Merge pull request #2070 from Dokploy/canary

🚀 Release v0.23.3

apps/dokploy/server/api/routers/docker.ts

@@ -1,6 +1,5 @@
 import {
 	containerRestart,
-	findServerById,
 	getConfig,
 	getContainers,
 	getContainersByAppLabel,
@@ -10,9 +9,6 @@ import {
 } from "@dokploy/server";
 import { z } from "zod";
 import { createTRPCRouter, protectedProcedure } from "../trpc";
-import { TRPCError } from "@trpc/server";
-
-export const containerIdRegex = /^[a-zA-Z0-9.\-_]+$/;
 
 export const dockerRouter = createTRPCRouter({
 	getContainers: protectedProcedure
@@ -21,23 +17,14 @@ export const dockerRouter = createTRPCRouter({
 				serverId: z.string().optional(),
 			}),
 		)
-		.query(async ({ input, ctx }) => {
+		.query(async ({ input }) => {
-			if (input.serverId) {
-				const server = await findServerById(input.serverId);
-				if (server.organizationId !== ctx.session?.activeOrganizationId) {
-					throw new TRPCError({ code: "UNAUTHORIZED" });
-				}
-			}
 			return await getContainers(input.serverId);
 		}),
 
 	restartContainer: protectedProcedure
 		.input(
 			z.object({
-				containerId: z
+				containerId: z.string().min(1),
-					.string()
-					.min(1)
-					.regex(containerIdRegex, "Invalid container id."),
 			}),
 		)
 		.mutation(async ({ input }) => {
@@ -47,20 +34,11 @@ export const dockerRouter = createTRPCRouter({
 	getConfig: protectedProcedure
 		.input(
 			z.object({
-				containerId: z
+				containerId: z.string().min(1),
-					.string()
-					.min(1)
-					.regex(containerIdRegex, "Invalid container id."),
 				serverId: z.string().optional(),
 			}),
 		)
-		.query(async ({ input, ctx }) => {
+		.query(async ({ input }) => {
-			if (input.serverId) {
-				const server = await findServerById(input.serverId);
-				if (server.organizationId !== ctx.session?.activeOrganizationId) {
-					throw new TRPCError({ code: "UNAUTHORIZED" });
-				}
-			}
 			return await getConfig(input.containerId, input.serverId);
 		}),
 
@@ -70,17 +48,11 @@ export const dockerRouter = createTRPCRouter({
 				appType: z
 					.union([z.literal("stack"), z.literal("docker-compose")])
 					.optional(),
-				appName: z.string().min(1).regex(containerIdRegex, "Invalid app name."),
+				appName: z.string().min(1),
 				serverId: z.string().optional(),
 			}),
 		)
-		.query(async ({ input, ctx }) => {
+		.query(async ({ input }) => {
-			if (input.serverId) {
-				const server = await findServerById(input.serverId);
-				if (server.organizationId !== ctx.session?.activeOrganizationId) {
-					throw new TRPCError({ code: "UNAUTHORIZED" });
-				}
-			}
 			return await getContainersByAppNameMatch(
 				input.appName,
 				input.appType,
@@ -91,18 +63,12 @@ export const dockerRouter = createTRPCRouter({
 	getContainersByAppLabel: protectedProcedure
 		.input(
 			z.object({
-				appName: z.string().min(1).regex(containerIdRegex, "Invalid app name."),
+				appName: z.string().min(1),
 				serverId: z.string().optional(),
 				type: z.enum(["standalone", "swarm"]),
 			}),
 		)
-		.query(async ({ input, ctx }) => {
+		.query(async ({ input }) => {
-			if (input.serverId) {
-				const server = await findServerById(input.serverId);
-				if (server.organizationId !== ctx.session?.activeOrganizationId) {
-					throw new TRPCError({ code: "UNAUTHORIZED" });
-				}
-			}
 			return await getContainersByAppLabel(
 				input.appName,
 				input.type,
@@ -113,34 +79,22 @@ export const dockerRouter = createTRPCRouter({
 	getStackContainersByAppName: protectedProcedure
 		.input(
 			z.object({
-				appName: z.string().min(1).regex(containerIdRegex, "Invalid app name."),
+				appName: z.string().min(1),
 				serverId: z.string().optional(),
 			}),
 		)
-		.query(async ({ input, ctx }) => {
+		.query(async ({ input }) => {
-			if (input.serverId) {
-				const server = await findServerById(input.serverId);
-				if (server.organizationId !== ctx.session?.activeOrganizationId) {
-					throw new TRPCError({ code: "UNAUTHORIZED" });
-				}
-			}
 			return await getStackContainersByAppName(input.appName, input.serverId);
 		}),
 
 	getServiceContainersByAppName: protectedProcedure
 		.input(
 			z.object({
-				appName: z.string().min(1).regex(containerIdRegex, "Invalid app name."),
+				appName: z.string().min(1),
 				serverId: z.string().optional(),
 			}),
 		)
-		.query(async ({ input, ctx }) => {
+		.query(async ({ input }) => {
-			if (input.serverId) {
-				const server = await findServerById(input.serverId);
-				if (server.organizationId !== ctx.session?.activeOrganizationId) {
-					throw new TRPCError({ code: "UNAUTHORIZED" });
-				}
-			}
 			return await getServiceContainersByAppName(input.appName, input.serverId);
 		}),
 });

apps/dokploy/server/api/routers/settings.ts

@@ -459,15 +459,6 @@ export const settingsRouter = createTRPCRouter({
 					throw new TRPCError({ code: "UNAUTHORIZED" });
 				}
 			}
-
-			if (input.serverId) {
-				const server = await findServerById(input.serverId);
-
-				if (server.organizationId !== ctx.session?.activeOrganizationId) {
-					throw new TRPCError({ code: "UNAUTHORIZED" });
-				}
-			}
-
 			return readConfigInPath(input.path, input.serverId);
 		}),
 	getIp: protectedProcedure.query(async ({ ctx }) => {

apps/dokploy/server/api/routers/swarm.ts

@@ -6,9 +6,6 @@ import {
 } from "@dokploy/server";
 import { z } from "zod";
 import { createTRPCRouter, protectedProcedure } from "../trpc";
-import { TRPCError } from "@trpc/server";
-import { findServerById } from "@dokploy/server";
-import { containerIdRegex } from "./docker";
 
 export const swarmRouter = createTRPCRouter({
 	getNodes: protectedProcedure
@@ -17,24 +14,12 @@ export const swarmRouter = createTRPCRouter({
 				serverId: z.string().optional(),
 			}),
 		)
-		.query(async ({ input, ctx }) => {
+		.query(async ({ input }) => {
-			if (input.serverId) {
-				const server = await findServerById(input.serverId);
-				if (server.organizationId !== ctx.session?.activeOrganizationId) {
-					throw new TRPCError({ code: "UNAUTHORIZED" });
-				}
-			}
 			return await getSwarmNodes(input.serverId);
 		}),
 	getNodeInfo: protectedProcedure
 		.input(z.object({ nodeId: z.string(), serverId: z.string().optional() }))
-		.query(async ({ input, ctx }) => {
+		.query(async ({ input }) => {
-			if (input.serverId) {
-				const server = await findServerById(input.serverId);
-				if (server.organizationId !== ctx.session?.activeOrganizationId) {
-					throw new TRPCError({ code: "UNAUTHORIZED" });
-				}
-			}
 			return await getNodeInfo(input.nodeId, input.serverId);
 		}),
 	getNodeApps: protectedProcedure
@@ -43,29 +28,17 @@ export const swarmRouter = createTRPCRouter({
 				serverId: z.string().optional(),
 			}),
 		)
-		.query(async ({ input, ctx }) => {
+		.query(async ({ input }) => {
-			if (input.serverId) {
-				const server = await findServerById(input.serverId);
-				if (server.organizationId !== ctx.session?.activeOrganizationId) {
-					throw new TRPCError({ code: "UNAUTHORIZED" });
-				}
-			}
 			return getNodeApplications(input.serverId);
 		}),
 	getAppInfos: protectedProcedure
 		.input(
 			z.object({
-				appName: z.string().min(1).regex(containerIdRegex, "Invalid app name."),
+				appName: z.string(),
 				serverId: z.string().optional(),
 			}),
 		)
-		.query(async ({ input, ctx }) => {
+		.query(async ({ input }) => {
-			if (input.serverId) {
-				const server = await findServerById(input.serverId);
-				if (server.organizationId !== ctx.session?.activeOrganizationId) {
-					throw new TRPCError({ code: "UNAUTHORIZED" });
-				}
-			}
 			return await getApplicationInfo(input.appName, input.serverId);
 		}),
 });

apps/dokploy/server/api/routers/user.ts

@@ -75,24 +75,6 @@ export const userRouter = createTRPCRouter({
 				},
 			});
 
-			// If user not found in the organization, deny access
-			if (!memberResult) {
-				throw new TRPCError({
-					code: "NOT_FOUND",
-					message: "User not found in this organization",
-				});
-			}
-
-			// Allow access if:
-			// 1. User is requesting their own information
-			// 2. User has owner role (admin permissions) AND user is in the same organization
-			if (memberResult.userId !== ctx.user.id && ctx.user.role !== "owner") {
-				throw new TRPCError({
-					code: "UNAUTHORIZED",
-					message: "You are not authorized to access this user",
-				});
-			}
-
 			return memberResult;
 		}),
 	get: protectedProcedure.query(async ({ ctx }) => {

packages/server/src/db/schema/user.ts

@@ -15,7 +15,6 @@ import { backups } from "./backups";
 import { projects } from "./project";
 import { schedules } from "./schedule";
 import { certificateType } from "./shared";
-import { paths } from "@dokploy/server/constants";
 /**
  * This is an example of how to use the multi-project schema feature of Drizzle ORM. Use the same
  * database instance for multiple projects.
@@ -237,31 +236,7 @@ export const apiModifyTraefikConfig = z.object({
 	serverId: z.string().optional(),
 });
 export const apiReadTraefikConfig = z.object({
-	path: z
+	path: z.string().min(1),
-		.string()
-		.min(1)
-		.refine(
-			(path) => {
-				// Prevent directory traversal attacks
-				if (path.includes("../") || path.includes("..\\")) {
-					return false;
-				}
-
-				const { MAIN_TRAEFIK_PATH } = paths();
-				if (path.startsWith("/") && !path.startsWith(MAIN_TRAEFIK_PATH)) {
-					return false;
-				}
-				// Prevent null bytes and other dangerous characters
-				if (path.includes("\0") || path.includes("\x00")) {
-					return false;
-				}
-				return true;
-			},
-			{
-				message:
-					"Invalid path: path traversal or unauthorized directory access detected",
-			},
-		),
 	serverId: z.string().optional(),
 });