dave/coolify
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

refactor: Improve attribute sanitization in Server model

Browse Source
This commit is contained in:
Andras Bacsai
2024-09-20 18:14:52 +02:00
parent be42f15711
commit eb9bbf3eda
2 changed files with 44 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
app/Models/Server.php
View File

@@ -884,6 +884,35 @@ $schema://$host {
return $this->hasMany(Service::class); return $this->hasMany(Service::class);
} }
public function port(): Attribute
{
return Attribute::make(
get: function ($value) {
return preg_replace('/[^0-9]/', '', $value);
}
);
}
public function user(): Attribute
{
return Attribute::make(
get: function ($value) {
$sanitizedValue = preg_replace('/[^A-Za-z0-9\-_]/', '', $value);
return $sanitizedValue;
}
);
}
public function ip(): Attribute
{
return Attribute::make(
get: function ($value) {
return preg_replace('/[^0-9a-zA-Z.-]/', '', $value);
}
);
}
public function getIp(): Attribute public function getIp(): Attribute
{ {
return Attribute::make( return Attribute::make(

35
resources/views/livewire/server/form.blade.php
View File

@@ -3,15 +3,10 @@
<div class="flex gap-2"> <div class="flex gap-2">
<h2>General</h2> <h2>General</h2>
@if ($server->id === 0) @if ($server->id === 0)
<x-modal-confirmation <x-modal-confirmation title="Confirm Server Settings Change?" buttonTitle="Save" submitAction="submit"
title="Confirm Server Settings Change?" :actions="[
buttonTitle="Save" 'You could lose a lot of functionalities if you change the server details of the server where Coolify is running on.',
submitAction="submit" ]" :confirmWithText="false" :confirmWithPassword="false" step2ButtonText="Save" />
:actions="['You could lose a lot of functionalities if you change the server details of the server where Coolify is running on.']"
:confirmWithText="false"
:confirmWithPassword="false"
step2ButtonText="Save Server Settings"
/>
@else @else
<x-forms.button type="submit">Save</x-forms.button> <x-forms.button type="submit">Save</x-forms.button>
@if ($server->isFunctional()) @if ($server->isFunctional())
@@ -39,7 +34,7 @@
<livewire:server.validate-and-install :server="$server" /> <livewire:server.validate-and-install :server="$server" />
</x-slot:content> </x-slot:content>
<x-forms.button @click="slideOverOpen=true" <x-forms.button @click="slideOverOpen=true"
class="w-full mt-8 mb-4 font-bold box-without-bg bg-coollabs hover:bg-coollabs-100" class="mt-8 mb-4 w-full font-bold box-without-bg bg-coollabs hover:bg-coollabs-100"
wire:click.prevent='validateServer' isHighlighted> wire:click.prevent='validateServer' isHighlighted>
Validate Server & Install Docker Engine Validate Server & Install Docker Engine
</x-forms.button> </x-forms.button>
@@ -62,7 +57,7 @@
number of servers for which you have paid.</div> number of servers for which you have paid.</div>
@endif @endif
<div class="flex flex-col gap-2 pt-4"> <div class="flex flex-col gap-2 pt-4">
<div class="flex flex-col w-full gap-2 lg:flex-row"> <div class="flex flex-col gap-2 w-full lg:flex-row">
<x-forms.input id="server.name" label="Name" required /> <x-forms.input id="server.name" label="Name" required />
<x-forms.input id="server.description" label="Description" /> <x-forms.input id="server.description" label="Description" />
@if (!$server->settings->is_swarm_worker && !$server->settings->is_build_server) @if (!$server->settings->is_swarm_worker && !$server->settings->is_build_server)
@@ -71,7 +66,7 @@
@endif @endif
</div> </div>
<div class="flex flex-col w-full gap-2 lg:flex-row"> <div class="flex flex-col gap-2 w-full lg:flex-row">
<x-forms.input type="password" id="server.ip" label="IP Address/Domain" <x-forms.input type="password" id="server.ip" label="IP Address/Domain"
helper="An IP Address (127.0.0.1) or domain (example.com)." required /> helper="An IP Address (127.0.0.1) or domain (example.com)." required />
<div class="flex gap-2"> <div class="flex gap-2">
@@ -98,24 +93,24 @@
<x-helper class="ml-2" helper="Server's timezone. This is used for backups, cron jobs, etc." /> <x-helper class="ml-2" helper="Server's timezone. This is used for backups, cron jobs, etc." />
</div> </div>
<div class="relative"> <div class="relative">
<div class="inline-flex items-center relative w-64"> <div class="inline-flex relative items-center w-64">
<input wire:dirty.class.remove='dark:focus:ring-coolgray-300 dark:ring-coolgray-300' <input wire:dirty.class.remove='dark:focus:ring-coolgray-300 dark:ring-coolgray-300'
wire:dirty.class="dark:focus:ring-warning dark:ring-warning" x-model="search" wire:dirty.class="dark:focus:ring-warning dark:ring-warning" x-model="search"
@focus="open = true" @click.away="open = false" @input="open = true" class="w-full input " @focus="open = true" @click.away="open = false" @input="open = true" class="w-full input"
:placeholder="placeholder" wire:model.debounce.300ms="server.settings.server_timezone"> :placeholder="placeholder" wire:model.debounce.300ms="server.settings.server_timezone">
<svg class="absolute right-0 w-4 h-4 mr-2" xmlns="http://www.w3.org/2000/svg" fill="none" <svg class="absolute right-0 mr-2 w-4 h-4" xmlns="http://www.w3.org/2000/svg" fill="none"
viewBox="0 0 24 24" stroke-width="1.5" stroke="currentColor" @click="open = true"> viewBox="0 0 24 24" stroke-width="1.5" stroke="currentColor" @click="open = true">
<path stroke-linecap="round" stroke-linejoin="round" <path stroke-linecap="round" stroke-linejoin="round"
d="M8.25 15L12 18.75 15.75 15m-7.5-6L12 5.25 15.75 9" /> d="M8.25 15L12 18.75 15.75 15m-7.5-6L12 5.25 15.75 9" />
</svg> </svg>
</div> </div>
<div x-show="open" <div x-show="open"
class="absolute z-50 w-64 mt-1 bg-white dark:bg-coolgray-100 border dark:border-coolgray-200 rounded-md shadow-lg max-h-60 overflow-auto scrollbar overflow-x-hidden"> class="overflow-auto overflow-x-hidden absolute z-50 mt-1 w-64 max-h-60 bg-white rounded-md border shadow-lg dark:bg-coolgray-100 dark:border-coolgray-200 scrollbar">
<template <template
x-for="timezone in timezones.filter(tz => tz.toLowerCase().includes(search.toLowerCase()))" x-for="timezone in timezones.filter(tz => tz.toLowerCase().includes(search.toLowerCase()))"
:key="timezone"> :key="timezone">
<div @click="search = timezone; open = false; $wire.set('server.settings.server_timezone', timezone)" <div @click="search = timezone; open = false; $wire.set('server.settings.server_timezone', timezone)"
class="px-4 py-2 cursor-pointer hover:bg-gray-100 dark:hover:bg-coolgray-300 text-gray-800 dark:text-gray-200" class="px-4 py-2 text-gray-800 cursor-pointer hover:bg-gray-100 dark:hover:bg-coolgray-300 dark:text-gray-200"
x-text="timezone"></div> x-text="timezone"></div>
</template> </template>
</div> </div>
@@ -126,7 +121,7 @@
@if (!$server->isLocalhost()) @if (!$server->isLocalhost())
<x-forms.checkbox instantSave id="server.settings.is_build_server" <x-forms.checkbox instantSave id="server.settings.is_build_server"
label="Use it as a build server?" /> label="Use it as a build server?" />
<div class="flex items-center gap-1 pt-6"> <div class="flex gap-1 items-center pt-6">
<h3 class="">Cloudflare Tunnels <h3 class="">Cloudflare Tunnels
</h3> </h3>
<x-helper class="inline-flex" <x-helper class="inline-flex"
@@ -168,7 +163,7 @@
@endif @endif
@endif @endif
@else @else
<div class="flex items-center gap-1 pt-6"> <div class="flex gap-1 items-center pt-6">
<h3 class="">Cloudflare Tunnels <h3 class="">Cloudflare Tunnels
</h3> </h3>
<x-helper class="inline-flex" <x-helper class="inline-flex"
@@ -213,7 +208,7 @@
helper="You can define the maximum duration for a deployment to run before timing it out." /> helper="You can define the maximum duration for a deployment to run before timing it out." />
</div> </div>
</div> </div>
<div class="flex items-center gap-2 pt-4 pb-2"> <div class="flex gap-2 items-center pt-4 pb-2">
<h3>Sentinel</h3> <h3>Sentinel</h3>
{{-- @if ($server->isSentinelEnabled()) --}} {{-- @if ($server->isSentinelEnabled()) --}}
{{-- <x-forms.button wire:click='restartSentinel'>Restart</x-forms.button> --}} {{-- <x-forms.button wire:click='restartSentinel'>Restart</x-forms.button> --}}