\Response;
|
||||
|
||||
class IgnoreReadOnlyApiToken
|
||||
{
|
||||
/**
|
||||
* Handle an incoming request.
|
||||
*
|
||||
* @param \Closure(\Illuminate\Http\Request): (\Symfony\Component\HttpFoundation\Response) $next
|
||||
*/
|
||||
public function handle(Request $request, Closure $next): Response
|
||||
{
|
||||
$token = auth()->user()->currentAccessToken();
|
||||
if ($token->can('*')) {
|
||||
return $next($request);
|
||||
}
|
||||
if ($token->can('read-only')) {
|
||||
return response()->json(['message' => 'You are not allowed to perform this action.'], 403);
|
||||
}
|
||||
|
||||
return $next($request);
|
||||
}
|
||||
}
|
||||
@@ -1,25 +0,0 @@
|
||||
<?php
|
||||
|
||||
namespace App\Http\Middleware;
|
||||
|
||||
use Closure;
|
||||
use Illuminate\Http\Request;
|
||||
use Symfony\Component\HttpFoundation\Response;
|
||||
|
||||
class OnlyRootApiToken
|
||||
{
|
||||
/**
|
||||
* Handle an incoming request.
|
||||
*
|
||||
* @param \Closure(\Illuminate\Http\Request): (\Symfony\Component\HttpFoundation\Response) $next
|
||||
*/
|
||||
public function handle(Request $request, Closure $next): Response
|
||||
{
|
||||
$token = auth()->user()->currentAccessToken();
|
||||
if ($token->can('*')) {
|
||||
return $next($request);
|
||||
}
|
||||
|
||||
return response()->json(['message' => 'You are not allowed to perform this action.'], 403);
|
||||
}
|
||||
}
|
||||
@@ -82,6 +82,7 @@ class Slack extends Component
|
||||
$this->saveModel();
|
||||
} catch (\Throwable $e) {
|
||||
$this->slackEnabled = false;
|
||||
|
||||
return handleError($e, $this);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -11,13 +11,7 @@ class ApiTokens extends Component
|
||||
|
||||
public $tokens = [];
|
||||
|
||||
public bool $viewSensitiveData = false;
|
||||
|
||||
public bool $readOnly = true;
|
||||
|
||||
public bool $rootAccess = false;
|
||||
|
||||
public array $permissions = ['read-only'];
|
||||
public array $permissions = ['read'];
|
||||
|
||||
public $isApiEnabled;
|
||||
|
||||
@@ -29,52 +23,29 @@ class ApiTokens extends Component
|
||||
public function mount()
|
||||
{
|
||||
$this->isApiEnabled = InstanceSettings::get()->is_api_enabled;
|
||||
$this->getTokens();
|
||||
}
|
||||
|
||||
private function getTokens()
|
||||
{
|
||||
$this->tokens = auth()->user()->tokens->sortByDesc('created_at');
|
||||
}
|
||||
|
||||
public function updatedViewSensitiveData()
|
||||
public function updatedPermissions($permissionToUpdate)
|
||||
{
|
||||
if ($this->viewSensitiveData) {
|
||||
$this->permissions[] = 'view:sensitive';
|
||||
$this->permissions = array_diff($this->permissions, ['*']);
|
||||
$this->rootAccess = false;
|
||||
if ($permissionToUpdate == 'root') {
|
||||
$this->permissions = ['root'];
|
||||
} elseif ($permissionToUpdate == 'read:sensitive' && ! in_array('read', $this->permissions)) {
|
||||
$this->permissions[] = 'read';
|
||||
} elseif ($permissionToUpdate == 'deploy') {
|
||||
$this->permissions = ['deploy'];
|
||||
} else {
|
||||
$this->permissions = array_diff($this->permissions, ['view:sensitive']);
|
||||
}
|
||||
$this->makeSureOneIsSelected();
|
||||
}
|
||||
|
||||
public function updatedReadOnly()
|
||||
{
|
||||
if ($this->readOnly) {
|
||||
$this->permissions[] = 'read-only';
|
||||
$this->permissions = array_diff($this->permissions, ['*']);
|
||||
$this->rootAccess = false;
|
||||
} else {
|
||||
$this->permissions = array_diff($this->permissions, ['read-only']);
|
||||
}
|
||||
$this->makeSureOneIsSelected();
|
||||
}
|
||||
|
||||
public function updatedRootAccess()
|
||||
{
|
||||
if ($this->rootAccess) {
|
||||
$this->permissions = ['*'];
|
||||
$this->readOnly = false;
|
||||
$this->viewSensitiveData = false;
|
||||
} else {
|
||||
$this->readOnly = true;
|
||||
$this->permissions = ['read-only'];
|
||||
}
|
||||
}
|
||||
|
||||
public function makeSureOneIsSelected()
|
||||
{
|
||||
if (count($this->permissions) == 0) {
|
||||
$this->permissions = ['read-only'];
|
||||
$this->readOnly = true;
|
||||
$this->permissions = ['read'];
|
||||
}
|
||||
}
|
||||
sort($this->permissions);
|
||||
}
|
||||
|
||||
public function addNewToken()
|
||||
{
|
||||
@@ -82,8 +53,8 @@ class ApiTokens extends Component
|
||||
$this->validate([
|
||||
'description' => 'required|min:3|max:255',
|
||||
]);
|
||||
$token = auth()->user()->createToken($this->description, $this->permissions);
|
||||
$this->tokens = auth()->user()->tokens;
|
||||
$token = auth()->user()->createToken($this->description, array_values($this->permissions));
|
||||
$this->getTokens();
|
||||
session()->flash('token', $token->plainTextToken);
|
||||
} catch (\Exception $e) {
|
||||
return handleError($e, $this);
|
||||
@@ -92,8 +63,12 @@ class ApiTokens extends Component
|
||||
|
||||
public function revoke(int $id)
|
||||
{
|
||||
$token = auth()->user()->tokens()->where('id', $id)->first();
|
||||
try {
|
||||
$token = auth()->user()->tokens()->where('id', $id)->firstOrFail();
|
||||
$token->delete();
|
||||
$this->tokens = auth()->user()->tokens;
|
||||
$this->getTokens();
|
||||
} catch (\Exception $e) {
|
||||
return handleError($e, $this);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -139,7 +139,7 @@ class DeploymentFailed extends CustomEmailNotification
|
||||
$description .= "\nPreview URL: {$this->preview->fqdn}";
|
||||
}
|
||||
} else {
|
||||
$title = "Deployment failed";
|
||||
$title = 'Deployment failed';
|
||||
$description = "Deployment failed for {$this->application_name}";
|
||||
if ($this->fqdn) {
|
||||
$description .= "\nApplication URL: {$this->fqdn}";
|
||||
|
||||
@@ -6,8 +6,8 @@ use App\Models\Application;
|
||||
use App\Models\ApplicationPreview;
|
||||
use App\Notifications\CustomEmailNotification;
|
||||
use App\Notifications\Dto\DiscordMessage;
|
||||
use Illuminate\Notifications\Messages\MailMessage;
|
||||
use App\Notifications\Dto\SlackMessage;
|
||||
use Illuminate\Notifications\Messages\MailMessage;
|
||||
|
||||
class DeploymentSuccess extends CustomEmailNotification
|
||||
{
|
||||
@@ -145,7 +145,6 @@ class DeploymentSuccess extends CustomEmailNotification
|
||||
];
|
||||
}
|
||||
|
||||
|
||||
public function toSlack(): SlackMessage
|
||||
{
|
||||
if ($this->preview) {
|
||||
@@ -155,7 +154,7 @@ class DeploymentSuccess extends CustomEmailNotification
|
||||
$description .= "\nPreview URL: {$this->preview->fqdn}";
|
||||
}
|
||||
} else {
|
||||
$title = "New version successfully deployed";
|
||||
$title = 'New version successfully deployed';
|
||||
$description = "New version successfully deployed for {$this->application_name}";
|
||||
if ($this->fqdn) {
|
||||
$description .= "\nApplication URL: {$this->fqdn}";
|
||||
|
||||
@@ -5,8 +5,8 @@ namespace App\Notifications\Application;
|
||||
use App\Models\Application;
|
||||
use App\Notifications\CustomEmailNotification;
|
||||
use App\Notifications\Dto\DiscordMessage;
|
||||
use Illuminate\Notifications\Messages\MailMessage;
|
||||
use App\Notifications\Dto\SlackMessage;
|
||||
use Illuminate\Notifications\Messages\MailMessage;
|
||||
|
||||
class StatusChanged extends CustomEmailNotification
|
||||
{
|
||||
@@ -79,7 +79,7 @@ class StatusChanged extends CustomEmailNotification
|
||||
|
||||
public function toSlack(): SlackMessage
|
||||
{
|
||||
$title = "Application stopped";
|
||||
$title = 'Application stopped';
|
||||
$description = "{$this->resource_name} has been stopped";
|
||||
|
||||
$description .= "\n\n**Project:** ".data_get($this->resource, 'environment.project.name');
|
||||
|
||||
@@ -5,8 +5,8 @@ namespace App\Notifications\Container;
|
||||
use App\Models\Server;
|
||||
use App\Notifications\CustomEmailNotification;
|
||||
use App\Notifications\Dto\DiscordMessage;
|
||||
use Illuminate\Notifications\Messages\MailMessage;
|
||||
use App\Notifications\Dto\SlackMessage;
|
||||
use Illuminate\Notifications\Messages\MailMessage;
|
||||
|
||||
class ContainerRestarted extends CustomEmailNotification
|
||||
{
|
||||
@@ -70,7 +70,7 @@ class ContainerRestarted extends CustomEmailNotification
|
||||
|
||||
public function toSlack(): SlackMessage
|
||||
{
|
||||
$title = "Resource restarted";
|
||||
$title = 'Resource restarted';
|
||||
$description = "A resource ({$this->name}) has been restarted automatically on {$this->server->name}";
|
||||
|
||||
if ($this->url) {
|
||||
|
||||
@@ -5,8 +5,8 @@ namespace App\Notifications\Container;
|
||||
use App\Models\Server;
|
||||
use App\Notifications\CustomEmailNotification;
|
||||
use App\Notifications\Dto\DiscordMessage;
|
||||
use Illuminate\Notifications\Messages\MailMessage;
|
||||
use App\Notifications\Dto\SlackMessage;
|
||||
use Illuminate\Notifications\Messages\MailMessage;
|
||||
|
||||
class ContainerStopped extends CustomEmailNotification
|
||||
{
|
||||
@@ -70,7 +70,7 @@ class ContainerStopped extends CustomEmailNotification
|
||||
|
||||
public function toSlack(): SlackMessage
|
||||
{
|
||||
$title = "Resource stopped";
|
||||
$title = 'Resource stopped';
|
||||
$description = "A resource ({$this->name}) has been stopped unexpectedly on {$this->server->name}";
|
||||
|
||||
if ($this->url) {
|
||||
|
||||
@@ -5,8 +5,8 @@ namespace App\Notifications\Database;
|
||||
use App\Models\ScheduledDatabaseBackup;
|
||||
use App\Notifications\CustomEmailNotification;
|
||||
use App\Notifications\Dto\DiscordMessage;
|
||||
use Illuminate\Notifications\Messages\MailMessage;
|
||||
use App\Notifications\Dto\SlackMessage;
|
||||
use Illuminate\Notifications\Messages\MailMessage;
|
||||
|
||||
class BackupFailed extends CustomEmailNotification
|
||||
{
|
||||
@@ -66,7 +66,7 @@ class BackupFailed extends CustomEmailNotification
|
||||
|
||||
public function toSlack(): SlackMessage
|
||||
{
|
||||
$title = "Database backup failed";
|
||||
$title = 'Database backup failed';
|
||||
$description = "Database backup for {$this->name} (db:{$this->database_name}) has FAILED.";
|
||||
|
||||
$description .= "\n\n**Frequency:** {$this->frequency}";
|
||||
|
||||
@@ -5,8 +5,8 @@ namespace App\Notifications\Database;
|
||||
use App\Models\ScheduledDatabaseBackup;
|
||||
use App\Notifications\CustomEmailNotification;
|
||||
use App\Notifications\Dto\DiscordMessage;
|
||||
use Illuminate\Notifications\Messages\MailMessage;
|
||||
use App\Notifications\Dto\SlackMessage;
|
||||
use Illuminate\Notifications\Messages\MailMessage;
|
||||
|
||||
class BackupSuccess extends CustomEmailNotification
|
||||
{
|
||||
@@ -64,7 +64,7 @@ class BackupSuccess extends CustomEmailNotification
|
||||
|
||||
public function toSlack(): SlackMessage
|
||||
{
|
||||
$title = "Database backup successful";
|
||||
$title = 'Database backup successful';
|
||||
$description = "Database backup for {$this->name} (db:{$this->database_name}) was successful.";
|
||||
|
||||
$description .= "\n\n**Frequency:** {$this->frequency}";
|
||||
|
||||
@@ -8,8 +8,7 @@ class SlackMessage
|
||||
public string $title,
|
||||
public string $description,
|
||||
public string $color = '#0099ff'
|
||||
) {
|
||||
}
|
||||
) {}
|
||||
|
||||
public static function infoColor(): string
|
||||
{
|
||||
|
||||
@@ -3,8 +3,8 @@
|
||||
namespace App\Notifications\Internal;
|
||||
|
||||
use App\Notifications\Channels\DiscordChannel;
|
||||
use App\Notifications\Channels\TelegramChannel;
|
||||
use App\Notifications\Channels\SlackChannel;
|
||||
use App\Notifications\Channels\TelegramChannel;
|
||||
use App\Notifications\Dto\DiscordMessage;
|
||||
use App\Notifications\Dto\SlackMessage;
|
||||
use Illuminate\Bus\Queueable;
|
||||
|
||||
@@ -5,8 +5,8 @@ namespace App\Notifications\ScheduledTask;
|
||||
use App\Models\ScheduledTask;
|
||||
use App\Notifications\CustomEmailNotification;
|
||||
use App\Notifications\Dto\DiscordMessage;
|
||||
use Illuminate\Notifications\Messages\MailMessage;
|
||||
use App\Notifications\Dto\SlackMessage;
|
||||
use Illuminate\Notifications\Messages\MailMessage;
|
||||
|
||||
class TaskFailed extends CustomEmailNotification
|
||||
{
|
||||
@@ -72,7 +72,7 @@ class TaskFailed extends CustomEmailNotification
|
||||
|
||||
public function toSlack(): SlackMessage
|
||||
{
|
||||
$title = "Scheduled task failed";
|
||||
$title = 'Scheduled task failed';
|
||||
$description = "Scheduled task ({$this->task->name}) failed.";
|
||||
|
||||
if ($this->output) {
|
||||
|
||||
@@ -5,11 +5,11 @@ namespace App\Notifications\Server;
|
||||
use App\Models\Server;
|
||||
use App\Notifications\Channels\DiscordChannel;
|
||||
use App\Notifications\Channels\EmailChannel;
|
||||
use App\Notifications\Channels\TelegramChannel;
|
||||
use App\Notifications\Channels\SlackChannel;
|
||||
use App\Notifications\Dto\SlackMessage;
|
||||
use App\Notifications\Channels\TelegramChannel;
|
||||
use App\Notifications\CustomEmailNotification;
|
||||
use App\Notifications\Dto\DiscordMessage;
|
||||
use App\Notifications\Dto\SlackMessage;
|
||||
use Illuminate\Notifications\Messages\MailMessage;
|
||||
|
||||
class ForceDisabled extends CustomEmailNotification
|
||||
@@ -73,13 +73,12 @@ class ForceDisabled extends CustomEmailNotification
|
||||
];
|
||||
}
|
||||
|
||||
|
||||
public function toSlack(): SlackMessage
|
||||
{
|
||||
$title = "Server disabled";
|
||||
$title = 'Server disabled';
|
||||
$description = "Server ({$this->server->name}) disabled because it is not paid!\n";
|
||||
$description .= "All automations and integrations are stopped.\n\n";
|
||||
$description .= "Please update your subscription to enable the server again: https://app.coolify.io/subscriptions";
|
||||
$description .= 'Please update your subscription to enable the server again: https://app.coolify.io/subscriptions';
|
||||
|
||||
return new SlackMessage(
|
||||
title: $title,
|
||||
|
||||
@@ -5,11 +5,11 @@ namespace App\Notifications\Server;
|
||||
use App\Models\Server;
|
||||
use App\Notifications\Channels\DiscordChannel;
|
||||
use App\Notifications\Channels\EmailChannel;
|
||||
use App\Notifications\Channels\TelegramChannel;
|
||||
use App\Notifications\Channels\SlackChannel;
|
||||
use App\Notifications\Dto\SlackMessage;
|
||||
use App\Notifications\Channels\TelegramChannel;
|
||||
use App\Notifications\CustomEmailNotification;
|
||||
use App\Notifications\Dto\DiscordMessage;
|
||||
use App\Notifications\Dto\SlackMessage;
|
||||
use Illuminate\Notifications\Messages\MailMessage;
|
||||
|
||||
class ForceEnabled extends CustomEmailNotification
|
||||
@@ -69,7 +69,6 @@ class ForceEnabled extends CustomEmailNotification
|
||||
];
|
||||
}
|
||||
|
||||
|
||||
public function toSlack(): SlackMessage
|
||||
{
|
||||
return new SlackMessage(
|
||||
@@ -78,5 +77,4 @@ class ForceEnabled extends CustomEmailNotification
|
||||
color: SlackMessage::successColor()
|
||||
);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@@ -65,8 +65,8 @@ class HighDiskUsage extends CustomEmailNotification
|
||||
$description .= "Please cleanup your disk to prevent data-loss.\n";
|
||||
$description .= "Tips for cleanup: https://coolify.io/docs/knowledge-base/server/automated-cleanup\n";
|
||||
$description .= "Change settings:\n";
|
||||
$description .= "- Threshold: " . base_url() . "/server/" . $this->server->uuid . "#advanced\n";
|
||||
$description .= "- Notifications: " . base_url() . "/notifications/discord";
|
||||
$description .= '- Threshold: '.base_url().'/server/'.$this->server->uuid."#advanced\n";
|
||||
$description .= '- Notifications: '.base_url().'/notifications/discord';
|
||||
|
||||
return new SlackMessage(
|
||||
title: 'High disk usage detected',
|
||||
|
||||
@@ -5,11 +5,11 @@ namespace App\Notifications\Server;
|
||||
use App\Models\Server;
|
||||
use App\Notifications\Channels\DiscordChannel;
|
||||
use App\Notifications\Channels\EmailChannel;
|
||||
use App\Notifications\Channels\TelegramChannel;
|
||||
use App\Notifications\Channels\SlackChannel;
|
||||
use App\Notifications\Dto\SlackMessage;
|
||||
use App\Notifications\Channels\TelegramChannel;
|
||||
use App\Notifications\CustomEmailNotification;
|
||||
use App\Notifications\Dto\DiscordMessage;
|
||||
use App\Notifications\Dto\SlackMessage;
|
||||
use Illuminate\Notifications\Messages\MailMessage;
|
||||
|
||||
class Reachable extends CustomEmailNotification
|
||||
@@ -78,13 +78,10 @@ class Reachable extends CustomEmailNotification
|
||||
];
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
public function toSlack(): SlackMessage
|
||||
{
|
||||
return new SlackMessage(
|
||||
title: "Server revived",
|
||||
title: 'Server revived',
|
||||
description: "Server '{$this->server->name}' revived.\nAll automations & integrations are turned on again!",
|
||||
color: SlackMessage::successColor()
|
||||
);
|
||||
|
||||
@@ -5,11 +5,11 @@ namespace App\Notifications\Server;
|
||||
use App\Models\Server;
|
||||
use App\Notifications\Channels\DiscordChannel;
|
||||
use App\Notifications\Channels\EmailChannel;
|
||||
use App\Notifications\Channels\TelegramChannel;
|
||||
use App\Notifications\Channels\SlackChannel;
|
||||
use App\Notifications\Dto\SlackMessage;
|
||||
use App\Notifications\Channels\TelegramChannel;
|
||||
use App\Notifications\CustomEmailNotification;
|
||||
use App\Notifications\Dto\DiscordMessage;
|
||||
use App\Notifications\Dto\SlackMessage;
|
||||
use Illuminate\Notifications\Messages\MailMessage;
|
||||
|
||||
class Unreachable extends CustomEmailNotification
|
||||
@@ -83,12 +83,11 @@ class Unreachable extends CustomEmailNotification
|
||||
];
|
||||
}
|
||||
|
||||
|
||||
public function toSlack(): SlackMessage
|
||||
{
|
||||
$description = "Your server '{$this->server->name}' is unreachable.\n";
|
||||
$description .= "All automations & integrations are turned off!\n\n";
|
||||
$description .= "*IMPORTANT:* We automatically try to revive your server and turn on all automations & integrations.";
|
||||
$description .= '*IMPORTANT:* We automatically try to revive your server and turn on all automations & integrations.';
|
||||
|
||||
return new SlackMessage(
|
||||
title: 'Server unreachable',
|
||||
|
||||
@@ -15,6 +15,7 @@ class Checkbox extends Component
|
||||
public ?string $id = null,
|
||||
public ?string $name = null,
|
||||
public ?string $value = null,
|
||||
public ?string $domValue = null,
|
||||
public ?string $label = null,
|
||||
public ?string $helper = null,
|
||||
public string|bool|null $checked = false,
|
||||
|
||||
@@ -0,0 +1,60 @@
|
||||
<?php
|
||||
|
||||
use App\Models\PersonalAccessToken;
|
||||
use Illuminate\Database\Migrations\Migration;
|
||||
|
||||
return new class extends Migration
|
||||
{
|
||||
/**
|
||||
* Run the migrations.
|
||||
*/
|
||||
public function up(): void
|
||||
{
|
||||
try {
|
||||
$tokens = PersonalAccessToken::all();
|
||||
foreach ($tokens as $token) {
|
||||
$abilities = collect();
|
||||
if (in_array('*', $token->abilities)) {
|
||||
$abilities->push('root');
|
||||
}
|
||||
if (in_array('read-only', $token->abilities)) {
|
||||
$abilities->push('read');
|
||||
}
|
||||
if (in_array('view:sensitive', $token->abilities)) {
|
||||
$abilities->push('read', 'read:sensitive');
|
||||
}
|
||||
$token->abilities = $abilities->unique()->values()->all();
|
||||
$token->save();
|
||||
}
|
||||
} catch (\Exception $e) {
|
||||
\Log::error('Error renaming token permissions: '.$e->getMessage());
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Reverse the migrations.
|
||||
*/
|
||||
public function down(): void
|
||||
{
|
||||
try {
|
||||
$tokens = PersonalAccessToken::all();
|
||||
foreach ($tokens as $token) {
|
||||
$abilities = collect();
|
||||
if (in_array('write', $token->abilities)) {
|
||||
$abilities->push('*');
|
||||
} else {
|
||||
if (in_array('read', $token->abilities)) {
|
||||
$abilities->push('read-only');
|
||||
}
|
||||
if (in_array('read:sensitive', $token->abilities)) {
|
||||
$abilities->push('view:sensitive');
|
||||
}
|
||||
}
|
||||
$token->abilities = $abilities->unique()->values()->all();
|
||||
$token->save();
|
||||
}
|
||||
} catch (\Exception $e) {
|
||||
\Log::error('Error renaming token permissions: '.$e->getMessage());
|
||||
}
|
||||
}
|
||||
};
|
||||
@@ -5,8 +5,8 @@
|
||||
'disabled' => false,
|
||||
'instantSave' => false,
|
||||
'value' => null,
|
||||
'domValue' => null,
|
||||
'checked' => false,
|
||||
'hideLabel' => false,
|
||||
'fullWidth' => false,
|
||||
])
|
||||
|
||||
@@ -14,7 +14,6 @@
|
||||
'flex flex-row items-center gap-4 pr-2 py-1 form-control min-w-fit dark:hover:bg-coolgray-100',
|
||||
'w-full' => $fullWidth,
|
||||
])>
|
||||
@if (!$hideLabel)
|
||||
<label @class([
|
||||
'flex gap-4 items-center px-0 min-w-fit label w-full cursor-pointer',
|
||||
])>
|
||||
@@ -28,12 +27,19 @@
|
||||
<x-helper :helper="$helper" />
|
||||
@endif
|
||||
</span>
|
||||
@if ($instantSave)
|
||||
<input type="checkbox" @disabled($disabled) {{ $attributes->merge(['class' => $defaultClass]) }}
|
||||
wire:loading.attr="disabled"
|
||||
wire:click='{{ $instantSave === 'instantSave' || $instantSave == '1' ? 'instantSave' : $instantSave }}'
|
||||
wire:model={{ $id }} @if ($checked) checked @endif />
|
||||
@else
|
||||
@if ($domValue)
|
||||
<input type="checkbox" @disabled($disabled) {{ $attributes->merge(['class' => $defaultClass]) }}
|
||||
value={{ $domValue }} @if ($checked) checked @endif />
|
||||
@else
|
||||
<input type="checkbox" @disabled($disabled) {{ $attributes->merge(['class' => $defaultClass]) }}
|
||||
wire:model={{ $value ?? $id }} @if ($checked) checked @endif />
|
||||
@endif
|
||||
@endif
|
||||
<input @disabled($disabled) type="checkbox" {{ $attributes->merge(['class' => $defaultClass]) }}
|
||||
@if ($instantSave) wire:loading.attr="disabled" wire:click='{{ $instantSave === 'instantSave' || $instantSave == '1' ? 'instantSave' : $instantSave }}'
|
||||
@if ($checked) checked @endif
|
||||
wire:model={{ $id }} @else wire:model={{ $value ?? $id }} @endif />
|
||||
@if (!$hideLabel)
|
||||
</label>
|
||||
@endif
|
||||
</div>
|
||||
|
||||
@@ -25,21 +25,31 @@
|
||||
<div class="flex gap-1 font-bold dark:text-white">
|
||||
@if ($permissions)
|
||||
@foreach ($permissions as $permission)
|
||||
@if ($permission === '*')
|
||||
<div>Root access, be careful!</div>
|
||||
@else
|
||||
<div>{{ $permission }}</div>
|
||||
@endif
|
||||
@endforeach
|
||||
@endif
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<h4>Token Permissions</h4>
|
||||
<div class="w-64">
|
||||
<x-forms.checkbox label="Root Access" wire:model.live="rootAccess"></x-forms.checkbox>
|
||||
<x-forms.checkbox label="Read-only" wire:model.live="readOnly"></x-forms.checkbox>
|
||||
<x-forms.checkbox label="View Sensitive Data" wire:model.live="viewSensitiveData"></x-forms.checkbox>
|
||||
<x-forms.checkbox label="root" wire:model.live="permissions" domValue="root"
|
||||
helper="Root access, be careful!" :checked="in_array('root', $permissions)"></x-forms.checkbox>
|
||||
@if (!in_array('root', $permissions))
|
||||
<x-forms.checkbox label="write" wire:model.live="permissions" domValue="write"
|
||||
helper="Write access to all resources" :checked="in_array('write', $permissions)"></x-forms.checkbox>
|
||||
<x-forms.checkbox label="deploy" wire:model.live="permissions" domValue="deploy"
|
||||
helper="Can trigger deploy webhooks" :checked="in_array('deploy', $permissions)"></x-forms.checkbox>
|
||||
<x-forms.checkbox label="read" domValue="read" wire:model.live="permissions" domValue="read"
|
||||
:checked="in_array('read', $permissions)"></x-forms.checkbox>
|
||||
<x-forms.checkbox label="read:sensitive" wire:model.live="permissions" domValue="read:sensitive"
|
||||
helper="Responses will include secrets, logs, passwords, and compose file contents"
|
||||
:checked="in_array('read:sensitive', $permissions)"></x-forms.checkbox>
|
||||
@endif
|
||||
</div>
|
||||
@if (in_array('root', $permissions))
|
||||
<div class="font-bold text-warning">Root access, be careful!</div>
|
||||
@endif
|
||||
</form>
|
||||
@if (session()->has('token'))
|
||||
<div class="py-4 font-bold dark:text-warning">Please copy this token now. For your security, it won't be shown
|
||||
@@ -50,12 +60,13 @@
|
||||
<h3 class="py-4">Issued Tokens</h3>
|
||||
<div class="grid gap-2 lg:grid-cols-1">
|
||||
@forelse ($tokens as $token)
|
||||
<div class="flex flex-col gap-1 p-2 border dark:border-coolgray-200 hover:no-underline">
|
||||
<div wire:key="token-{{ $token->id }}"
|
||||
class="flex flex-col gap-1 p-2 border dark:border-coolgray-200 hover:no-underline">
|
||||
<div>Description: {{ $token->name }}</div>
|
||||
<div>Last used: {{ $token->last_used_at ? $token->last_used_at->diffForHumans() : 'Never' }}</div>
|
||||
<div class="flex gap-1">
|
||||
@if ($token->abilities)
|
||||
Abilities:
|
||||
Permissions:
|
||||
@foreach ($token->abilities as $ability)
|
||||
<div class="font-bold dark:text-white">{{ $ability }}</div>
|
||||
@endforeach
|
||||
|
||||
@@ -10,7 +10,8 @@
|
||||
<h3 class="pt-4">Users</h3>
|
||||
<div class="flex flex-col gap-2 ">
|
||||
@forelse ($users as $user)
|
||||
<div class="flex items-center justify-center gap-2 bg-white box-without-bg dark:bg-coolgray-100">
|
||||
<div wire:key="user-{{ $user->id }}"
|
||||
class="flex items-center justify-center gap-2 bg-white box-without-bg dark:bg-coolgray-100">
|
||||
<div>{{ $user->name }}</div>
|
||||
<div>{{ $user->email }}</div>
|
||||
<div class="flex-1"></div>
|
||||
|
||||
158
routes/api.php
158
routes/api.php
@@ -11,8 +11,6 @@ use App\Http\Controllers\Api\ServersController;
|
||||
use App\Http\Controllers\Api\ServicesController;
|
||||
use App\Http\Controllers\Api\TeamController;
|
||||
use App\Http\Middleware\ApiAllowed;
|
||||
use App\Http\Middleware\IgnoreReadOnlyApiToken;
|
||||
use App\Http\Middleware\OnlyRootApiToken;
|
||||
use App\Jobs\PushServerUpdateJob;
|
||||
use App\Models\Server;
|
||||
use Illuminate\Support\Facades\Route;
|
||||
@@ -21,113 +19,113 @@ Route::get('/health', [OtherController::class, 'healthcheck']);
|
||||
Route::post('/feedback', [OtherController::class, 'feedback']);
|
||||
|
||||
Route::group([
|
||||
'middleware' => ['auth:sanctum', OnlyRootApiToken::class],
|
||||
'middleware' => ['auth:sanctum', 'api.ability:write'],
|
||||
'prefix' => 'v1',
|
||||
], function () {
|
||||
Route::get('/enable', [OtherController::class, 'enable_api']);
|
||||
Route::get('/disable', [OtherController::class, 'disable_api']);
|
||||
});
|
||||
Route::group([
|
||||
'middleware' => ['auth:sanctum', ApiAllowed::class],
|
||||
'middleware' => ['auth:sanctum', ApiAllowed::class, 'api.sensitive'],
|
||||
'prefix' => 'v1',
|
||||
], function () {
|
||||
Route::get('/version', [OtherController::class, 'version']);
|
||||
Route::get('/version', [OtherController::class, 'version'])->middleware(['api.ability:read']);
|
||||
|
||||
Route::get('/teams', [TeamController::class, 'teams']);
|
||||
Route::get('/teams/current', [TeamController::class, 'current_team']);
|
||||
Route::get('/teams/current/members', [TeamController::class, 'current_team_members']);
|
||||
Route::get('/teams/{id}', [TeamController::class, 'team_by_id']);
|
||||
Route::get('/teams/{id}/members', [TeamController::class, 'members_by_id']);
|
||||
Route::get('/teams', [TeamController::class, 'teams'])->middleware(['api.ability:read']);
|
||||
Route::get('/teams/current', [TeamController::class, 'current_team'])->middleware(['api.ability:read']);
|
||||
Route::get('/teams/current/members', [TeamController::class, 'current_team_members'])->middleware(['api.ability:read']);
|
||||
Route::get('/teams/{id}', [TeamController::class, 'team_by_id'])->middleware(['api.ability:read']);
|
||||
Route::get('/teams/{id}/members', [TeamController::class, 'members_by_id'])->middleware(['api.ability:read']);
|
||||
|
||||
Route::get('/projects', [ProjectController::class, 'projects']);
|
||||
Route::get('/projects/{uuid}', [ProjectController::class, 'project_by_uuid']);
|
||||
Route::get('/projects/{uuid}/{environment_name}', [ProjectController::class, 'environment_details']);
|
||||
Route::get('/projects', [ProjectController::class, 'projects'])->middleware(['api.ability:read']);
|
||||
Route::get('/projects/{uuid}', [ProjectController::class, 'project_by_uuid'])->middleware(['api.ability:read']);
|
||||
Route::get('/projects/{uuid}/{environment_name}', [ProjectController::class, 'environment_details'])->middleware(['api.ability:read']);
|
||||
|
||||
Route::post('/projects', [ProjectController::class, 'create_project']);
|
||||
Route::patch('/projects/{uuid}', [ProjectController::class, 'update_project']);
|
||||
Route::delete('/projects/{uuid}', [ProjectController::class, 'delete_project']);
|
||||
Route::post('/projects', [ProjectController::class, 'create_project'])->middleware(['api.ability:read']);
|
||||
Route::patch('/projects/{uuid}', [ProjectController::class, 'update_project'])->middleware(['api.ability:write']);
|
||||
Route::delete('/projects/{uuid}', [ProjectController::class, 'delete_project'])->middleware(['api.ability:write']);
|
||||
|
||||
Route::get('/security/keys', [SecurityController::class, 'keys']);
|
||||
Route::post('/security/keys', [SecurityController::class, 'create_key'])->middleware([IgnoreReadOnlyApiToken::class]);
|
||||
Route::get('/security/keys', [SecurityController::class, 'keys'])->middleware(['api.ability:read']);
|
||||
Route::post('/security/keys', [SecurityController::class, 'create_key'])->middleware(['api.ability:write']);
|
||||
|
||||
Route::get('/security/keys/{uuid}', [SecurityController::class, 'key_by_uuid']);
|
||||
Route::patch('/security/keys/{uuid}', [SecurityController::class, 'update_key'])->middleware([IgnoreReadOnlyApiToken::class]);
|
||||
Route::delete('/security/keys/{uuid}', [SecurityController::class, 'delete_key'])->middleware([IgnoreReadOnlyApiToken::class]);
|
||||
Route::get('/security/keys/{uuid}', [SecurityController::class, 'key_by_uuid'])->middleware(['api.ability:read']);
|
||||
Route::patch('/security/keys/{uuid}', [SecurityController::class, 'update_key'])->middleware(['api.ability:write']);
|
||||
Route::delete('/security/keys/{uuid}', [SecurityController::class, 'delete_key'])->middleware(['api.ability:write']);
|
||||
|
||||
Route::match(['get', 'post'], '/deploy', [DeployController::class, 'deploy'])->middleware([IgnoreReadOnlyApiToken::class]);
|
||||
Route::get('/deployments', [DeployController::class, 'deployments']);
|
||||
Route::get('/deployments/{uuid}', [DeployController::class, 'deployment_by_uuid']);
|
||||
Route::match(['get', 'post'], '/deploy', [DeployController::class, 'deploy'])->middleware(['api.ability:write,deploy']);
|
||||
Route::get('/deployments', [DeployController::class, 'deployments'])->middleware(['api.ability:read']);
|
||||
Route::get('/deployments/{uuid}', [DeployController::class, 'deployment_by_uuid'])->middleware(['api.ability:read']);
|
||||
|
||||
Route::get('/servers', [ServersController::class, 'servers']);
|
||||
Route::get('/servers/{uuid}', [ServersController::class, 'server_by_uuid']);
|
||||
Route::get('/servers/{uuid}/domains', [ServersController::class, 'domains_by_server']);
|
||||
Route::get('/servers/{uuid}/resources', [ServersController::class, 'resources_by_server']);
|
||||
Route::get('/servers', [ServersController::class, 'servers'])->middleware(['api.ability:read']);
|
||||
Route::get('/servers/{uuid}', [ServersController::class, 'server_by_uuid'])->middleware(['api.ability:read']);
|
||||
Route::get('/servers/{uuid}/domains', [ServersController::class, 'domains_by_server'])->middleware(['api.ability:read']);
|
||||
Route::get('/servers/{uuid}/resources', [ServersController::class, 'resources_by_server'])->middleware(['api.ability:read']);
|
||||
|
||||
Route::get('/servers/{uuid}/validate', [ServersController::class, 'validate_server']);
|
||||
Route::get('/servers/{uuid}/validate', [ServersController::class, 'validate_server'])->middleware(['api.ability:read']);
|
||||
|
||||
Route::post('/servers', [ServersController::class, 'create_server']);
|
||||
Route::patch('/servers/{uuid}', [ServersController::class, 'update_server']);
|
||||
Route::delete('/servers/{uuid}', [ServersController::class, 'delete_server']);
|
||||
Route::post('/servers', [ServersController::class, 'create_server'])->middleware(['api.ability:read']);
|
||||
Route::patch('/servers/{uuid}', [ServersController::class, 'update_server'])->middleware(['api.ability:write']);
|
||||
Route::delete('/servers/{uuid}', [ServersController::class, 'delete_server'])->middleware(['api.ability:write']);
|
||||
|
||||
Route::get('/resources', [ResourcesController::class, 'resources']);
|
||||
Route::get('/resources', [ResourcesController::class, 'resources'])->middleware(['api.ability:read']);
|
||||
|
||||
Route::get('/applications', [ApplicationsController::class, 'applications']);
|
||||
Route::post('/applications/public', [ApplicationsController::class, 'create_public_application'])->middleware([IgnoreReadOnlyApiToken::class]);
|
||||
Route::post('/applications/private-github-app', [ApplicationsController::class, 'create_private_gh_app_application'])->middleware([IgnoreReadOnlyApiToken::class]);
|
||||
Route::post('/applications/private-deploy-key', [ApplicationsController::class, 'create_private_deploy_key_application'])->middleware([IgnoreReadOnlyApiToken::class]);
|
||||
Route::post('/applications/dockerfile', [ApplicationsController::class, 'create_dockerfile_application'])->middleware([IgnoreReadOnlyApiToken::class]);
|
||||
Route::post('/applications/dockerimage', [ApplicationsController::class, 'create_dockerimage_application'])->middleware([IgnoreReadOnlyApiToken::class]);
|
||||
Route::post('/applications/dockercompose', [ApplicationsController::class, 'create_dockercompose_application'])->middleware([IgnoreReadOnlyApiToken::class]);
|
||||
Route::get('/applications', [ApplicationsController::class, 'applications'])->middleware(['api.ability:read']);
|
||||
Route::post('/applications/public', [ApplicationsController::class, 'create_public_application'])->middleware(['api.ability:write']);
|
||||
Route::post('/applications/private-github-app', [ApplicationsController::class, 'create_private_gh_app_application'])->middleware(['api.ability:write']);
|
||||
Route::post('/applications/private-deploy-key', [ApplicationsController::class, 'create_private_deploy_key_application'])->middleware(['api.ability:write']);
|
||||
Route::post('/applications/dockerfile', [ApplicationsController::class, 'create_dockerfile_application'])->middleware(['api.ability:write']);
|
||||
Route::post('/applications/dockerimage', [ApplicationsController::class, 'create_dockerimage_application'])->middleware(['api.ability:write']);
|
||||
Route::post('/applications/dockercompose', [ApplicationsController::class, 'create_dockercompose_application'])->middleware(['api.ability:write']);
|
||||
|
||||
Route::get('/applications/{uuid}', [ApplicationsController::class, 'application_by_uuid']);
|
||||
Route::patch('/applications/{uuid}', [ApplicationsController::class, 'update_by_uuid'])->middleware([IgnoreReadOnlyApiToken::class]);
|
||||
Route::delete('/applications/{uuid}', [ApplicationsController::class, 'delete_by_uuid'])->middleware([IgnoreReadOnlyApiToken::class]);
|
||||
Route::get('/applications/{uuid}', [ApplicationsController::class, 'application_by_uuid'])->middleware(['api.ability:read']);
|
||||
Route::patch('/applications/{uuid}', [ApplicationsController::class, 'update_by_uuid'])->middleware(['api.ability:write']);
|
||||
Route::delete('/applications/{uuid}', [ApplicationsController::class, 'delete_by_uuid'])->middleware(['api.ability:write']);
|
||||
|
||||
Route::get('/applications/{uuid}/envs', [ApplicationsController::class, 'envs']);
|
||||
Route::post('/applications/{uuid}/envs', [ApplicationsController::class, 'create_env'])->middleware([IgnoreReadOnlyApiToken::class]);
|
||||
Route::patch('/applications/{uuid}/envs/bulk', [ApplicationsController::class, 'create_bulk_envs'])->middleware([IgnoreReadOnlyApiToken::class]);
|
||||
Route::patch('/applications/{uuid}/envs', [ApplicationsController::class, 'update_env_by_uuid'])->middleware([IgnoreReadOnlyApiToken::class]);
|
||||
Route::delete('/applications/{uuid}/envs/{env_uuid}', [ApplicationsController::class, 'delete_env_by_uuid'])->middleware([IgnoreReadOnlyApiToken::class]);
|
||||
// Route::post('/applications/{uuid}/execute', [ApplicationsController::class, 'execute_command_by_uuid'])->middleware([OnlyRootApiToken::class]);
|
||||
Route::get('/applications/{uuid}/envs', [ApplicationsController::class, 'envs'])->middleware(['api.ability:read']);
|
||||
Route::post('/applications/{uuid}/envs', [ApplicationsController::class, 'create_env'])->middleware(['api.ability:write']);
|
||||
Route::patch('/applications/{uuid}/envs/bulk', [ApplicationsController::class, 'create_bulk_envs'])->middleware(['api.ability:write']);
|
||||
Route::patch('/applications/{uuid}/envs', [ApplicationsController::class, 'update_env_by_uuid'])->middleware(['api.ability:write']);
|
||||
Route::delete('/applications/{uuid}/envs/{env_uuid}', [ApplicationsController::class, 'delete_env_by_uuid'])->middleware(['api.ability:write']);
|
||||
// Route::post('/applications/{uuid}/execute', [ApplicationsController::class, 'execute_command_by_uuid'])->middleware(['ability:write']);
|
||||
|
||||
Route::match(['get', 'post'], '/applications/{uuid}/start', [ApplicationsController::class, 'action_deploy'])->middleware([IgnoreReadOnlyApiToken::class]);
|
||||
Route::match(['get', 'post'], '/applications/{uuid}/restart', [ApplicationsController::class, 'action_restart'])->middleware([IgnoreReadOnlyApiToken::class]);
|
||||
Route::match(['get', 'post'], '/applications/{uuid}/stop', [ApplicationsController::class, 'action_stop'])->middleware([IgnoreReadOnlyApiToken::class]);
|
||||
Route::match(['get', 'post'], '/applications/{uuid}/start', [ApplicationsController::class, 'action_deploy'])->middleware(['api.ability:write']);
|
||||
Route::match(['get', 'post'], '/applications/{uuid}/restart', [ApplicationsController::class, 'action_restart'])->middleware(['api.ability:write']);
|
||||
Route::match(['get', 'post'], '/applications/{uuid}/stop', [ApplicationsController::class, 'action_stop'])->middleware(['api.ability:write']);
|
||||
|
||||
Route::get('/databases', [DatabasesController::class, 'databases']);
|
||||
Route::post('/databases/postgresql', [DatabasesController::class, 'create_database_postgresql'])->middleware([IgnoreReadOnlyApiToken::class]);
|
||||
Route::post('/databases/mysql', [DatabasesController::class, 'create_database_mysql'])->middleware([IgnoreReadOnlyApiToken::class]);
|
||||
Route::post('/databases/mariadb', [DatabasesController::class, 'create_database_mariadb'])->middleware([IgnoreReadOnlyApiToken::class]);
|
||||
Route::post('/databases/mongodb', [DatabasesController::class, 'create_database_mongodb'])->middleware([IgnoreReadOnlyApiToken::class]);
|
||||
Route::post('/databases/redis', [DatabasesController::class, 'create_database_redis'])->middleware([IgnoreReadOnlyApiToken::class]);
|
||||
Route::post('/databases/clickhouse', [DatabasesController::class, 'create_database_clickhouse'])->middleware([IgnoreReadOnlyApiToken::class]);
|
||||
Route::post('/databases/dragonfly', [DatabasesController::class, 'create_database_dragonfly'])->middleware([IgnoreReadOnlyApiToken::class]);
|
||||
Route::post('/databases/keydb', [DatabasesController::class, 'create_database_keydb'])->middleware([IgnoreReadOnlyApiToken::class]);
|
||||
Route::get('/databases', [DatabasesController::class, 'databases'])->middleware(['api.ability:read']);
|
||||
Route::post('/databases/postgresql', [DatabasesController::class, 'create_database_postgresql'])->middleware(['api.ability:write']);
|
||||
Route::post('/databases/mysql', [DatabasesController::class, 'create_database_mysql'])->middleware(['api.ability:write']);
|
||||
Route::post('/databases/mariadb', [DatabasesController::class, 'create_database_mariadb'])->middleware(['api.ability:write']);
|
||||
Route::post('/databases/mongodb', [DatabasesController::class, 'create_database_mongodb'])->middleware(['api.ability:write']);
|
||||
Route::post('/databases/redis', [DatabasesController::class, 'create_database_redis'])->middleware(['api.ability:write']);
|
||||
Route::post('/databases/clickhouse', [DatabasesController::class, 'create_database_clickhouse'])->middleware(['api.ability:write']);
|
||||
Route::post('/databases/dragonfly', [DatabasesController::class, 'create_database_dragonfly'])->middleware(['api.ability:write']);
|
||||
Route::post('/databases/keydb', [DatabasesController::class, 'create_database_keydb'])->middleware(['api.ability:write']);
|
||||
|
||||
Route::get('/databases/{uuid}', [DatabasesController::class, 'database_by_uuid']);
|
||||
Route::patch('/databases/{uuid}', [DatabasesController::class, 'update_by_uuid'])->middleware([IgnoreReadOnlyApiToken::class]);
|
||||
Route::delete('/databases/{uuid}', [DatabasesController::class, 'delete_by_uuid'])->middleware([IgnoreReadOnlyApiToken::class]);
|
||||
Route::get('/databases/{uuid}', [DatabasesController::class, 'database_by_uuid'])->middleware(['api.ability:read']);
|
||||
Route::patch('/databases/{uuid}', [DatabasesController::class, 'update_by_uuid'])->middleware(['api.ability:write']);
|
||||
Route::delete('/databases/{uuid}', [DatabasesController::class, 'delete_by_uuid'])->middleware(['api.ability:write']);
|
||||
|
||||
Route::match(['get', 'post'], '/databases/{uuid}/start', [DatabasesController::class, 'action_deploy'])->middleware([IgnoreReadOnlyApiToken::class]);
|
||||
Route::match(['get', 'post'], '/databases/{uuid}/restart', [DatabasesController::class, 'action_restart'])->middleware([IgnoreReadOnlyApiToken::class]);
|
||||
Route::match(['get', 'post'], '/databases/{uuid}/stop', [DatabasesController::class, 'action_stop'])->middleware([IgnoreReadOnlyApiToken::class]);
|
||||
Route::match(['get', 'post'], '/databases/{uuid}/start', [DatabasesController::class, 'action_deploy'])->middleware(['api.ability:write']);
|
||||
Route::match(['get', 'post'], '/databases/{uuid}/restart', [DatabasesController::class, 'action_restart'])->middleware(['api.ability:write']);
|
||||
Route::match(['get', 'post'], '/databases/{uuid}/stop', [DatabasesController::class, 'action_stop'])->middleware(['api.ability:write']);
|
||||
|
||||
Route::get('/services', [ServicesController::class, 'services']);
|
||||
Route::post('/services', [ServicesController::class, 'create_service'])->middleware([IgnoreReadOnlyApiToken::class]);
|
||||
Route::get('/services', [ServicesController::class, 'services'])->middleware(['api.ability:read']);
|
||||
Route::post('/services', [ServicesController::class, 'create_service'])->middleware(['api.ability:write']);
|
||||
|
||||
Route::get('/services/{uuid}', [ServicesController::class, 'service_by_uuid']);
|
||||
// Route::patch('/services/{uuid}', [ServicesController::class, 'update_by_uuid'])->middleware([IgnoreReadOnlyApiToken::class]);
|
||||
Route::delete('/services/{uuid}', [ServicesController::class, 'delete_by_uuid'])->middleware([IgnoreReadOnlyApiToken::class]);
|
||||
Route::get('/services/{uuid}', [ServicesController::class, 'service_by_uuid'])->middleware(['api.ability:read']);
|
||||
// Route::patch('/services/{uuid}', [ServicesController::class, 'update_by_uuid'])->middleware(['ability:write']);
|
||||
Route::delete('/services/{uuid}', [ServicesController::class, 'delete_by_uuid'])->middleware(['api.ability:write']);
|
||||
|
||||
Route::get('/services/{uuid}/envs', [ServicesController::class, 'envs']);
|
||||
Route::post('/services/{uuid}/envs', [ServicesController::class, 'create_env'])->middleware([IgnoreReadOnlyApiToken::class]);
|
||||
Route::patch('/services/{uuid}/envs/bulk', [ServicesController::class, 'create_bulk_envs'])->middleware([IgnoreReadOnlyApiToken::class]);
|
||||
Route::patch('/services/{uuid}/envs', [ServicesController::class, 'update_env_by_uuid'])->middleware([IgnoreReadOnlyApiToken::class]);
|
||||
Route::delete('/services/{uuid}/envs/{env_uuid}', [ServicesController::class, 'delete_env_by_uuid'])->middleware([IgnoreReadOnlyApiToken::class]);
|
||||
Route::get('/services/{uuid}/envs', [ServicesController::class, 'envs'])->middleware(['api.ability:read']);
|
||||
Route::post('/services/{uuid}/envs', [ServicesController::class, 'create_env'])->middleware(['api.ability:write']);
|
||||
Route::patch('/services/{uuid}/envs/bulk', [ServicesController::class, 'create_bulk_envs'])->middleware(['api.ability:write']);
|
||||
Route::patch('/services/{uuid}/envs', [ServicesController::class, 'update_env_by_uuid'])->middleware(['api.ability:write']);
|
||||
Route::delete('/services/{uuid}/envs/{env_uuid}', [ServicesController::class, 'delete_env_by_uuid'])->middleware(['api.ability:write']);
|
||||
|
||||
Route::match(['get', 'post'], '/services/{uuid}/start', [ServicesController::class, 'action_deploy'])->middleware([IgnoreReadOnlyApiToken::class]);
|
||||
Route::match(['get', 'post'], '/services/{uuid}/restart', [ServicesController::class, 'action_restart'])->middleware([IgnoreReadOnlyApiToken::class]);
|
||||
Route::match(['get', 'post'], '/services/{uuid}/stop', [ServicesController::class, 'action_stop'])->middleware([IgnoreReadOnlyApiToken::class]);
|
||||
Route::match(['get', 'post'], '/services/{uuid}/start', [ServicesController::class, 'action_deploy'])->middleware(['api.ability:write']);
|
||||
Route::match(['get', 'post'], '/services/{uuid}/restart', [ServicesController::class, 'action_restart'])->middleware(['api.ability:write']);
|
||||
Route::match(['get', 'post'], '/services/{uuid}/stop', [ServicesController::class, 'action_stop'])->middleware(['api.ability:write']);
|
||||
});
|
||||
|
||||
Route::group([
|
||||
|
||||
@@ -12,8 +12,8 @@ use App\Livewire\Destination\Show as DestinationShow;
|
||||
use App\Livewire\ForcePasswordReset;
|
||||
use App\Livewire\Notifications\Discord as NotificationDiscord;
|
||||
use App\Livewire\Notifications\Email as NotificationEmail;
|
||||
use App\Livewire\Notifications\Telegram as NotificationTelegram;
|
||||
use App\Livewire\Notifications\Slack as NotificationSlack;
|
||||
use App\Livewire\Notifications\Telegram as NotificationTelegram;
|
||||
use App\Livewire\Profile\Index as ProfileIndex;
|
||||
use App\Livewire\Project\Application\Configuration as ApplicationConfiguration;
|
||||
use App\Livewire\Project\Application\Deployment\Index as DeploymentIndex;
|
||||
|
||||
Reference in New Issue
Block a user