dave/coolify
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

Merge branch 'next' into main

Browse Source
This commit is contained in:
Lukasz L.
2025-04-03 23:57:43 +02:00
committed by GitHub
parent e8d0478cc9 d9be1191d6
commit fb0bf3e687
29 changed files with 7393 additions and 4501 deletions
Download Patch File Download Diff File Expand all files Collapse all files

56
app/Actions/Proxy/StopProxy.php Normal file
View File

@@ -0,0 +1,56 @@
<?php
namespace App\Actions\Proxy;
use App\Models\Server;
use Carbon\Carbon;
use Illuminate\Process\InvokedProcess;
use Illuminate\Support\Facades\Process;
use Lorisleiva\Actions\Concerns\AsAction;
class StopProxy
{
use AsAction;
public function handle(Server $server, bool $forceStop = true)
{
try {
$containerName = $server->isSwarm() ? 'coolify-proxy_traefik' : 'coolify-proxy';
$timeout = 30;
$process = $this->stopContainer($containerName, $timeout);
$startTime = Carbon::now()->getTimestamp();
while ($process->running()) {
if (Carbon::now()->getTimestamp() - $startTime >= $timeout) {
$this->forceStopContainer($containerName, $server);
break;
}
usleep(100000);
}
$this->removeContainer($containerName, $server);
} catch (\Throwable $e) {
return handleError($e);
} finally {
$server->proxy->force_stop = $forceStop;
$server->proxy->status = 'exited';
$server->save();
}
}
private function stopContainer(string $containerName, int $timeout): InvokedProcess
{
return Process::timeout($timeout)->start("docker stop --time=$timeout $containerName");
}
private function forceStopContainer(string $containerName, Server $server)
{
instant_remote_process(["docker kill $containerName"], $server, throwError: false);
}
private function removeContainer(string $containerName, Server $server)
{
instant_remote_process(["docker rm -f $containerName"], $server, throwError: false);
}
}

368
app/Http/Controllers/Api/ApplicationsController.php
View File

@@ -2881,198 +2881,198 @@ class ApplicationsController extends Controller
);
}
#[OA\Post(
summary: 'Execute Command',
description: "Execute a command on the application's current container.",
path: '/applications/{uuid}/execute',
operationId: 'execute-command-application',
security: [
['bearerAuth' => []],
],
tags: ['Applications'],
parameters: [
new OA\Parameter(
name: 'uuid',
in: 'path',
description: 'UUID of the application.',
required: true,
schema: new OA\Schema(
type: 'string',
format: 'uuid',
)
),
],
requestBody: new OA\RequestBody(
required: true,
description: 'Command to execute.',
content: new OA\MediaType(
mediaType: 'application/json',
schema: new OA\Schema(
type: 'object',
properties: [
'command' => ['type' => 'string', 'description' => 'Command to execute.'],
],
),
),
),
responses: [
new OA\Response(
response: 200,
description: "Execute a command on the application's current container.",
content: [
new OA\MediaType(
mediaType: 'application/json',
schema: new OA\Schema(
type: 'object',
properties: [
'message' => ['type' => 'string', 'example' => 'Command executed.'],
'response' => ['type' => 'string'],
]
)
),
]
),
new OA\Response(
response: 401,
ref: '#/components/responses/401',
),
new OA\Response(
response: 400,
ref: '#/components/responses/400',
),
new OA\Response(
response: 404,
ref: '#/components/responses/404',
),
]
)]
public function execute_command_by_uuid(Request $request)
{
// TODO: Need to review this from security perspective, to not allow arbitrary command execution
$allowedFields = ['command'];
$teamId = getTeamIdFromToken();
if (is_null($teamId)) {
return invalidTokenResponse();
}
$uuid = $request->route('uuid');
if (! $uuid) {
return response()->json(['message' => 'UUID is required.'], 400);
}
$application = Application::ownedByCurrentTeamAPI($teamId)->where('uuid', $request->uuid)->first();
if (! $application) {
return response()->json(['message' => 'Application not found.'], 404);
}
$return = validateIncomingRequest($request);
if ($return instanceof \Illuminate\Http\JsonResponse) {
return $return;
}
$validator = customApiValidator($request->all(), [
'command' => 'string|required',
]);
// #[OA\Post(
// summary: 'Execute Command',
// description: "Execute a command on the application's current container.",
// path: '/applications/{uuid}/execute',
// operationId: 'execute-command-application',
// security: [
// ['bearerAuth' => []],
// ],
// tags: ['Applications'],
// parameters: [
// new OA\Parameter(
// name: 'uuid',
// in: 'path',
// description: 'UUID of the application.',
// required: true,
// schema: new OA\Schema(
// type: 'string',
// format: 'uuid',
// )
// ),
// ],
// requestBody: new OA\RequestBody(
// required: true,
// description: 'Command to execute.',
// content: new OA\MediaType(
// mediaType: 'application/json',
// schema: new OA\Schema(
// type: 'object',
// properties: [
// 'command' => ['type' => 'string', 'description' => 'Command to execute.'],
// ],
// ),
// ),
// ),
// responses: [
// new OA\Response(
// response: 200,
// description: "Execute a command on the application's current container.",
// content: [
// new OA\MediaType(
// mediaType: 'application/json',
// schema: new OA\Schema(
// type: 'object',
// properties: [
// 'message' => ['type' => 'string', 'example' => 'Command executed.'],
// 'response' => ['type' => 'string'],
// ]
// )
// ),
// ]
// ),
// new OA\Response(
// response: 401,
// ref: '#/components/responses/401',
// ),
// new OA\Response(
// response: 400,
// ref: '#/components/responses/400',
// ),
// new OA\Response(
// response: 404,
// ref: '#/components/responses/404',
// ),
// ]
// )]
// public function execute_command_by_uuid(Request $request)
// {
// // TODO: Need to review this from security perspective, to not allow arbitrary command execution
// $allowedFields = ['command'];
// $teamId = getTeamIdFromToken();
// if (is_null($teamId)) {
// return invalidTokenResponse();
// }
// $uuid = $request->route('uuid');
// if (! $uuid) {
// return response()->json(['message' => 'UUID is required.'], 400);
// }
// $application = Application::ownedByCurrentTeamAPI($teamId)->where('uuid', $request->uuid)->first();
// if (! $application) {
// return response()->json(['message' => 'Application not found.'], 404);
// }
// $return = validateIncomingRequest($request);
// if ($return instanceof \Illuminate\Http\JsonResponse) {
// return $return;
// }
// $validator = customApiValidator($request->all(), [
// 'command' => 'string|required',
// ]);
$extraFields = array_diff(array_keys($request->all()), $allowedFields);
if ($validator->fails() || ! empty($extraFields)) {
$errors = $validator->errors();
if (! empty($extraFields)) {
foreach ($extraFields as $field) {
$errors->add($field, 'This field is not allowed.');
}
}
// $extraFields = array_diff(array_keys($request->all()), $allowedFields);
// if ($validator->fails() || ! empty($extraFields)) {
// $errors = $validator->errors();
// if (! empty($extraFields)) {
// foreach ($extraFields as $field) {
// $errors->add($field, 'This field is not allowed.');
// }
// }
return response()->json([
'message' => 'Validation failed.',
'errors' => $errors,
], 422);
}
// return response()->json([
// 'message' => 'Validation failed.',
// 'errors' => $errors,
// ], 422);
// }
$container = getCurrentApplicationContainerStatus($application->destination->server, $application->id)->firstOrFail();
$status = getContainerStatus($application->destination->server, $container['Names']);
// $container = getCurrentApplicationContainerStatus($application->destination->server, $application->id)->firstOrFail();
// $status = getContainerStatus($application->destination->server, $container['Names']);
if ($status !== 'running') {
return response()->json([
'message' => 'Application is not running.',
], 400);
}
// if ($status !== 'running') {
// return response()->json([
// 'message' => 'Application is not running.',
// ], 400);
// }
$commands = collect([
executeInDocker($container['Names'], $request->command),
]);
// $commands = collect([
// executeInDocker($container['Names'], $request->command),
// ]);
$res = instant_remote_process(command: $commands, server: $application->destination->server);
// $res = instant_remote_process(command: $commands, server: $application->destination->server);
return response()->json([
'message' => 'Command executed.',
'response' => $res,
]);
}
// return response()->json([
// 'message' => 'Command executed.',
// 'response' => $res,
// ]);
// }
private function validateDataApplications(Request $request, Server $server)
{
$teamId = getTeamIdFromToken();
// private function validateDataApplications(Request $request, Server $server)
// {
// $teamId = getTeamIdFromToken();
// Validate ports_mappings
if ($request->has('ports_mappings')) {
$ports = [];
foreach (explode(',', $request->ports_mappings) as $portMapping) {
$port = explode(':', $portMapping);
if (in_array($port[0], $ports)) {
return response()->json([
'message' => 'Validation failed.',
'errors' => [
'ports_mappings' => 'The first number before : should be unique between mappings.',
],
], 422);
}
$ports[] = $port[0];
}
}
// Validate custom_labels
if ($request->has('custom_labels')) {
if (! isBase64Encoded($request->custom_labels)) {
return response()->json([
'message' => 'Validation failed.',
'errors' => [
'custom_labels' => 'The custom_labels should be base64 encoded.',
],
], 422);
}
$customLabels = base64_decode($request->custom_labels);
if (mb_detect_encoding($customLabels, 'ASCII', true) === false) {
return response()->json([
'message' => 'Validation failed.',
'errors' => [
'custom_labels' => 'The custom_labels should be base64 encoded.',
],
], 422);
}
}
if ($request->has('domains') && $server->isProxyShouldRun()) {
$uuid = $request->uuid;
$fqdn = $request->domains;
$fqdn = str($fqdn)->replaceEnd(',', '')->trim();
$fqdn = str($fqdn)->replaceStart(',', '')->trim();
$errors = [];
$fqdn = str($fqdn)->trim()->explode(',')->map(function ($domain) use (&$errors) {
if (filter_var($domain, FILTER_VALIDATE_URL) === false) {
$errors[] = 'Invalid domain: '.$domain;
}
// // Validate ports_mappings
// if ($request->has('ports_mappings')) {
// $ports = [];
// foreach (explode(',', $request->ports_mappings) as $portMapping) {
// $port = explode(':', $portMapping);
// if (in_array($port[0], $ports)) {
// return response()->json([
// 'message' => 'Validation failed.',
// 'errors' => [
// 'ports_mappings' => 'The first number before : should be unique between mappings.',
// ],
// ], 422);
// }
// $ports[] = $port[0];
// }
// }
// // Validate custom_labels
// if ($request->has('custom_labels')) {
// if (! isBase64Encoded($request->custom_labels)) {
// return response()->json([
// 'message' => 'Validation failed.',
// 'errors' => [
// 'custom_labels' => 'The custom_labels should be base64 encoded.',
// ],
// ], 422);
// }
// $customLabels = base64_decode($request->custom_labels);
// if (mb_detect_encoding($customLabels, 'ASCII', true) === false) {
// return response()->json([
// 'message' => 'Validation failed.',
// 'errors' => [
// 'custom_labels' => 'The custom_labels should be base64 encoded.',
// ],
// ], 422);
// }
// }
// if ($request->has('domains') && $server->isProxyShouldRun()) {
// $uuid = $request->uuid;
// $fqdn = $request->domains;
// $fqdn = str($fqdn)->replaceEnd(',', '')->trim();
// $fqdn = str($fqdn)->replaceStart(',', '')->trim();
// $errors = [];
// $fqdn = str($fqdn)->trim()->explode(',')->map(function ($domain) use (&$errors) {
// if (filter_var($domain, FILTER_VALIDATE_URL) === false) {
// $errors[] = 'Invalid domain: '.$domain;
// }
return str($domain)->trim()->lower();
});
if (count($errors) > 0) {
return response()->json([
'message' => 'Validation failed.',
'errors' => $errors,
], 422);
}
if (checkIfDomainIsAlreadyUsed($fqdn, $teamId, $uuid)) {
return response()->json([
'message' => 'Validation failed.',
'errors' => [
'domains' => 'One of the domain is already used.',
],
], 422);
}
}
}
// return str($domain)->trim()->lower();
// });
// if (count($errors) > 0) {
// return response()->json([
// 'message' => 'Validation failed.',
// 'errors' => $errors,
// ], 422);
// }
// if (checkIfDomainIsAlreadyUsed($fqdn, $teamId, $uuid)) {
// return response()->json([
// 'message' => 'Validation failed.',
// 'errors' => [
// 'domains' => 'One of the domain is already used.',
// ],
// ], 422);
// }
// }
// }
}

22
app/Http/Controllers/Api/SecurityController.php
View File

@@ -368,6 +368,20 @@ class SecurityController extends Controller
response: 404,
description: 'Private Key not found.',
),
new OA\Response(
response: 422,
description: 'Private Key is in use and cannot be deleted.',
content: [
new OA\MediaType(
mediaType: 'application/json',
schema: new OA\Schema(
type: 'object',
properties: [
'message' => ['type' => 'string', 'example' => 'Private Key is in use and cannot be deleted.'],
]
)
),
]),
]
)]
public function delete_key(Request $request)
@@ -384,6 +398,14 @@ class SecurityController extends Controller
if (is_null($key)) {
return response()->json(['message' => 'Private Key not found.'], 404);
}
if ($key->isInUse()) {
return response()->json([
'message' => 'Private Key is in use and cannot be deleted.',
'details' => 'This private key is currently being used by servers, applications, or Git integrations.',
], 422);
}
$key->forceDelete();
return response()->json([

5
app/Http/Controllers/Api/ServicesController.php
View File

@@ -103,7 +103,7 @@ class ServicesController extends Controller
mediaType: 'application/json',
schema: new OA\Schema(
type: 'object',
required: ['server_uuid', 'project_uuid', 'environment_name', 'environment_uuid', 'type'],
required: ['server_uuid', 'project_uuid', 'environment_name', 'environment_uuid'],
properties: [
'type' => [
'description' => 'The one-click service type',
@@ -205,6 +205,7 @@ class ServicesController extends Controller
'server_uuid' => ['type' => 'string', 'description' => 'Server UUID.'],
'destination_uuid' => ['type' => 'string', 'description' => 'Destination UUID. Required if server has multiple destinations.'],
'instant_deploy' => ['type' => 'boolean', 'default' => false, 'description' => 'Start the service immediately after creation.'],
'docker_compose_raw' => ['type' => 'string', 'description' => 'The Docker Compose raw content.'],
],
),
),
@@ -256,7 +257,7 @@ class ServicesController extends Controller
'environment_name' => 'string|nullable',
'environment_uuid' => 'string|nullable',
'server_uuid' => 'string|required',
'destination_uuid' => 'string',
'destination_uuid' => 'string|nullable',
'name' => 'string|max:255',
'description' => 'string|nullable',
'instant_deploy' => 'boolean',

18
app/Jobs/ApplicationDeploymentJob.php
View File

@@ -329,13 +329,8 @@ class ApplicationDeploymentJob implements ShouldBeEncrypted, ShouldQueue
} else {
$this->write_deployment_configurations();
}
$this->execute_remote_command(
[
"docker rm -f {$this->deployment_uuid} >/dev/null 2>&1",
'hidden' => true,
'ignore_errors' => true,
]
);
$this->application_deployment_queue->addLogEntry("Starting graceful shutdown container: {$this->deployment_uuid}");
$this->graceful_shutdown_container($this->deployment_uuid);
ApplicationStatusChanged::dispatch(data_get($this->application, 'environment.project.team.id'));
}
@@ -1366,13 +1361,8 @@ class ApplicationDeploymentJob implements ShouldBeEncrypted, ShouldQueue
}
}
$this->application_deployment_queue->addLogEntry("Preparing container with helper image: $helperImage.");
$this->execute_remote_command(
[
'command' => "docker rm -f {$this->deployment_uuid}",
'ignore_errors' => true,
'hidden' => true,
]
);
$this->application_deployment_queue->addLogEntry("Starting graceful shutdown container: {$this->deployment_uuid}");
$this->graceful_shutdown_container($this->deployment_uuid);
$this->execute_remote_command(
[
$runCommand,

46
app/Jobs/RestartProxyJob.php Normal file
View File

@@ -0,0 +1,46 @@
<?php
namespace App\Jobs;
use App\Actions\Proxy\CheckProxy;
use App\Actions\Proxy\StartProxy;
use App\Actions\Proxy\StopProxy;
use App\Models\Server;
use Illuminate\Bus\Queueable;
use Illuminate\Contracts\Queue\ShouldBeEncrypted;
use Illuminate\Contracts\Queue\ShouldQueue;
use Illuminate\Foundation\Bus\Dispatchable;
use Illuminate\Queue\InteractsWithQueue;
use Illuminate\Queue\Middleware\WithoutOverlapping;
use Illuminate\Queue\SerializesModels;
class RestartProxyJob implements ShouldBeEncrypted, ShouldQueue
{
use Dispatchable, InteractsWithQueue, Queueable, SerializesModels;
public $tries = 1;
public $timeout = 60;
public function middleware(): array
{
return [(new WithoutOverlapping($this->server->uuid))->dontRelease()];
}
public function __construct(public Server $server) {}
public function handle()
{
try {
StopProxy::run($this->server);
$this->server->proxy->force_stop = false;
$this->server->save();
StartProxy::run($this->server, force: true);
CheckProxy::run($this->server, true);
} catch (\Throwable $e) {
return handleError($e);
}
}
}

43
app/Livewire/Server/Proxy/Deploy.php
View File

@@ -4,11 +4,10 @@ namespace App\Livewire\Server\Proxy;
use App\Actions\Proxy\CheckProxy;
use App\Actions\Proxy\StartProxy;
use App\Actions\Proxy\StopProxy;
use App\Events\ProxyStatusChanged;
use App\Jobs\RestartProxyJob;
use App\Models\Server;
use Carbon\Carbon;
use Illuminate\Process\InvokedProcess;
use Illuminate\Support\Facades\Process;
use Livewire\Component;
class Deploy extends Component
@@ -65,6 +64,7 @@ class Deploy extends Component
public function restart()
{
try {
RestartProxyJob::dispatch($this->server);
$this->dispatch('checkProxy');
} catch (\Throwable $e) {
return handleError($e, $this);
@@ -97,43 +97,10 @@ class Deploy extends Component
public function stop(bool $forceStop = true)
{
try {
$containerName = $this->server->isSwarm() ? 'coolify-proxy_traefik' : 'coolify-proxy';
$timeout = 30;
$process = $this->stopContainer($containerName, $timeout);
$startTime = Carbon::now()->getTimestamp();
while ($process->running()) {
if (Carbon::now()->getTimestamp() - $startTime >= $timeout) {
$this->forceStopContainer($containerName);
break;
}
usleep(100000);
}
$this->removeContainer($containerName);
StopProxy::run($this->server, $forceStop);
$this->dispatch('proxyStatusUpdated');
} catch (\Throwable $e) {
return handleError($e, $this);
} finally {
$this->server->proxy->force_stop = $forceStop;
$this->server->proxy->status = 'exited';
$this->server->save();
$this->dispatch('proxyStatusUpdated');
}
}
private function stopContainer(string $containerName, int $timeout): InvokedProcess
{
return Process::timeout($timeout)->start("docker stop --time=$timeout $containerName");
}
private function forceStopContainer(string $containerName)
{
instant_remote_process(["docker kill $containerName"], $this->server, throwError: false);
}
private function removeContainer(string $containerName)
{
instant_remote_process(["docker rm -f $containerName"], $this->server, throwError: false);
}
}

7
app/Livewire/SettingsBackup.php
View File

@@ -15,6 +15,8 @@ class SettingsBackup extends Component
{
public InstanceSettings $settings;
public Server $server;
public ?StandalonePostgresql $database = null;
public ScheduledDatabaseBackup|null|array $backup = [];
@@ -46,6 +48,7 @@ class SettingsBackup extends Component
return redirect()->route('dashboard');
} else {
$settings = instanceSettings();
$this->server = Server::findOrFail(0);
$this->database = StandalonePostgresql::whereName('coolify-db')->first();
$s3s = S3Storage::whereTeamId(0)->get() ?? [];
if ($this->database) {
@@ -60,6 +63,10 @@ class SettingsBackup extends Component
$this->database->save();
}
$this->backup = $this->database->scheduledBackups->first();
if ($this->backup && ! $this->server->isFunctional()) {
$this->backup->enabled = false;
$this->backup->save();
}
$this->executions = $this->backup->executions;
}
$this->settings = $settings;

4
app/Livewire/SettingsEmail.php
View File

@@ -4,7 +4,7 @@ namespace App\Livewire;
use App\Models\InstanceSettings;
use App\Models\Team;
use App\Notifications\Test;
use App\Notifications\TransactionalEmails\Test;
use Illuminate\Support\Facades\RateLimiter;
use Livewire\Attributes\Locked;
use Livewire\Attributes\Validate;
@@ -225,7 +225,7 @@ class SettingsEmail extends Component
'test-email:'.$this->team->id,
$perMinute = 0,
function () {
$this->team?->notify(new Test($this->testEmailAddress, 'email'));
$this->team?->notify(new Test($this->testEmailAddress));
$this->dispatch('success', 'Test Email sent.');
},
$decaySeconds = 10,

7
app/Notifications/Channels/EmailChannel.php
View File

@@ -12,8 +12,9 @@ class EmailChannel
public function send(SendsEmail $notifiable, Notification $notification): void
{
$useInstanceEmailSettings = $notifiable->emailNotificationSettings->use_instance_email_settings;
$isTransactionalEmail = data_get($notification, 'isTransactionalEmail', false);
$customEmails = data_get($notification, 'emails', null);
if ($useInstanceEmailSettings) {
if ($useInstanceEmailSettings || $isTransactionalEmail) {
$settings = instanceSettings();
} else {
$settings = $notifiable->emailNotificationSettings;
@@ -49,8 +50,8 @@ class EmailChannel
$settings->smtp_port,
$encryption
);
$transport->setUsername($settings->smtp_username);
$transport->setPassword($settings->smtp_password);
$transport->setUsername($settings->smtp_username ?? '');
$transport->setPassword($settings->smtp_password ?? '');
$mailer = new \Symfony\Component\Mailer\Mailer($transport);

2
app/Notifications/TransactionalEmails/InvitationLink.php
View File

@@ -16,7 +16,7 @@ class InvitationLink extends CustomEmailNotification
return [TransactionalEmailChannel::class];
}
public function __construct(public User $user)
public function __construct(public User $user, public bool $isTransactionalEmail = true)
{
$this->onQueue('high');
}

2
app/Notifications/TransactionalEmails/ResetPassword.php
View File

@@ -17,7 +17,7 @@ class ResetPassword extends Notification
public InstanceSettings $settings;
public function __construct($token)
public function __construct($token, public bool $isTransactionalEmail = true)
{
$this->settings = instanceSettings();
$this->token = $token;

2
app/Notifications/TransactionalEmails/Test.php
View File

@@ -8,7 +8,7 @@ use Illuminate\Notifications\Messages\MailMessage;
class Test extends CustomEmailNotification
{
public function __construct(public string $emails)
public function __construct(public string $emails, public bool $isTransactionalEmail = true)
{
$this->onQueue('high');
}