mirror of
https://github.com/Dokploy/dokploy
synced 2025-06-26 18:27:59 +00:00
refactor(cloud): add validation to prevent access to resources from another admin
This commit is contained in:
Mauricio Siu
@@ -20,9 +20,9 @@ import { TRPCError } from "@trpc/server";
|
||||
export const bitbucketRouter = createTRPCRouter({
|
||||
create: protectedProcedure
|
||||
.input(apiCreateBitbucket)
|
||||
.mutation(async ({ input }) => {
|
||||
.mutation(async ({ input, ctx }) => {
|
||||
try {
|
||||
return await createBitbucket(input);
|
||||
return await createBitbucket(input, ctx.user.adminId);
|
||||
} catch (error) {
|
||||
throw new TRPCError({
|
||||
code: "BAD_REQUEST",
|
||||
@@ -74,7 +74,10 @@ export const bitbucketRouter = createTRPCRouter({
|
||||
}),
|
||||
update: protectedProcedure
|
||||
.input(apiUpdateBitbucket)
|
||||
.mutation(async ({ input }) => {
|
||||
return await updateBitbucket(input.bitbucketId, input);
|
||||
.mutation(async ({ input, ctx }) => {
|
||||
return await updateBitbucket(input.bitbucketId, {
|
||||
...input,
|
||||
adminId: ctx.user.adminId,
|
||||
});
|
||||
}),
|
||||
});
|
||||
|
||||
@@ -15,9 +15,18 @@ import {
|
||||
} from "@dokploy/builders";
|
||||
|
||||
export const githubRouter = createTRPCRouter({
|
||||
one: protectedProcedure.input(apiFindOneGithub).query(async ({ input }) => {
|
||||
return await findGithubById(input.githubId);
|
||||
}),
|
||||
one: protectedProcedure
|
||||
.input(apiFindOneGithub)
|
||||
.query(async ({ input, ctx }) => {
|
||||
const githubProvider = await findGithubById(input.githubId);
|
||||
// if (githubProvider.gitProvider.adminId !== ctx.user.adminId) { //TODO: Remove this line when the cloud version is ready
|
||||
// throw new TRPCError({
|
||||
// code: "UNAUTHORIZED",
|
||||
// message: "You are not allowed to access this github provider",
|
||||
// });
|
||||
// }
|
||||
return githubProvider;
|
||||
}),
|
||||
getGithubRepositories: protectedProcedure
|
||||
.input(apiFindOneGithub)
|
||||
.query(async ({ input }) => {
|
||||
@@ -64,9 +73,17 @@ export const githubRouter = createTRPCRouter({
|
||||
}),
|
||||
update: protectedProcedure
|
||||
.input(apiUpdateGithub)
|
||||
.mutation(async ({ input }) => {
|
||||
.mutation(async ({ input, ctx }) => {
|
||||
const githubProvider = await findGithubById(input.githubId);
|
||||
// if (githubProvider.gitProvider.adminId !== ctx.user.adminId) { //TODO: Remove this line when the cloud version is ready
|
||||
// throw new TRPCError({
|
||||
// code: "UNAUTHORIZED",
|
||||
// message: "You are not allowed to access this github provider",
|
||||
// });
|
||||
// }
|
||||
await updateGitProvider(input.gitProviderId, {
|
||||
name: input.name,
|
||||
adminId: ctx.user.adminId,
|
||||
});
|
||||
}),
|
||||
});
|
||||
|
||||
@@ -23,9 +23,9 @@ import {
|
||||
export const gitlabRouter = createTRPCRouter({
|
||||
create: protectedProcedure
|
||||
.input(apiCreateGitlab)
|
||||
.mutation(async ({ input }) => {
|
||||
.mutation(async ({ input, ctx }) => {
|
||||
try {
|
||||
return await createGitlab(input);
|
||||
return await createGitlab(input, ctx.user.adminId);
|
||||
} catch (error) {
|
||||
throw new TRPCError({
|
||||
code: "BAD_REQUEST",
|
||||
@@ -83,13 +83,16 @@ export const gitlabRouter = createTRPCRouter({
|
||||
}),
|
||||
update: protectedProcedure
|
||||
.input(apiUpdateGitlab)
|
||||
.mutation(async ({ input }) => {
|
||||
.mutation(async ({ input, ctx }) => {
|
||||
if (input.name) {
|
||||
await updateGitProvider(input.gitProviderId, {
|
||||
name: input.name,
|
||||
adminId: ctx.user.adminId,
|
||||
});
|
||||
} else {
|
||||
await updateGitlab(input.gitlabId, input);
|
||||
await updateGitlab(input.gitlabId, {
|
||||
...input,
|
||||
});
|
||||
}
|
||||
}),
|
||||
});
|
||||
|
||||
@@ -21,7 +21,7 @@ import {
|
||||
notifications,
|
||||
} from "@/server/db/schema";
|
||||
import { TRPCError } from "@trpc/server";
|
||||
import { desc } from "drizzle-orm";
|
||||
import { desc, eq } from "drizzle-orm";
|
||||
import {
|
||||
createDiscordNotification,
|
||||
createEmailNotification,
|
||||
@@ -39,14 +39,14 @@ import {
|
||||
sendTelegramNotification,
|
||||
} from "@dokploy/builders";
|
||||
|
||||
// TODO: Uncomment the validations when is cloud ready
|
||||
export const notificationRouter = createTRPCRouter({
|
||||
createSlack: adminProcedure
|
||||
.input(apiCreateSlack)
|
||||
.mutation(async ({ input }) => {
|
||||
.mutation(async ({ input, ctx }) => {
|
||||
try {
|
||||
return await createSlackNotification(input);
|
||||
return await createSlackNotification(input, ctx.user.adminId);
|
||||
} catch (error) {
|
||||
console.log(error);
|
||||
throw new TRPCError({
|
||||
code: "BAD_REQUEST",
|
||||
message: "Error to create the notification",
|
||||
@@ -56,15 +56,21 @@ export const notificationRouter = createTRPCRouter({
|
||||
}),
|
||||
updateSlack: adminProcedure
|
||||
.input(apiUpdateSlack)
|
||||
.mutation(async ({ input }) => {
|
||||
.mutation(async ({ input, ctx }) => {
|
||||
try {
|
||||
return await updateSlackNotification(input);
|
||||
} catch (error) {
|
||||
throw new TRPCError({
|
||||
code: "BAD_REQUEST",
|
||||
message: "Error to update the notification",
|
||||
cause: error,
|
||||
const notification = await findNotificationById(input.notificationId);
|
||||
// if (notification.adminId !== ctx.user.adminId) {
|
||||
// throw new TRPCError({
|
||||
// code: "UNAUTHORIZED",
|
||||
// message: "You are not authorized to update this notification",
|
||||
// });
|
||||
// }
|
||||
return await updateSlackNotification({
|
||||
...input,
|
||||
adminId: ctx.user.adminId,
|
||||
});
|
||||
} catch (error) {
|
||||
throw error;
|
||||
}
|
||||
}),
|
||||
testSlackConnection: adminProcedure
|
||||
@@ -86,9 +92,9 @@ export const notificationRouter = createTRPCRouter({
|
||||
}),
|
||||
createTelegram: adminProcedure
|
||||
.input(apiCreateTelegram)
|
||||
.mutation(async ({ input }) => {
|
||||
.mutation(async ({ input, ctx }) => {
|
||||
try {
|
||||
return await createTelegramNotification(input);
|
||||
return await createTelegramNotification(input, ctx.user.adminId);
|
||||
} catch (error) {
|
||||
throw new TRPCError({
|
||||
code: "BAD_REQUEST",
|
||||
@@ -100,9 +106,19 @@ export const notificationRouter = createTRPCRouter({
|
||||
|
||||
updateTelegram: adminProcedure
|
||||
.input(apiUpdateTelegram)
|
||||
.mutation(async ({ input }) => {
|
||||
.mutation(async ({ input, ctx }) => {
|
||||
try {
|
||||
return await updateTelegramNotification(input);
|
||||
const notification = await findNotificationById(input.notificationId);
|
||||
// if (notification.adminId !== ctx.user.adminId) {
|
||||
// throw new TRPCError({
|
||||
// code: "UNAUTHORIZED",
|
||||
// message: "You are not authorized to update this notification",
|
||||
// });
|
||||
// }
|
||||
return await updateTelegramNotification({
|
||||
...input,
|
||||
adminId: ctx.user.adminId,
|
||||
});
|
||||
} catch (error) {
|
||||
throw new TRPCError({
|
||||
code: "BAD_REQUEST",
|
||||
@@ -127,7 +143,7 @@ export const notificationRouter = createTRPCRouter({
|
||||
}),
|
||||
createDiscord: adminProcedure
|
||||
.input(apiCreateDiscord)
|
||||
.mutation(async ({ input }) => {
|
||||
.mutation(async ({ input, ctx }) => {
|
||||
try {
|
||||
// go to your discord server
|
||||
// go to settings
|
||||
@@ -135,7 +151,7 @@ export const notificationRouter = createTRPCRouter({
|
||||
// add a new integration
|
||||
// select webhook
|
||||
// copy the webhook url
|
||||
return await createDiscordNotification(input);
|
||||
return await createDiscordNotification(input, ctx.user.adminId);
|
||||
} catch (error) {
|
||||
throw new TRPCError({
|
||||
code: "BAD_REQUEST",
|
||||
@@ -147,9 +163,19 @@ export const notificationRouter = createTRPCRouter({
|
||||
|
||||
updateDiscord: adminProcedure
|
||||
.input(apiUpdateDiscord)
|
||||
.mutation(async ({ input }) => {
|
||||
.mutation(async ({ input, ctx }) => {
|
||||
try {
|
||||
return await updateDiscordNotification(input);
|
||||
const notification = await findNotificationById(input.notificationId);
|
||||
// if (notification.adminId !== ctx.user.adminId) {
|
||||
// throw new TRPCError({
|
||||
// code: "UNAUTHORIZED",
|
||||
// message: "You are not authorized to update this notification",
|
||||
// });
|
||||
// }
|
||||
return await updateDiscordNotification({
|
||||
...input,
|
||||
adminId: ctx.user.adminId,
|
||||
});
|
||||
} catch (error) {
|
||||
throw new TRPCError({
|
||||
code: "BAD_REQUEST",
|
||||
@@ -178,11 +204,10 @@ export const notificationRouter = createTRPCRouter({
|
||||
}),
|
||||
createEmail: adminProcedure
|
||||
.input(apiCreateEmail)
|
||||
.mutation(async ({ input }) => {
|
||||
.mutation(async ({ input, ctx }) => {
|
||||
try {
|
||||
return await createEmailNotification(input);
|
||||
return await createEmailNotification(input, ctx.user.adminId);
|
||||
} catch (error) {
|
||||
console.log(error);
|
||||
throw new TRPCError({
|
||||
code: "BAD_REQUEST",
|
||||
message: "Error to create the notification",
|
||||
@@ -192,9 +217,19 @@ export const notificationRouter = createTRPCRouter({
|
||||
}),
|
||||
updateEmail: adminProcedure
|
||||
.input(apiUpdateEmail)
|
||||
.mutation(async ({ input }) => {
|
||||
.mutation(async ({ input, ctx }) => {
|
||||
try {
|
||||
return await updateEmailNotification(input);
|
||||
const notification = await findNotificationById(input.notificationId);
|
||||
// if (notification.adminId !== ctx.user.adminId) {
|
||||
// throw new TRPCError({
|
||||
// code: "UNAUTHORIZED",
|
||||
// message: "You are not authorized to update this notification",
|
||||
// });
|
||||
// }
|
||||
return await updateEmailNotification({
|
||||
...input,
|
||||
adminId: ctx.user.adminId,
|
||||
});
|
||||
} catch (error) {
|
||||
throw new TRPCError({
|
||||
code: "BAD_REQUEST",
|
||||
@@ -223,8 +258,15 @@ export const notificationRouter = createTRPCRouter({
|
||||
}),
|
||||
remove: adminProcedure
|
||||
.input(apiFindOneNotification)
|
||||
.mutation(async ({ input }) => {
|
||||
.mutation(async ({ input, ctx }) => {
|
||||
try {
|
||||
const notification = await findNotificationById(input.notificationId);
|
||||
// if (notification.adminId !== ctx.user.adminId) {
|
||||
// throw new TRPCError({
|
||||
// code: "UNAUTHORIZED",
|
||||
// message: "You are not authorized to delete this notification",
|
||||
// });
|
||||
// }
|
||||
return await removeNotificationById(input.notificationId);
|
||||
} catch (error) {
|
||||
throw new TRPCError({
|
||||
@@ -235,11 +277,17 @@ export const notificationRouter = createTRPCRouter({
|
||||
}),
|
||||
one: protectedProcedure
|
||||
.input(apiFindOneNotification)
|
||||
.query(async ({ input }) => {
|
||||
.query(async ({ input, ctx }) => {
|
||||
const notification = await findNotificationById(input.notificationId);
|
||||
// if (notification.adminId !== ctx.user.adminId) {
|
||||
// throw new TRPCError({
|
||||
// code: "UNAUTHORIZED",
|
||||
// message: "You are not authorized to access this notification",
|
||||
// });
|
||||
// }
|
||||
return notification;
|
||||
}),
|
||||
all: adminProcedure.query(async () => {
|
||||
all: adminProcedure.query(async ({ ctx }) => {
|
||||
return await db.query.notifications.findMany({
|
||||
with: {
|
||||
slack: true,
|
||||
@@ -248,6 +296,7 @@ export const notificationRouter = createTRPCRouter({
|
||||
email: true,
|
||||
},
|
||||
orderBy: desc(notifications.createdAt),
|
||||
// where: eq(notifications.adminId, ctx.user.adminId),
|
||||
});
|
||||
}),
|
||||
});
|
||||
|
||||
@@ -35,7 +35,6 @@ export const serverRouter = createTRPCRouter({
|
||||
const project = await createServer(input, ctx.user.adminId);
|
||||
return project;
|
||||
} catch (error) {
|
||||
console.log(error);
|
||||
throw new TRPCError({
|
||||
code: "BAD_REQUEST",
|
||||
message: "Error to create the server",
|
||||
@@ -47,7 +46,15 @@ export const serverRouter = createTRPCRouter({
|
||||
one: protectedProcedure
|
||||
.input(apiFindOneServer)
|
||||
.query(async ({ input, ctx }) => {
|
||||
return await findServerById(input.serverId);
|
||||
const server = await findServerById(input.serverId);
|
||||
if (server.adminId !== ctx.user.adminId) {
|
||||
throw new TRPCError({
|
||||
code: "UNAUTHORIZED",
|
||||
message: "You are not authorized to access this server",
|
||||
});
|
||||
}
|
||||
|
||||
return server;
|
||||
}),
|
||||
all: protectedProcedure.query(async ({ ctx }) => {
|
||||
const result = await db
|
||||
@@ -69,7 +76,7 @@ export const serverRouter = createTRPCRouter({
|
||||
|
||||
return result;
|
||||
}),
|
||||
withSSHKey: protectedProcedure.query(async ({ input, ctx }) => {
|
||||
withSSHKey: protectedProcedure.query(async ({ ctx }) => {
|
||||
return await db.query.server.findMany({
|
||||
orderBy: desc(server.createdAt),
|
||||
where: and(
|
||||
@@ -82,20 +89,30 @@ export const serverRouter = createTRPCRouter({
|
||||
.input(apiFindOneServer)
|
||||
.mutation(async ({ input, ctx }) => {
|
||||
try {
|
||||
const server = await findServerById(input.serverId);
|
||||
if (server.adminId !== ctx.user.adminId) {
|
||||
throw new TRPCError({
|
||||
code: "UNAUTHORIZED",
|
||||
message: "You are not authorized to setup this server",
|
||||
});
|
||||
}
|
||||
const currentServer = await serverSetup(input.serverId);
|
||||
return currentServer;
|
||||
} catch (error) {
|
||||
throw new TRPCError({
|
||||
code: "BAD_REQUEST",
|
||||
message: "Error to setup this server",
|
||||
cause: error,
|
||||
});
|
||||
throw error;
|
||||
}
|
||||
}),
|
||||
remove: protectedProcedure
|
||||
.input(apiRemoveServer)
|
||||
.mutation(async ({ input, ctx }) => {
|
||||
try {
|
||||
const server = await findServerById(input.serverId);
|
||||
if (server.adminId !== ctx.user.adminId) {
|
||||
throw new TRPCError({
|
||||
code: "UNAUTHORIZED",
|
||||
message: "You are not authorized to delete this server",
|
||||
});
|
||||
}
|
||||
const activeServers = await haveActiveServices(input.serverId);
|
||||
|
||||
if (activeServers) {
|
||||
@@ -110,28 +127,27 @@ export const serverRouter = createTRPCRouter({
|
||||
|
||||
return currentServer;
|
||||
} catch (error) {
|
||||
throw new TRPCError({
|
||||
code: "BAD_REQUEST",
|
||||
message: "Error to delete this server",
|
||||
cause: error,
|
||||
});
|
||||
throw error;
|
||||
}
|
||||
}),
|
||||
update: protectedProcedure
|
||||
.input(apiUpdateServer)
|
||||
.mutation(async ({ input }) => {
|
||||
.mutation(async ({ input, ctx }) => {
|
||||
try {
|
||||
const server = await findServerById(input.serverId);
|
||||
if (server.adminId !== ctx.user.adminId) {
|
||||
throw new TRPCError({
|
||||
code: "UNAUTHORIZED",
|
||||
message: "You are not authorized to update this server",
|
||||
});
|
||||
}
|
||||
const currentServer = await updateServerById(input.serverId, {
|
||||
...input,
|
||||
});
|
||||
|
||||
return currentServer;
|
||||
} catch (error) {
|
||||
throw new TRPCError({
|
||||
code: "BAD_REQUEST",
|
||||
message: "Error to update this server",
|
||||
cause: error,
|
||||
});
|
||||
throw error;
|
||||
}
|
||||
}),
|
||||
});
|
||||
|
||||
@@ -16,7 +16,6 @@ import {
|
||||
removeSSHKeyById,
|
||||
updateSSHKeyById,
|
||||
} from "@dokploy/builders";
|
||||
import { eq } from "drizzle-orm";
|
||||
|
||||
export const sshRouter = createTRPCRouter({
|
||||
create: protectedProcedure
|
||||
@@ -37,24 +36,38 @@ export const sshRouter = createTRPCRouter({
|
||||
}),
|
||||
remove: protectedProcedure
|
||||
.input(apiRemoveSshKey)
|
||||
.mutation(async ({ input }) => {
|
||||
.mutation(async ({ input, ctx }) => {
|
||||
try {
|
||||
const sshKey = await findSSHKeyById(input.sshKeyId);
|
||||
// if (sshKey.adminId !== ctx.user.adminId) {
|
||||
// throw new TRPCError({
|
||||
// code: "UNAUTHORIZED",
|
||||
// message: "You are not allowed to delete this ssh key",
|
||||
// });
|
||||
// }
|
||||
return await removeSSHKeyById(input.sshKeyId);
|
||||
} catch (error) {
|
||||
throw new TRPCError({
|
||||
code: "BAD_REQUEST",
|
||||
message: "Error to delete this ssh key",
|
||||
});
|
||||
throw error;
|
||||
}
|
||||
}),
|
||||
one: protectedProcedure.input(apiFindOneSshKey).query(async ({ input }) => {
|
||||
const sshKey = await findSSHKeyById(input.sshKeyId);
|
||||
return sshKey;
|
||||
}),
|
||||
one: protectedProcedure
|
||||
.input(apiFindOneSshKey)
|
||||
.query(async ({ input, ctx }) => {
|
||||
const sshKey = await findSSHKeyById(input.sshKeyId);
|
||||
|
||||
if (sshKey.adminId !== ctx.user.adminId) {
|
||||
throw new TRPCError({
|
||||
code: "UNAUTHORIZED",
|
||||
message: "You are not allowed to access this ssh key",
|
||||
});
|
||||
}
|
||||
return sshKey;
|
||||
}),
|
||||
all: protectedProcedure.query(async ({ ctx }) => {
|
||||
return await db.query.sshKeys.findMany({
|
||||
where: eq(sshKeys.adminId, ctx.user.adminId),
|
||||
});
|
||||
return await db.query.sshKeys.findMany({});
|
||||
// return await db.query.sshKeys.findMany({
|
||||
// where: eq(sshKeys.adminId, ctx.user.adminId),
|
||||
// }); // TODO: Remove this line when the cloud version is ready
|
||||
}),
|
||||
generate: protectedProcedure
|
||||
.input(apiGenerateSSHKey)
|
||||
@@ -63,8 +76,15 @@ export const sshRouter = createTRPCRouter({
|
||||
}),
|
||||
update: protectedProcedure
|
||||
.input(apiUpdateSshKey)
|
||||
.mutation(async ({ input }) => {
|
||||
.mutation(async ({ input, ctx }) => {
|
||||
try {
|
||||
const sshKey = await findSSHKeyById(input.sshKeyId);
|
||||
// if (sshKey.adminId !== ctx.user.adminId) {
|
||||
// throw new TRPCError({
|
||||
// code: "UNAUTHORIZED",
|
||||
// message: "You are not allowed to update this ssh key",
|
||||
// });
|
||||
// }
|
||||
return await updateSSHKeyById(input);
|
||||
} catch (error) {
|
||||
throw new TRPCError({
|
||||
|
||||
Reference in New Issue
Block a user