From b376d6df2a58b8057cfb78b2e5bf8d3ab4af01ab Mon Sep 17 00:00:00 2001 From: Andras Bacsai <5845193+andrasbacsai@users.noreply.github.com> Date: Sat, 29 Mar 2025 22:16:12 +0100 Subject: [PATCH] reverting: encrypting mount and fs_path --- app/Models/LocalFileVolume.php | 4 +- bootstrap/helpers/shared.php | 72 +++++++------- ...00_revert_some_local_volume_encryption.php | 96 +++++++++++++++++++ 3 files changed, 137 insertions(+), 35 deletions(-) create mode 100644 database/migrations/2025_03_29_204400_revert_some_local_volume_encryption.php diff --git a/app/Models/LocalFileVolume.php b/app/Models/LocalFileVolume.php index 1a5430c5b..c56cd7694 100644 --- a/app/Models/LocalFileVolume.php +++ b/app/Models/LocalFileVolume.php @@ -9,8 +9,8 @@ use Illuminate\Database\Eloquent\Factories\HasFactory; class LocalFileVolume extends BaseModel { protected $casts = [ - 'fs_path' => 'encrypted', - 'mount_path' => 'encrypted', + // 'fs_path' => 'encrypted', + // 'mount_path' => 'encrypted', 'content' => 'encrypted', 'is_directory' => 'boolean', ]; diff --git a/bootstrap/helpers/shared.php b/bootstrap/helpers/shared.php index 218ca1b37..a020e7558 100644 --- a/bootstrap/helpers/shared.php +++ b/bootstrap/helpers/shared.php @@ -1363,15 +1363,21 @@ function parseServiceVolumes($serviceVolumes, $resource, $topLevelVolumes, $pull $source = $source."-pr-$pull_request_id"; } if (! $resource?->settings?->is_preserve_repository_enabled || $foundConfig?->is_based_on_git) { - $volume = LocalFileVolume::wherePlainMountPath($target)->first() ?? new LocalFileVolume; - $volume->fill([ - 'fs_path' => $source, - 'mount_path' => $target, - 'content' => $content, - 'is_directory' => $isDirectory, - 'resource_id' => $resource->id, - 'resource_type' => get_class($resource), - ])->save(); + LocalFileVolume::updateOrCreate( + [ + 'mount_path' => $target, + 'resource_id' => $resource->id, + 'resource_type' => get_class($resource), + ], + [ + 'fs_path' => $source, + 'mount_path' => $target, + 'content' => $content, + 'is_directory' => $isDirectory, + 'resource_id' => $resource->id, + 'resource_type' => get_class($resource), + ] + ); } } elseif ($type->value() === 'volume') { if ($topLevelVolumes->has($source->value())) { @@ -1670,27 +1676,21 @@ function parseDockerComposeFile(Service|Application $resource, bool $isNew = fal return $volume; } - $existingVolume = LocalFileVolume::wherePlainMountPath($target)->first(); - - if ($existingVolume) { - $existingVolume->update([ + LocalFileVolume::updateOrCreate( + [ + 'mount_path' => $target, + 'resource_id' => $savedService->id, + 'resource_type' => get_class($savedService), + ], + [ 'fs_path' => $source, 'mount_path' => $target, 'content' => $content, 'is_directory' => $isDirectory, 'resource_id' => $savedService->id, 'resource_type' => get_class($savedService), - ]); - } else { - LocalFileVolume::create([ - 'fs_path' => $source, - 'mount_path' => $target, - 'content' => $content, - 'is_directory' => $isDirectory, - 'resource_id' => $savedService->id, - 'resource_type' => get_class($savedService), - ]); - } + ] + ); } elseif ($type->value() === 'volume') { if ($topLevelVolumes->has($source->value())) { $v = $topLevelVolumes->get($source->value()); @@ -3328,15 +3328,21 @@ function newParser(Application|Service $resource, int $pull_request_id = 0, ?int if ($isApplication && $isPullRequest) { $source = $source."-pr-$pullRequestId"; } - $volume = LocalFileVolume::wherePlainMountPath($target)->first() ?? new LocalFileVolume; - $volume->fill([ - 'fs_path' => $source, - 'mount_path' => $target, - 'content' => $content, - 'is_directory' => $isDirectory, - 'resource_id' => $originalResource->id, - 'resource_type' => get_class($originalResource), - ])->save(); + LocalFileVolume::updateOrCreate( + [ + 'mount_path' => $target, + 'resource_id' => $originalResource->id, + 'resource_type' => get_class($originalResource), + ], + [ + 'fs_path' => $source, + 'mount_path' => $target, + 'content' => $content, + 'is_directory' => $isDirectory, + 'resource_id' => $originalResource->id, + 'resource_type' => get_class($originalResource), + ] + ); if (isDev()) { if ((int) $resource->compose_parsing_version >= 4) { if ($isApplication) { diff --git a/database/migrations/2025_03_29_204400_revert_some_local_volume_encryption.php b/database/migrations/2025_03_29_204400_revert_some_local_volume_encryption.php new file mode 100644 index 000000000..683f1be3d --- /dev/null +++ b/database/migrations/2025_03_29_204400_revert_some_local_volume_encryption.php @@ -0,0 +1,96 @@ +exists()) { + DB::table('local_file_volumes') + ->orderBy('id') + ->chunk(100, function ($volumes) { + foreach ($volumes as $volume) { + DB::beginTransaction(); + + try { + $fs_path = $volume->fs_path; + $mount_path = $volume->mount_path; + try { + if ($fs_path) { + $fs_path = Crypt::decryptString($fs_path); + } + } catch (\Exception $e) { + } + + try { + if ($mount_path) { + $mount_path = Crypt::decryptString($mount_path); + } + } catch (\Exception $e) { + } + + DB::table('local_file_volumes')->where('id', $volume->id)->update([ + 'fs_path' => $fs_path, + 'mount_path' => $mount_path, + ]); + echo "Updated volume {$volume->id}\n"; + } catch (\Exception $e) { + echo "Error encrypting local file volume fields: {$e->getMessage()}\n"; + Log::error('Error encrypting local file volume fields: '.$e->getMessage()); + } + DB::commit(); + } + }); + } + } + + /** + * Reverse the migrations. + */ + public function down(): void + { + if (DB::table('local_file_volumes')->exists()) { + DB::table('local_file_volumes') + ->orderBy('id') + ->chunk(100, function ($volumes) { + foreach ($volumes as $volume) { + DB::beginTransaction(); + try { + $fs_path = $volume->fs_path; + $mount_path = $volume->mount_path; + try { + if ($fs_path) { + $fs_path = Crypt::encrypt($fs_path); + } + } catch (\Exception $e) { + } + + try { + if ($mount_path) { + $mount_path = Crypt::encrypt($mount_path); + } + } catch (\Exception $e) { + } + + DB::table('local_file_volumes')->where('id', $volume->id)->update([ + 'fs_path' => $fs_path, + 'mount_path' => $mount_path, + ]); + echo "Updated volume {$volume->id}\n"; + } catch (\Exception $e) { + echo "Error decrypting local file volume fields: {$e->getMessage()}\n"; + Log::error('Error decrypting local file volume fields: '.$e->getMessage()); + } + DB::commit(); + } + }); + } + } +};