dave/coolify
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

reverting: encrypting mount and fs_path

Browse Source
This commit is contained in:
Andras Bacsai
2025-03-29 22:16:12 +01:00
parent 34e1587068
commit b376d6df2a
3 changed files with 137 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
app/Models/LocalFileVolume.php
View File

@@ -9,8 +9,8 @@ use Illuminate\Database\Eloquent\Factories\HasFactory;
class LocalFileVolume extends BaseModel
{
protected $casts = [
'fs_path' => 'encrypted',
'mount_path' => 'encrypted',
// 'fs_path' => 'encrypted',
// 'mount_path' => 'encrypted',
'content' => 'encrypted',
'is_directory' => 'boolean',
];

48
bootstrap/helpers/shared.php
View File

@@ -1363,15 +1363,21 @@ function parseServiceVolumes($serviceVolumes, $resource, $topLevelVolumes, $pull
$source = $source."-pr-$pull_request_id";
}
if (! $resource?->settings?->is_preserve_repository_enabled || $foundConfig?->is_based_on_git) {
$volume = LocalFileVolume::wherePlainMountPath($target)->first() ?? new LocalFileVolume;
$volume->fill([
LocalFileVolume::updateOrCreate(
[
'mount_path' => $target,
'resource_id' => $resource->id,
'resource_type' => get_class($resource),
],
[
'fs_path' => $source,
'mount_path' => $target,
'content' => $content,
'is_directory' => $isDirectory,
'resource_id' => $resource->id,
'resource_type' => get_class($resource),
])->save();
]
);
}
} elseif ($type->value() === 'volume') {
if ($topLevelVolumes->has($source->value())) {
@@ -1670,27 +1676,21 @@ function parseDockerComposeFile(Service|Application $resource, bool $isNew = fal
return $volume;
}
$existingVolume = LocalFileVolume::wherePlainMountPath($target)->first();
if ($existingVolume) {
$existingVolume->update([
LocalFileVolume::updateOrCreate(
[
'mount_path' => $target,
'resource_id' => $savedService->id,
'resource_type' => get_class($savedService),
],
[
'fs_path' => $source,
'mount_path' => $target,
'content' => $content,
'is_directory' => $isDirectory,
'resource_id' => $savedService->id,
'resource_type' => get_class($savedService),
]);
} else {
LocalFileVolume::create([
'fs_path' => $source,
'mount_path' => $target,
'content' => $content,
'is_directory' => $isDirectory,
'resource_id' => $savedService->id,
'resource_type' => get_class($savedService),
]);
}
]
);
} elseif ($type->value() === 'volume') {
if ($topLevelVolumes->has($source->value())) {
$v = $topLevelVolumes->get($source->value());
@@ -3328,15 +3328,21 @@ function newParser(Application|Service $resource, int $pull_request_id = 0, ?int
if ($isApplication && $isPullRequest) {
$source = $source."-pr-$pullRequestId";
}
$volume = LocalFileVolume::wherePlainMountPath($target)->first() ?? new LocalFileVolume;
$volume->fill([
LocalFileVolume::updateOrCreate(
[
'mount_path' => $target,
'resource_id' => $originalResource->id,
'resource_type' => get_class($originalResource),
],
[
'fs_path' => $source,
'mount_path' => $target,
'content' => $content,
'is_directory' => $isDirectory,
'resource_id' => $originalResource->id,
'resource_type' => get_class($originalResource),
])->save();
]
);
if (isDev()) {
if ((int) $resource->compose_parsing_version >= 4) {
if ($isApplication) {

96
database/migrations/2025_03_29_204400_revert_some_local_volume_encryption.php Normal file
View File

@@ -0,0 +1,96 @@
<?php
use Illuminate\Database\Migrations\Migration;
use Illuminate\Support\Facades\Crypt;
use Illuminate\Support\Facades\DB;
use Illuminate\Support\Facades\Log;
return new class extends Migration
{
/**
* Run the migrations.
*/
public function up(): void
{
if (DB::table('local_file_volumes')->exists()) {
DB::table('local_file_volumes')
->orderBy('id')
->chunk(100, function ($volumes) {
foreach ($volumes as $volume) {
DB::beginTransaction();
try {
$fs_path = $volume->fs_path;
$mount_path = $volume->mount_path;
try {
if ($fs_path) {
$fs_path = Crypt::decryptString($fs_path);
}
} catch (\Exception $e) {
}
try {
if ($mount_path) {
$mount_path = Crypt::decryptString($mount_path);
}
} catch (\Exception $e) {
}
DB::table('local_file_volumes')->where('id', $volume->id)->update([
'fs_path' => $fs_path,
'mount_path' => $mount_path,
]);
echo "Updated volume {$volume->id}\n";
} catch (\Exception $e) {
echo "Error encrypting local file volume fields: {$e->getMessage()}\n";
Log::error('Error encrypting local file volume fields: '.$e->getMessage());
}
DB::commit();
}
});
}
}
/**
* Reverse the migrations.
*/
public function down(): void
{
if (DB::table('local_file_volumes')->exists()) {
DB::table('local_file_volumes')
->orderBy('id')
->chunk(100, function ($volumes) {
foreach ($volumes as $volume) {
DB::beginTransaction();
try {
$fs_path = $volume->fs_path;
$mount_path = $volume->mount_path;
try {
if ($fs_path) {
$fs_path = Crypt::encrypt($fs_path);
}
} catch (\Exception $e) {
}
try {
if ($mount_path) {
$mount_path = Crypt::encrypt($mount_path);
}
} catch (\Exception $e) {
}
DB::table('local_file_volumes')->where('id', $volume->id)->update([
'fs_path' => $fs_path,
'mount_path' => $mount_path,
]);
echo "Updated volume {$volume->id}\n";
} catch (\Exception $e) {
echo "Error decrypting local file volume fields: {$e->getMessage()}\n";
Log::error('Error decrypting local file volume fields: '.$e->getMessage());
}
DB::commit();
}
});
}
}
};