Dokploy/dokploy
1
0
Fork 0
mirror of https://github.com/Dokploy/dokploy synced 2025-06-26 18:27:59 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

refactor(cloud): add validation to prevent access to shared resources

Browse Source
This commit is contained in:
Mauricio Siu
2024-10-04 20:44:57 -06:00
parent 5cebf5540a
commit 7c4987d84d
14 changed files with 353 additions and 146 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
apps/dokploy/components/dashboard/settings/git/github/add-github-provider.tsx
View File

@@ -11,7 +11,6 @@ import {
import { Input } from "@/components/ui/input";
import { Switch } from "@/components/ui/switch";
import { api } from "@/utils/api";
import { useUrl } from "@/utils/hooks/use-url";
import { format } from "date-fns";
import { useEffect, useState } from "react";

67
apps/dokploy/components/layouts/navigation-tabs.tsx
View File

@@ -11,6 +11,7 @@ interface TabInfo {
tabLabel?: string;
description: string;
index: string;
type: TabState;
isShow?: ({ rol, user }: { rol?: Auth["rol"]; user?: User }) => boolean;
}
@@ -23,19 +24,24 @@ export type TabState =
| "docker";
const getTabMaps = (isCloud: boolean) => {
const tabMap: Record<TabState | undefined, TabInfo> = {
projects: {
const elements: TabInfo[] = [
{
label: "Projects",
description: "Manage your projects",
index: "/dashboard/projects",
type: "projects",
},
...(!isCloud && {
monitoring: {
];
if (!isCloud) {
elements.push(
{
label: "Monitoring",
description: "Monitor your projects",
index: "/dashboard/monitoring",
type: "monitoring",
},
traefik: {
{
label: "Traefik",
tabLabel: "Traefik File System",
description: "Manage your traefik",
@@ -43,35 +49,39 @@ const getTabMaps = (isCloud: boolean) => {
isShow: ({ rol, user }) => {
return Boolean(rol === "admin" || user?.canAccessToTraefikFiles);
},
type: "traefik",
},
docker: {
{
label: "Docker",
description: "Manage your docker",
index: "/dashboard/docker",
isShow: ({ rol, user }) => {
return Boolean(rol === "admin" || user?.canAccessToDocker);
},
type: "docker",
},
requests: {
{
label: "Requests",
description: "Manage your requests",
index: "/dashboard/requests",
isShow: ({ rol, user }) => {
return Boolean(rol === "admin" || user?.canAccessToDocker);
},
type: "requests",
},
}),
);
}
settings: {
label: "Settings",
description: "Manage your settings",
index: isCloud
? "/dashboard/settings/profile"
: "/dashboard/settings/server",
},
};
elements.push({
label: "Settings",
description: "Manage your settings",
type: "settings",
index: isCloud
? "/dashboard/settings/profile"
: "/dashboard/settings/server",
});
return tabMap;
return elements;
};
interface Props {
@@ -99,7 +109,7 @@ export const NavigationTabs = ({ tab, children }: Props) => {
}, [tab]);
const activeTabInfo = useMemo(() => {
return tabMap[activeTab];
return tabMap.find((tab) => tab.type === activeTab);
}, [activeTab]);
return (
@@ -107,10 +117,10 @@ export const NavigationTabs = ({ tab, children }: Props) => {
<header className="mb-6 flex w-full items-center gap-2 justify-between flex-wrap">
<div className="flex flex-col gap-2">
<h1 className="text-xl font-bold lg:text-3xl">
{activeTabInfo.label}
{activeTabInfo?.label}
</h1>
<p className="lg:text-medium text-muted-foreground">
{activeTabInfo.description}
{activeTabInfo?.description}
</p>
</div>
{tab === "projects" &&
@@ -122,27 +132,26 @@ export const NavigationTabs = ({ tab, children }: Props) => {
className="w-full"
onValueChange={async (e) => {
setActiveTab(e as TabState);
router.push(tabMap[e as TabState].index);
const tab = tabMap.find((tab) => tab.type === e);
router.push(tab?.index || "");
}}
>
{/* className="grid w-fit grid-cols-4 bg-transparent" */}
<div className="flex flex-row items-center justify-between w-full gap-4 max-sm:overflow-x-auto border-b border-b-divider pb-1">
<TabsList className="bg-transparent relative px-0">
{Object.keys(tabMap).map((key) => {
const tab = tabMap[key as TabState];
if (tab.isShow && !tab.isShow?.({ rol: data?.rol, user })) {
{tabMap.map((tab, index) => {
if (tab?.isShow && !tab?.isShow?.({ rol: data?.rol, user })) {
return null;
}
return (
<TabsTrigger
key={key}
value={key}
key={tab.type}
value={tab.type}
className="relative py-2.5 md:px-5 data-[state=active]:shadow-none data-[state=active]:bg-transparent rounded-md hover:bg-zinc-100 hover:dark:bg-zinc-800 data-[state=active]:hover:bg-zinc-100 data-[state=active]:hover:dark:bg-zinc-800"
>
<span className="relative z-[1] w-full">
{tab.tabLabel || tab.label}
{tab?.tabLabel || tab?.label}
</span>
{key === activeTab && (
{tab.type === activeTab && (
<div className="absolute -bottom-[5.5px] w-full">
<div className="h-0.5 bg-foreground rounded-t-md" />
</div>

16
apps/dokploy/components/layouts/settings-layout.tsx
View File

@@ -48,12 +48,16 @@ export const SettingsLayout = ({ children }: Props) => {
icon: Database,
href: "/dashboard/settings/destinations",
},
{
title: "Certificates",
label: "",
icon: ShieldCheck,
href: "/dashboard/settings/certificates",
},
...(!isCloud
? [
{
title: "Certificates",
label: "",
icon: ShieldCheck,
href: "/dashboard/settings/certificates",
},
]
: []),
{
title: "SSH Keys",
label: "",

2
apps/dokploy/pages/api/deploy/github.ts
View File

@@ -23,7 +23,7 @@ export default async function handler(
const signature = req.headers["x-hub-signature-256"];
const githubBody = req.body;
if (!githubBody?.installation.id) {
if (!githubBody?.installation?.id) {
res.status(400).json({ message: "Github Installation not found" });
return;
}

40
apps/dokploy/pages/api/providers/github/setup.ts
View File

@@ -1,4 +1,9 @@
import { createGithub } from "@dokploy/builders";
import {
createGithub,
findAdminByAuthId,
findAuthById,
findUserByAuthId,
} from "@dokploy/builders";
import { db } from "@/server/db";
import { github } from "@/server/db/schema";
import { eq } from "drizzle-orm";
@@ -34,16 +39,29 @@ export default async function handler(
},
);
await createGithub({
name: data.name,
githubAppName: data.html_url,
githubAppId: data.id,
githubClientId: data.client_id,
githubClientSecret: data.client_secret,
githubWebhookSecret: data.webhook_secret,
githubPrivateKey: data.pem,
authId: value as string,
});
const auth = await findAuthById(value as string);
let adminId = "";
if (auth.rol === "admin") {
const admin = await findAdminByAuthId(auth.id);
adminId = admin.adminId;
} else {
const user = await findUserByAuthId(auth.id);
adminId = user.adminId;
}
await createGithub(
{
name: data.name,
githubAppName: data.html_url,
githubAppId: data.id,
githubClientId: data.client_id,
githubClientSecret: data.client_secret,
githubWebhookSecret: data.webhook_secret,
githubPrivateKey: data.pem,
},
adminId,
);
} else if (action === "gh_setup") {
await db
.update(github)

2
apps/dokploy/server/api/routers/auth.ts
View File

@@ -220,7 +220,7 @@ export const authRouter = createTRPCRouter({
lucia.createSessionCookie(session.id).serialize(),
);
return auth;
return true;
}),
disable2FA: protectedProcedure.mutation(async ({ ctx }) => {
const auth = await findAuthById(ctx.user.authId);

79
apps/dokploy/server/api/routers/bitbucket.ts
View File

@@ -14,6 +14,7 @@ import {
createBitbucket,
findBitbucketById,
updateBitbucket,
IS_CLOUD,
} from "@dokploy/builders";
import { TRPCError } from "@trpc/server";
@@ -33,11 +34,22 @@ export const bitbucketRouter = createTRPCRouter({
}),
one: protectedProcedure
.input(apiFindOneBitbucket)
.query(async ({ input }) => {
return await findBitbucketById(input.bitbucketId);
.query(async ({ input, ctx }) => {
const bitbucketProvider = await findBitbucketById(input.bitbucketId);
if (
IS_CLOUD &&
bitbucketProvider.gitProvider.adminId !== ctx.user.adminId
) {
//TODO: Remove this line when the cloud version is ready
throw new TRPCError({
code: "UNAUTHORIZED",
message: "You are not allowed to access this bitbucket provider",
});
}
return bitbucketProvider;
}),
bitbucketProviders: protectedProcedure.query(async () => {
const result = await db.query.bitbucket.findMany({
bitbucketProviders: protectedProcedure.query(async ({ ctx }) => {
let result = await db.query.bitbucket.findMany({
with: {
gitProvider: true,
},
@@ -45,23 +57,65 @@ export const bitbucketRouter = createTRPCRouter({
bitbucketId: true,
},
});
if (IS_CLOUD) {
// TODO: mAyBe a rEfaCtoR 🤫
result = result.filter(
(provider) => provider.gitProvider.adminId === ctx.user.adminId,
);
}
return result;
}),
getBitbucketRepositories: protectedProcedure
.input(apiFindOneBitbucket)
.query(async ({ input }) => {
.query(async ({ input, ctx }) => {
const bitbucketProvider = await findBitbucketById(input.bitbucketId);
if (
IS_CLOUD &&
bitbucketProvider.gitProvider.adminId !== ctx.user.adminId
) {
//TODO: Remove this line when the cloud version is ready
throw new TRPCError({
code: "UNAUTHORIZED",
message: "You are not allowed to access this bitbucket provider",
});
}
return await getBitbucketRepositories(input.bitbucketId);
}),
getBitbucketBranches: protectedProcedure
.input(apiFindBitbucketBranches)
.query(async ({ input }) => {
.query(async ({ input, ctx }) => {
const bitbucketProvider = await findBitbucketById(
input.bitbucketId || "",
);
if (
IS_CLOUD &&
bitbucketProvider.gitProvider.adminId !== ctx.user.adminId
) {
//TODO: Remove this line when the cloud version is ready
throw new TRPCError({
code: "UNAUTHORIZED",
message: "You are not allowed to access this bitbucket provider",
});
}
return await getBitbucketBranches(input);
}),
testConnection: protectedProcedure
.input(apiBitbucketTestConnection)
.mutation(async ({ input }) => {
.mutation(async ({ input, ctx }) => {
try {
const bitbucketProvider = await findBitbucketById(input.bitbucketId);
if (
IS_CLOUD &&
bitbucketProvider.gitProvider.adminId !== ctx.user.adminId
) {
//TODO: Remove this line when the cloud version is ready
throw new TRPCError({
code: "UNAUTHORIZED",
message: "You are not allowed to access this bitbucket provider",
});
}
const result = await testBitbucketConnection(input);
return `Found ${result} repositories`;
@@ -75,6 +129,17 @@ export const bitbucketRouter = createTRPCRouter({
update: protectedProcedure
.input(apiUpdateBitbucket)
.mutation(async ({ input, ctx }) => {
const bitbucketProvider = await findBitbucketById(input.bitbucketId);
if (
IS_CLOUD &&
bitbucketProvider.gitProvider.adminId !== ctx.user.adminId
) {
//TODO: Remove this line when the cloud version is ready
throw new TRPCError({
code: "UNAUTHORIZED",
message: "You are not allowed to access this bitbucket provider",
});
}
return await updateBitbucket(input.bitbucketId, {
...input,
adminId: ctx.user.adminId,

22
apps/dokploy/server/api/routers/git-provider.ts
View File

@@ -3,7 +3,11 @@ import { db } from "@/server/db";
import { apiRemoveGitProvider, gitProvider } from "@/server/db/schema";
import { TRPCError } from "@trpc/server";
import { desc, eq } from "drizzle-orm";
import { findGitProviderById, removeGitProvider } from "@dokploy/builders";
import {
findGitProviderById,
IS_CLOUD,
removeGitProvider,
} from "@dokploy/builders";
export const gitProviderRouter = createTRPCRouter({
getAll: protectedProcedure.query(async ({ ctx }) => {
@@ -14,7 +18,8 @@ export const gitProviderRouter = createTRPCRouter({
github: true,
},
orderBy: desc(gitProvider.createdAt),
// where: eq(gitProvider.adminId, ctx.user.adminId), //TODO: Remove this line when the cloud version is ready
...(IS_CLOUD && { where: eq(gitProvider.adminId, ctx.user.adminId) }),
//TODO: Remove this line when the cloud version is ready
});
}),
remove: protectedProcedure
@@ -23,12 +28,13 @@ export const gitProviderRouter = createTRPCRouter({
try {
const gitProvider = await findGitProviderById(input.gitProviderId);
// if (gitProvider.adminId !== ctx.user.adminId) {
// throw new TRPCError({
// code: "UNAUTHORIZED",
// message: "You are not allowed to delete this git provider",
// });
// }
if (IS_CLOUD && gitProvider.adminId !== ctx.user.adminId) {
// TODO: Remove isCloud in the next versions of dokploy
throw new TRPCError({
code: "UNAUTHORIZED",
message: "You are not allowed to delete this git provider",
});
}
return await removeGitProvider(input.gitProviderId);
} catch (error) {
throw new TRPCError({

71
apps/dokploy/server/api/routers/github.ts
View File

@@ -12,6 +12,7 @@ import {
findGithubById,
haveGithubRequirements,
updateGitProvider,
IS_CLOUD,
} from "@dokploy/builders";
export const githubRouter = createTRPCRouter({
@@ -19,31 +20,55 @@ export const githubRouter = createTRPCRouter({
.input(apiFindOneGithub)
.query(async ({ input, ctx }) => {
const githubProvider = await findGithubById(input.githubId);
// if (githubProvider.gitProvider.adminId !== ctx.user.adminId) { //TODO: Remove this line when the cloud version is ready
// throw new TRPCError({
// code: "UNAUTHORIZED",
// message: "You are not allowed to access this github provider",
// });
// }
if (IS_CLOUD && githubProvider.gitProvider.adminId !== ctx.user.adminId) {
//TODO: Remove this line when the cloud version is ready
throw new TRPCError({
code: "UNAUTHORIZED",
message: "You are not allowed to access this github provider",
});
}
return githubProvider;
}),
getGithubRepositories: protectedProcedure
.input(apiFindOneGithub)
.query(async ({ input }) => {
.query(async ({ input, ctx }) => {
const githubProvider = await findGithubById(input.githubId);
if (IS_CLOUD && githubProvider.gitProvider.adminId !== ctx.user.adminId) {
//TODO: Remove this line when the cloud version is ready
throw new TRPCError({
code: "UNAUTHORIZED",
message: "You are not allowed to access this github provider",
});
}
return await getGithubRepositories(input.githubId);
}),
getGithubBranches: protectedProcedure
.input(apiFindGithubBranches)
.query(async ({ input }) => {
.query(async ({ input, ctx }) => {
const githubProvider = await findGithubById(input.githubId || "");
if (IS_CLOUD && githubProvider.gitProvider.adminId !== ctx.user.adminId) {
//TODO: Remove this line when the cloud version is ready
throw new TRPCError({
code: "UNAUTHORIZED",
message: "You are not allowed to access this github provider",
});
}
return await getGithubBranches(input);
}),
githubProviders: protectedProcedure.query(async () => {
const result = await db.query.github.findMany({
githubProviders: protectedProcedure.query(async ({ ctx }) => {
let result = await db.query.github.findMany({
with: {
gitProvider: true,
},
});
if (IS_CLOUD) {
// TODO: mAyBe a rEfaCtoR 🤫
result = result.filter(
(provider) => provider.gitProvider.adminId === ctx.user.adminId,
);
}
const filtered = result
.filter((provider) => haveGithubRequirements(provider))
.map((provider) => {
@@ -60,8 +85,19 @@ export const githubRouter = createTRPCRouter({
testConnection: protectedProcedure
.input(apiFindOneGithub)
.mutation(async ({ input }) => {
.mutation(async ({ input, ctx }) => {
try {
const githubProvider = await findGithubById(input.githubId);
if (
IS_CLOUD &&
githubProvider.gitProvider.adminId !== ctx.user.adminId
) {
//TODO: Remove this line when the cloud version is ready
throw new TRPCError({
code: "UNAUTHORIZED",
message: "You are not allowed to access this github provider",
});
}
const result = await getGithubRepositories(input.githubId);
return `Found ${result.length} repositories`;
} catch (err) {
@@ -75,12 +111,13 @@ export const githubRouter = createTRPCRouter({
.input(apiUpdateGithub)
.mutation(async ({ input, ctx }) => {
const githubProvider = await findGithubById(input.githubId);
// if (githubProvider.gitProvider.adminId !== ctx.user.adminId) { //TODO: Remove this line when the cloud version is ready
// throw new TRPCError({
// code: "UNAUTHORIZED",
// message: "You are not allowed to access this github provider",
// });
// }
if (IS_CLOUD && githubProvider.gitProvider.adminId !== ctx.user.adminId) {
//TODO: Remove this line when the cloud version is ready
throw new TRPCError({
code: "UNAUTHORIZED",
message: "You are not allowed to access this github provider",
});
}
await updateGitProvider(input.gitProviderId, {
name: input.name,
adminId: ctx.user.adminId,

69
apps/dokploy/server/api/routers/gitlab.ts
View File

@@ -18,6 +18,7 @@ import {
findGitlabById,
updateGitlab,
updateGitProvider,
IS_CLOUD,
} from "@dokploy/builders";
export const gitlabRouter = createTRPCRouter({
@@ -34,15 +35,32 @@ export const gitlabRouter = createTRPCRouter({
});
}
}),
one: protectedProcedure.input(apiFindOneGitlab).query(async ({ input }) => {
return await findGitlabById(input.gitlabId);
}),
gitlabProviders: protectedProcedure.query(async () => {
const result = await db.query.gitlab.findMany({
one: protectedProcedure
.input(apiFindOneGitlab)
.query(async ({ input, ctx }) => {
const gitlabProvider = await findGitlabById(input.gitlabId);
if (IS_CLOUD && gitlabProvider.gitProvider.adminId !== ctx.user.adminId) {
//TODO: Remove this line when the cloud version is ready
throw new TRPCError({
code: "UNAUTHORIZED",
message: "You are not allowed to access this gitlab provider",
});
}
return gitlabProvider;
}),
gitlabProviders: protectedProcedure.query(async ({ ctx }) => {
let result = await db.query.gitlab.findMany({
with: {
gitProvider: true,
},
});
if (IS_CLOUD) {
// TODO: mAyBe a rEfaCtoR 🤫
result = result.filter(
(provider) => provider.gitProvider.adminId === ctx.user.adminId,
);
}
const filtered = result
.filter((provider) => haveGitlabRequirements(provider))
.map((provider) => {
@@ -58,19 +76,46 @@ export const gitlabRouter = createTRPCRouter({
}),
getGitlabRepositories: protectedProcedure
.input(apiFindOneGitlab)
.query(async ({ input }) => {
.query(async ({ input, ctx }) => {
const gitlabProvider = await findGitlabById(input.gitlabId);
if (IS_CLOUD && gitlabProvider.gitProvider.adminId !== ctx.user.adminId) {
//TODO: Remove this line when the cloud version is ready
throw new TRPCError({
code: "UNAUTHORIZED",
message: "You are not allowed to access this gitlab provider",
});
}
return await getGitlabRepositories(input.gitlabId);
}),
getGitlabBranches: protectedProcedure
.input(apiFindGitlabBranches)
.query(async ({ input }) => {
.query(async ({ input, ctx }) => {
const gitlabProvider = await findGitlabById(input.gitlabId || "");
if (IS_CLOUD && gitlabProvider.gitProvider.adminId !== ctx.user.adminId) {
//TODO: Remove this line when the cloud version is ready
throw new TRPCError({
code: "UNAUTHORIZED",
message: "You are not allowed to access this gitlab provider",
});
}
return await getGitlabBranches(input);
}),
testConnection: protectedProcedure
.input(apiGitlabTestConnection)
.mutation(async ({ input }) => {
.mutation(async ({ input, ctx }) => {
try {
const gitlabProvider = await findGitlabById(input.gitlabId || "");
if (
IS_CLOUD &&
gitlabProvider.gitProvider.adminId !== ctx.user.adminId
) {
//TODO: Remove this line when the cloud version is ready
throw new TRPCError({
code: "UNAUTHORIZED",
message: "You are not allowed to access this gitlab provider",
});
}
const result = await testGitlabConnection(input);
return `Found ${result} repositories`;
@@ -84,6 +129,14 @@ export const gitlabRouter = createTRPCRouter({
update: protectedProcedure
.input(apiUpdateGitlab)
.mutation(async ({ input, ctx }) => {
const gitlabProvider = await findGitlabById(input.gitlabId);
if (IS_CLOUD && gitlabProvider.gitProvider.adminId !== ctx.user.adminId) {
//TODO: Remove this line when the cloud version is ready
throw new TRPCError({
code: "UNAUTHORIZED",
message: "You are not allowed to access this gitlab provider",
});
}
if (input.name) {
await updateGitProvider(input.gitProviderId, {
name: input.name,

82
apps/dokploy/server/api/routers/notification.ts
View File

@@ -37,6 +37,7 @@ import {
sendEmailNotification,
sendSlackNotification,
sendTelegramNotification,
IS_CLOUD,
} from "@dokploy/builders";
// TODO: Uncomment the validations when is cloud ready
@@ -59,12 +60,13 @@ export const notificationRouter = createTRPCRouter({
.mutation(async ({ input, ctx }) => {
try {
const notification = await findNotificationById(input.notificationId);
// if (notification.adminId !== ctx.user.adminId) {
// throw new TRPCError({
// code: "UNAUTHORIZED",
// message: "You are not authorized to update this notification",
// });
// }
if (IS_CLOUD && notification.adminId !== ctx.user.adminId) {
// TODO: Remove isCloud in the next versions of dokploy
throw new TRPCError({
code: "UNAUTHORIZED",
message: "You are not authorized to update this notification",
});
}
return await updateSlackNotification({
...input,
adminId: ctx.user.adminId,
@@ -109,12 +111,13 @@ export const notificationRouter = createTRPCRouter({
.mutation(async ({ input, ctx }) => {
try {
const notification = await findNotificationById(input.notificationId);
// if (notification.adminId !== ctx.user.adminId) {
// throw new TRPCError({
// code: "UNAUTHORIZED",
// message: "You are not authorized to update this notification",
// });
// }
if (IS_CLOUD && notification.adminId !== ctx.user.adminId) {
// TODO: Remove isCloud in the next versions of dokploy
throw new TRPCError({
code: "UNAUTHORIZED",
message: "You are not authorized to update this notification",
});
}
return await updateTelegramNotification({
...input,
adminId: ctx.user.adminId,
@@ -166,12 +169,13 @@ export const notificationRouter = createTRPCRouter({
.mutation(async ({ input, ctx }) => {
try {
const notification = await findNotificationById(input.notificationId);
// if (notification.adminId !== ctx.user.adminId) {
// throw new TRPCError({
// code: "UNAUTHORIZED",
// message: "You are not authorized to update this notification",
// });
// }
if (IS_CLOUD && notification.adminId !== ctx.user.adminId) {
// TODO: Remove isCloud in the next versions of dokploy
throw new TRPCError({
code: "UNAUTHORIZED",
message: "You are not authorized to update this notification",
});
}
return await updateDiscordNotification({
...input,
adminId: ctx.user.adminId,
@@ -220,12 +224,13 @@ export const notificationRouter = createTRPCRouter({
.mutation(async ({ input, ctx }) => {
try {
const notification = await findNotificationById(input.notificationId);
// if (notification.adminId !== ctx.user.adminId) {
// throw new TRPCError({
// code: "UNAUTHORIZED",
// message: "You are not authorized to update this notification",
// });
// }
if (IS_CLOUD && notification.adminId !== ctx.user.adminId) {
// TODO: Remove isCloud in the next versions of dokploy
throw new TRPCError({
code: "UNAUTHORIZED",
message: "You are not authorized to update this notification",
});
}
return await updateEmailNotification({
...input,
adminId: ctx.user.adminId,
@@ -261,12 +266,13 @@ export const notificationRouter = createTRPCRouter({
.mutation(async ({ input, ctx }) => {
try {
const notification = await findNotificationById(input.notificationId);
// if (notification.adminId !== ctx.user.adminId) {
// throw new TRPCError({
// code: "UNAUTHORIZED",
// message: "You are not authorized to delete this notification",
// });
// }
if (IS_CLOUD && notification.adminId !== ctx.user.adminId) {
// TODO: Remove isCloud in the next versions of dokploy
throw new TRPCError({
code: "UNAUTHORIZED",
message: "You are not authorized to delete this notification",
});
}
return await removeNotificationById(input.notificationId);
} catch (error) {
throw new TRPCError({
@@ -279,12 +285,13 @@ export const notificationRouter = createTRPCRouter({
.input(apiFindOneNotification)
.query(async ({ input, ctx }) => {
const notification = await findNotificationById(input.notificationId);
// if (notification.adminId !== ctx.user.adminId) {
// throw new TRPCError({
// code: "UNAUTHORIZED",
// message: "You are not authorized to access this notification",
// });
// }
if (IS_CLOUD && notification.adminId !== ctx.user.adminId) {
// TODO: Remove isCloud in the next versions of dokploy
throw new TRPCError({
code: "UNAUTHORIZED",
message: "You are not authorized to access this notification",
});
}
return notification;
}),
all: adminProcedure.query(async ({ ctx }) => {
@@ -296,7 +303,8 @@ export const notificationRouter = createTRPCRouter({
email: true,
},
orderBy: desc(notifications.createdAt),
// where: eq(notifications.adminId, ctx.user.adminId),
...(IS_CLOUD && { where: eq(notifications.adminId, ctx.user.adminId) }),
// TODO: Remove this line when the cloud version is ready
});
}),
});

7
apps/dokploy/server/api/routers/settings.ts
View File

@@ -484,7 +484,10 @@ export const settingsRouter = createTRPCRouter({
.input(apiReadStatsLogs)
.query(({ input }) => {
if (IS_CLOUD) {
return true;
return {
data: [],
totalCount: 0,
};
}
const rawConfig = readMonitoringConfig();
const parsedConfig = parseRawConfig(
@@ -499,7 +502,7 @@ export const settingsRouter = createTRPCRouter({
}),
readStats: adminProcedure.query(() => {
if (IS_CLOUD) {
return true;
return [];
}
const rawConfig = readMonitoringConfig();
const processedLogs = processLogs(rawConfig as string);

40
apps/dokploy/server/api/routers/ssh-key.ts
View File

@@ -15,7 +15,9 @@ import {
findSSHKeyById,
removeSSHKeyById,
updateSSHKeyById,
IS_CLOUD,
} from "@dokploy/builders";
import { eq } from "drizzle-orm";
export const sshRouter = createTRPCRouter({
create: protectedProcedure
@@ -39,12 +41,14 @@ export const sshRouter = createTRPCRouter({
.mutation(async ({ input, ctx }) => {
try {
const sshKey = await findSSHKeyById(input.sshKeyId);
// if (sshKey.adminId !== ctx.user.adminId) {
// throw new TRPCError({
// code: "UNAUTHORIZED",
// message: "You are not allowed to delete this ssh key",
// });
// }
if (IS_CLOUD && sshKey.adminId !== ctx.user.adminId) {
// TODO: Remove isCloud in the next versions of dokploy
throw new TRPCError({
code: "UNAUTHORIZED",
message: "You are not allowed to delete this ssh key",
});
}
return await removeSSHKeyById(input.sshKeyId);
} catch (error) {
throw error;
@@ -55,7 +59,8 @@ export const sshRouter = createTRPCRouter({
.query(async ({ input, ctx }) => {
const sshKey = await findSSHKeyById(input.sshKeyId);
if (sshKey.adminId !== ctx.user.adminId) {
if (IS_CLOUD && sshKey.adminId !== ctx.user.adminId) {
// TODO: Remove isCloud in the next versions of dokploy
throw new TRPCError({
code: "UNAUTHORIZED",
message: "You are not allowed to access this ssh key",
@@ -64,10 +69,10 @@ export const sshRouter = createTRPCRouter({
return sshKey;
}),
all: protectedProcedure.query(async ({ ctx }) => {
return await db.query.sshKeys.findMany({});
// return await db.query.sshKeys.findMany({
// where: eq(sshKeys.adminId, ctx.user.adminId),
// }); // TODO: Remove this line when the cloud version is ready
return await db.query.sshKeys.findMany({
...(IS_CLOUD && { where: eq(sshKeys.adminId, ctx.user.adminId) }),
});
// TODO: Remove this line when the cloud version is ready
}),
generate: protectedProcedure
.input(apiGenerateSSHKey)
@@ -79,12 +84,13 @@ export const sshRouter = createTRPCRouter({
.mutation(async ({ input, ctx }) => {
try {
const sshKey = await findSSHKeyById(input.sshKeyId);
// if (sshKey.adminId !== ctx.user.adminId) {
// throw new TRPCError({
// code: "UNAUTHORIZED",
// message: "You are not allowed to update this ssh key",
// });
// }
if (IS_CLOUD && sshKey.adminId !== ctx.user.adminId) {
// TODO: Remove isCloud in the next versions of dokploy
throw new TRPCError({
code: "UNAUTHORIZED",
message: "You are not allowed to update this ssh key",
});
}
return await updateSSHKeyById(input);
} catch (error) {
throw new TRPCError({

1
packages/builders/src/db/schema/github.ts
View File

@@ -40,7 +40,6 @@ export const apiCreateGithub = createSchema.extend({
githubWebhookSecret: z.string().nullable(),
gitProviderId: z.string().optional(),
name: z.string().min(1),
authId: z.string().min(1),
});
export const apiFindGithubBranches = z.object({