dave/coolify
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

fix: restrict jobs on cloud

Browse Source 
fix: restrict sentinel endpoint
This commit is contained in:
Andras Bacsai
2025-01-10 11:54:45 +01:00
parent 676f616efa
commit b09f0043d1
3 changed files with 89 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
routes/api.php
View File

@@ -132,18 +132,35 @@ Route::group([
'prefix' => 'v1',
], function () {
Route::post('/sentinel/push', function () {
// return response()->json(['message' => 'temporary unavailable'], 503);
$token = request()->header('Authorization');
if (! $token) {
return response()->json(['message' => 'Unauthorized'], 401);
}
$naked_token = str_replace('Bearer ', '', $token);
$decrypted = decrypt($naked_token);
$decrypted_token = json_decode($decrypted, true);
try {
$decrypted = decrypt($naked_token);
$decrypted_token = json_decode($decrypted, true);
} catch (\Exception $e) {
return response()->json(['message' => 'Invalid token'], 401);
}
$server_uuid = data_get($decrypted_token, 'server_uuid');
if (! $server_uuid) {
return response()->json(['message' => 'Invalid token'], 401);
}
$server = Server::where('uuid', $server_uuid)->first();
if (! $server) {
return response()->json(['message' => 'Server not found'], 404);
}
if (isCloud() && data_get($server->team->subscription, 'stripe_invoice_paid', false) === false && $server->team->id !== 0) {
return response()->json(['message' => 'Unauthorized'], 401);
}
if ($server->isFunctional() === false) {
return response()->json(['message' => 'Server is not functional'], 401);
}
if ($server->settings->sentinel_token !== $naked_token) {
return response()->json(['message' => 'Unauthorized'], 401);
}