dave/coolify
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

Merge pull request #3576 from peaklabs-dev/fix-api-enabeled

Browse Source 
Fix: Disable API by default and do not allow API key creation when API is disabled
This commit is contained in:
Andras Bacsai
2024-09-27 16:46:21 +02:00
committed by GitHub
parent 4995675745 111e9ba3a3
commit c52fe571f5
3 changed files with 74 additions and 58 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
app/Livewire/Security/ApiTokens.php
View File

@@ -2,6 +2,7 @@
namespace App\Livewire\Security;
use App\Models\InstanceSettings;
use Livewire\Component;
class ApiTokens extends Component
@@ -16,13 +17,18 @@ class ApiTokens extends Component
public array $permissions = ['read-only'];
public $instanceSettings;
public function render()
{
return view('livewire.security.api-tokens');
return view('livewire.security.api-tokens', [
'instanceSettings' => $this->instanceSettings,
]);
}
public function mount()
{
$this->instanceSettings = InstanceSettings::get();
$this->tokens = auth()->user()->tokens->sortByDesc('created_at');
}

18
database/migrations/2024_09_26_083441_disable_api_by_default.php Normal file
View File

@@ -0,0 +1,18 @@
<?php
use Illuminate\Database\Migrations\Migration;
use Illuminate\Database\Schema\Blueprint;
use Illuminate\Support\Facades\Schema;
return new class extends Migration
{
/**
* Run the migrations.
*/
public function up(): void
{
Schema::table('instance_settings', function (Blueprint $table) {
$table->boolean('is_api_enabled')->default(false)->change();
});
}
};

22
resources/views/livewire/security/api-tokens.blade.php
View File

@@ -5,6 +5,9 @@
<x-security.navbar />
<div class="pb-4 ">
<h2>API Tokens</h2>
@if (!$instanceSettings->is_api_enabled)
<strong>API is disabled. If you want to use the API, please enable it in the Coolify Instance Settings.</strong>
@else
<div>Tokens are created with the current team as scope. You will only have access to this team's resources.
</div>
</div>
@@ -15,8 +18,8 @@
<x-forms.button type="submit">Create New Token</x-forms.button>
</div>
<div class="flex">
Permissions <x-helper class="px-1" helper="These permissions will be granted to the token." /><span
class="pr-1">:</span>
Permissions
<x-helper class="px-1" helper="These permissions will be granted to the token." /><span class="pr-1">:</span>
<div class="flex gap-1 font-bold dark:text-white">
@if ($permissions)
@foreach ($permissions as $permission)
@@ -56,18 +59,7 @@
@endif
</div>
<x-modal-confirmation
title="Confirm API Token Revocation?"
isErrorButton
buttonTitle="Revoke token"
submitAction="revoke({{ data_get($token, 'id') }})"
:actions="['This API Token will be revoked and permanently deleted.', 'Any API call made with this token will fail.']"
confirmationText="{{ $token->name }}"
confirmationLabel="Please confirm the execution of the actions by entering the API Token Description below"
shortConfirmationLabel="API Token Description"
:confirmWithPassword="false"
step2ButtonText="Revoke API Token"
/>
<x-modal-confirmation title="Confirm API Token Revocation?" isErrorButton buttonTitle="Revoke token" submitAction="revoke({{ data_get($token, 'id') }})" :actions="['This API Token will be revoked and permanently deleted.', 'Any API call made with this token will fail.']" confirmationText="{{ $token->name }}" confirmationLabel="Please confirm the execution of the actions by entering the API Token Description below" shortConfirmationLabel="API Token Description" :confirmWithPassword="false" step2ButtonText="Revoke API Token" />
</div>
@empty
<div>
@@ -75,5 +67,5 @@
</div>
@endforelse
</div>
@endif
</div>