feat(docker-swarm): implement server authorization checks and input validation

- Added server authorization checks to ensure users can only access resources for their organization. - Enhanced input validation for container and app names using regex to prevent invalid entries. - Updated multiple query procedures in both docker and swarm routers to include these checks and validations.
feat(user-validation): enhance path validation in Traefik config
2025-06-26 18:27:59 +00:00 · 2025-06-22 23:57:12 -06:00 · 2025-06-22 23:57:02 -06:00 · 2025-06-22 23:56:13 -06:00 · 2025-06-22 18:01:21 +02:00 · 2025-06-22 16:00:36 +00:00
10 changed files with 182 additions and 39 deletions
--- a/apps/dokploy/components/dashboard/application/rollbacks/show-rollback-settings.tsx
+++ b/apps/dokploy/components/dashboard/application/rollbacks/show-rollback-settings.tsx
@@ -1,3 +1,4 @@
+import { AlertBlock } from "@/components/shared/alert-block";
 import { Button } from "@/components/ui/button";
 import {
 	Dialog,
@@ -79,6 +80,11 @@ export const ShowRollbackSettings = ({ applicationId, children }: Props) => {
 					<DialogDescription>
 						Configure how rollbacks work for this application
 					</DialogDescription>
+					<AlertBlock>
+						Having rollbacks enabled increases storage usage. Be careful with
+						this option. Note that manually cleaning the cache may delete
+						rollback images, making them unavailable for future rollbacks.
+					</AlertBlock>
 				</DialogHeader>

 				<Form {...form}>
--- a/apps/dokploy/package.json
+++ b/apps/dokploy/package.json
@@ -1,6 +1,6 @@
 {
 	"name": "dokploy",
-	"version": "v0.23.2",
+	"version": "v0.23.3",
 	"private": true,
 	"license": "Apache-2.0",
 	"type": "module",
--- a/apps/dokploy/reset-2fa.ts
+++ b/apps/dokploy/reset-2fa.ts
@@ -4,24 +4,24 @@ import { users_temp } from "@dokploy/server/db/schema";
 import { eq } from "drizzle-orm";

 (async () => {
-  try {
-    const result = await findAdmin();
+	try {
+		const result = await findAdmin();

-    const update = await db
-      .update(users_temp)
-      .set({
-        twoFactorEnabled: false,
-      })
-      .where(eq(users_temp.id, result.userId));
+		const update = await db
+			.update(users_temp)
+			.set({
+				twoFactorEnabled: false,
+			})
+			.where(eq(users_temp.id, result.userId));

-    if (update) {
-      console.log("2FA reset successful");
-    } else {
-      console.log("Password reset failed");
-    }
+		if (update) {
+			console.log("2FA reset successful");
+		} else {
+			console.log("Password reset failed");
+		}

-    process.exit(0);
-  } catch (error) {
-    console.log("Error resetting 2FA", error);
-  }
+		process.exit(0);
+	} catch (error) {
+		console.log("Error resetting 2FA", error);
+	}
 })();
--- a/apps/dokploy/server/api/routers/docker.ts
+++ b/apps/dokploy/server/api/routers/docker.ts
@@ -1,5 +1,6 @@
 import {
 	containerRestart,
+	findServerById,
 	getConfig,
 	getContainers,
 	getContainersByAppLabel,
@@ -9,6 +10,9 @@ import {
 } from "@dokploy/server";
 import { z } from "zod";
 import { createTRPCRouter, protectedProcedure } from "../trpc";
+import { TRPCError } from "@trpc/server";
+
+export const containerIdRegex = /^[a-zA-Z0-9.\-_]+$/;

 export const dockerRouter = createTRPCRouter({
 	getContainers: protectedProcedure
@@ -17,14 +21,23 @@ export const dockerRouter = createTRPCRouter({
 				serverId: z.string().optional(),
 			}),
 		)
-		.query(async ({ input }) => {
+		.query(async ({ input, ctx }) => {
+			if (input.serverId) {
+				const server = await findServerById(input.serverId);
+				if (server.organizationId !== ctx.session?.activeOrganizationId) {
+					throw new TRPCError({ code: "UNAUTHORIZED" });
+				}
+			}
 			return await getContainers(input.serverId);
 		}),

 	restartContainer: protectedProcedure
 		.input(
 			z.object({
-				containerId: z.string().min(1),
+				containerId: z
+					.string()
+					.min(1)
+					.regex(containerIdRegex, "Invalid container id."),
 			}),
 		)
 		.mutation(async ({ input }) => {
@@ -34,11 +47,20 @@ export const dockerRouter = createTRPCRouter({
 	getConfig: protectedProcedure
 		.input(
 			z.object({
-				containerId: z.string().min(1),
+				containerId: z
+					.string()
+					.min(1)
+					.regex(containerIdRegex, "Invalid container id."),
 				serverId: z.string().optional(),
 			}),
 		)
-		.query(async ({ input }) => {
+		.query(async ({ input, ctx }) => {
+			if (input.serverId) {
+				const server = await findServerById(input.serverId);
+				if (server.organizationId !== ctx.session?.activeOrganizationId) {
+					throw new TRPCError({ code: "UNAUTHORIZED" });
+				}
+			}
 			return await getConfig(input.containerId, input.serverId);
 		}),

@@ -48,11 +70,17 @@ export const dockerRouter = createTRPCRouter({
 				appType: z
 					.union([z.literal("stack"), z.literal("docker-compose")])
 					.optional(),
-				appName: z.string().min(1),
+				appName: z.string().min(1).regex(containerIdRegex, "Invalid app name."),
 				serverId: z.string().optional(),
 			}),
 		)
-		.query(async ({ input }) => {
+		.query(async ({ input, ctx }) => {
+			if (input.serverId) {
+				const server = await findServerById(input.serverId);
+				if (server.organizationId !== ctx.session?.activeOrganizationId) {
+					throw new TRPCError({ code: "UNAUTHORIZED" });
+				}
+			}
 			return await getContainersByAppNameMatch(
 				input.appName,
 				input.appType,
@@ -63,12 +91,18 @@ export const dockerRouter = createTRPCRouter({
 	getContainersByAppLabel: protectedProcedure
 		.input(
 			z.object({
-				appName: z.string().min(1),
+				appName: z.string().min(1).regex(containerIdRegex, "Invalid app name."),
 				serverId: z.string().optional(),
 				type: z.enum(["standalone", "swarm"]),
 			}),
 		)
-		.query(async ({ input }) => {
+		.query(async ({ input, ctx }) => {
+			if (input.serverId) {
+				const server = await findServerById(input.serverId);
+				if (server.organizationId !== ctx.session?.activeOrganizationId) {
+					throw new TRPCError({ code: "UNAUTHORIZED" });
+				}
+			}
 			return await getContainersByAppLabel(
 				input.appName,
 				input.type,
@@ -79,22 +113,34 @@ export const dockerRouter = createTRPCRouter({
 	getStackContainersByAppName: protectedProcedure
 		.input(
 			z.object({
-				appName: z.string().min(1),
+				appName: z.string().min(1).regex(containerIdRegex, "Invalid app name."),
 				serverId: z.string().optional(),
 			}),
 		)
-		.query(async ({ input }) => {
+		.query(async ({ input, ctx }) => {
+			if (input.serverId) {
+				const server = await findServerById(input.serverId);
+				if (server.organizationId !== ctx.session?.activeOrganizationId) {
+					throw new TRPCError({ code: "UNAUTHORIZED" });
+				}
+			}
 			return await getStackContainersByAppName(input.appName, input.serverId);
 		}),

 	getServiceContainersByAppName: protectedProcedure
 		.input(
 			z.object({
-				appName: z.string().min(1),
+				appName: z.string().min(1).regex(containerIdRegex, "Invalid app name."),
 				serverId: z.string().optional(),
 			}),
 		)
-		.query(async ({ input }) => {
+		.query(async ({ input, ctx }) => {
+			if (input.serverId) {
+				const server = await findServerById(input.serverId);
+				if (server.organizationId !== ctx.session?.activeOrganizationId) {
+					throw new TRPCError({ code: "UNAUTHORIZED" });
+				}
+			}
 			return await getServiceContainersByAppName(input.appName, input.serverId);
 		}),
 });
--- a/apps/dokploy/server/api/routers/settings.ts
+++ b/apps/dokploy/server/api/routers/settings.ts
@@ -459,6 +459,15 @@ export const settingsRouter = createTRPCRouter({
 					throw new TRPCError({ code: "UNAUTHORIZED" });
 				}
 			}
+
+			if (input.serverId) {
+				const server = await findServerById(input.serverId);
+
+				if (server.organizationId !== ctx.session?.activeOrganizationId) {
+					throw new TRPCError({ code: "UNAUTHORIZED" });
+				}
+			}
+
 			return readConfigInPath(input.path, input.serverId);
 		}),
 	getIp: protectedProcedure.query(async ({ ctx }) => {
--- a/apps/dokploy/server/api/routers/swarm.ts
+++ b/apps/dokploy/server/api/routers/swarm.ts
@@ -6,6 +6,9 @@ import {
 } from "@dokploy/server";
 import { z } from "zod";
 import { createTRPCRouter, protectedProcedure } from "../trpc";
+import { TRPCError } from "@trpc/server";
+import { findServerById } from "@dokploy/server";
+import { containerIdRegex } from "./docker";

 export const swarmRouter = createTRPCRouter({
 	getNodes: protectedProcedure
@@ -14,12 +17,24 @@ export const swarmRouter = createTRPCRouter({
 				serverId: z.string().optional(),
 			}),
 		)
-		.query(async ({ input }) => {
+		.query(async ({ input, ctx }) => {
+			if (input.serverId) {
+				const server = await findServerById(input.serverId);
+				if (server.organizationId !== ctx.session?.activeOrganizationId) {
+					throw new TRPCError({ code: "UNAUTHORIZED" });
+				}
+			}
 			return await getSwarmNodes(input.serverId);
 		}),
 	getNodeInfo: protectedProcedure
 		.input(z.object({ nodeId: z.string(), serverId: z.string().optional() }))
-		.query(async ({ input }) => {
+		.query(async ({ input, ctx }) => {
+			if (input.serverId) {
+				const server = await findServerById(input.serverId);
+				if (server.organizationId !== ctx.session?.activeOrganizationId) {
+					throw new TRPCError({ code: "UNAUTHORIZED" });
+				}
+			}
 			return await getNodeInfo(input.nodeId, input.serverId);
 		}),
 	getNodeApps: protectedProcedure
@@ -28,17 +43,29 @@ export const swarmRouter = createTRPCRouter({
 				serverId: z.string().optional(),
 			}),
 		)
-		.query(async ({ input }) => {
+		.query(async ({ input, ctx }) => {
+			if (input.serverId) {
+				const server = await findServerById(input.serverId);
+				if (server.organizationId !== ctx.session?.activeOrganizationId) {
+					throw new TRPCError({ code: "UNAUTHORIZED" });
+				}
+			}
 			return getNodeApplications(input.serverId);
 		}),
 	getAppInfos: protectedProcedure
 		.input(
 			z.object({
-				appName: z.string(),
+				appName: z.string().min(1).regex(containerIdRegex, "Invalid app name."),
 				serverId: z.string().optional(),
 			}),
 		)
-		.query(async ({ input }) => {
+		.query(async ({ input, ctx }) => {
+			if (input.serverId) {
+				const server = await findServerById(input.serverId);
+				if (server.organizationId !== ctx.session?.activeOrganizationId) {
+					throw new TRPCError({ code: "UNAUTHORIZED" });
+				}
+			}
 			return await getApplicationInfo(input.appName, input.serverId);
 		}),
 });
--- a/apps/dokploy/server/api/routers/user.ts
+++ b/apps/dokploy/server/api/routers/user.ts
@@ -75,6 +75,24 @@ export const userRouter = createTRPCRouter({
 				},
 			});

+			// If user not found in the organization, deny access
+			if (!memberResult) {
+				throw new TRPCError({
+					code: "NOT_FOUND",
+					message: "User not found in this organization",
+				});
+			}
+
+			// Allow access if:
+			// 1. User is requesting their own information
+			// 2. User has owner role (admin permissions) AND user is in the same organization
+			if (memberResult.userId !== ctx.user.id && ctx.user.role !== "owner") {
+				throw new TRPCError({
+					code: "UNAUTHORIZED",
+					message: "You are not authorized to access this user",
+				});
+			}
+
 			return memberResult;
 		}),
 	get: protectedProcedure.query(async ({ ctx }) => {
--- a/packages/server/src/db/schema/rollbacks.ts
+++ b/packages/server/src/db/schema/rollbacks.ts
@@ -4,6 +4,8 @@ import { createInsertSchema } from "drizzle-zod";
 import { nanoid } from "nanoid";
 import { z } from "zod";
 import { deployments } from "./deployment";
+import type { Application } from "@dokploy/server/services/application";
+import type { Project } from "@dokploy/server/services/project";

 export const rollbacks = pgTable("rollback", {
 	rollbackId: text("rollbackId")
@@ -20,7 +22,7 @@ export const rollbacks = pgTable("rollback", {
 	createdAt: text("createdAt")
 		.notNull()
 		.$defaultFn(() => new Date().toISOString()),
-	fullContext: jsonb("fullContext"),
+	fullContext: jsonb("fullContext").$type<Application & { project: Project }>(),
 });

 export type Rollback = typeof rollbacks.$inferSelect;
--- a/packages/server/src/db/schema/user.ts
+++ b/packages/server/src/db/schema/user.ts
@@ -15,6 +15,7 @@ import { backups } from "./backups";
 import { projects } from "./project";
 import { schedules } from "./schedule";
 import { certificateType } from "./shared";
+import { paths } from "@dokploy/server/constants";
 /**
 * This is an example of how to use the multi-project schema feature of Drizzle ORM. Use the same
 * database instance for multiple projects.
@@ -236,7 +237,31 @@ export const apiModifyTraefikConfig = z.object({
 	serverId: z.string().optional(),
 });
 export const apiReadTraefikConfig = z.object({
-	path: z.string().min(1),
+	path: z
+		.string()
+		.min(1)
+		.refine(
+			(path) => {
+				// Prevent directory traversal attacks
+				if (path.includes("../") || path.includes("..\\")) {
+					return false;
+				}
+
+				const { MAIN_TRAEFIK_PATH } = paths();
+				if (path.startsWith("/") && !path.startsWith(MAIN_TRAEFIK_PATH)) {
+					return false;
+				}
+				// Prevent null bytes and other dangerous characters
+				if (path.includes("\0") || path.includes("\x00")) {
+					return false;
+				}
+				return true;
+			},
+			{
+				message:
+					"Invalid path: path traversal or unauthorized directory access detected",
+			},
+		),
 	serverId: z.string().optional(),
 });

--- a/packages/server/src/services/rollbacks.ts
+++ b/packages/server/src/services/rollbacks.ts
@@ -12,14 +12,16 @@ import type { ApplicationNested } from "../utils/builders";
 import { execAsync, execAsyncRemote } from "../utils/process/execAsync";
 import type { CreateServiceOptions } from "dockerode";
 import { findDeploymentById } from "./deployment";
+import { prepareEnvironmentVariables } from "../utils/docker/utils";

 export const createRollback = async (
 	input: z.infer<typeof createRollbackSchema>,
 ) => {
 	await db.transaction(async (tx) => {
+		const { fullContext, ...other } = input;
 		const rollback = await tx
 			.insert(rollbacks)
-			.values(input)
+			.values(other)
 			.returning()
 			.then((res) => res[0]);

@@ -47,7 +49,7 @@ export const createRollback = async (
 			.update(rollbacks)
 			.set({
 				image: tagImage,
-				fullContext: JSON.stringify(rest),
+				fullContext: rest,
 			})
 			.where(eq(rollbacks.rollbackId, rollback.rollbackId));

@@ -150,10 +152,16 @@ export const rollback = async (rollbackId: string) => {

 	const application = await findApplicationById(deployment.applicationId);

+	const envVariables = prepareEnvironmentVariables(
+		result?.fullContext?.env || "",
+		result.fullContext?.project?.env || "",
+	);
+
 	await rollbackApplication(
 		application.appName,
 		result.image || "",
 		application.serverId,
+		envVariables,
 	);
 };

@@ -161,6 +169,7 @@ const rollbackApplication = async (
 	appName: string,
 	image: string,
 	serverId?: string | null,
+	env: string[] = [],
 ) => {
 	const docker = await getRemoteDocker(serverId);

@@ -169,6 +178,7 @@ const rollbackApplication = async (
 		TaskTemplate: {
 			ContainerSpec: {
 				Image: image,
+				Env: env,
 			},
 		},
 	};
Author	SHA1	Message	Date
Mauricio Siu	fb5d2bd5b6	feat(docker-swarm): implement server authorization checks and input validation - Added server authorization checks to ensure users can only access resources for their organization. - Enhanced input validation for container and app names using regex to prevent invalid entries. - Updated multiple query procedures in both docker and swarm routers to include these checks and validations.	2025-06-22 23:57:12 -06:00
Mauricio Siu	e42f6bc610	feat(user-validation): enhance path validation in Traefik config - Added refined validation for the 'path' field to prevent directory traversal attacks and unauthorized access. - Implemented checks for null bytes and ensured paths start with the MAIN_TRAEFIK_PATH constant.	2025-06-22 23:57:02 -06:00
Mauricio Siu	61cf426615	feat(user-access): implement access control for user information retrieval - Added checks to deny access if the user is not found in the organization. - Implemented authorization logic to allow access only for users requesting their own information or users with owner role in the same organization.	2025-06-22 23:56:13 -06:00
Mauricio Siu	2a89be6efc	Merge pull request #2069 from Dokploy/2065-rollback-feature-dns-issues Some checks failed Auto PR to main when version changes / create-pr (push) Has been cancelled Details Build Docker images / build-and-push-cloud-image (push) Has been cancelled Details Build Docker images / build-and-push-schedule-image (push) Has been cancelled Details Build Docker images / build-and-push-server-image (push) Has been cancelled Details Dokploy Docker Build / docker-amd (push) Has been cancelled Details Dokploy Docker Build / docker-arm (push) Has been cancelled Details autofix.ci / format (push) Has been cancelled Details Dokploy Monitoring Build / docker-amd (push) Has been cancelled Details Dokploy Monitoring Build / docker-arm (push) Has been cancelled Details Dokploy Docker Build / combine-manifests (push) Has been cancelled Details Dokploy Docker Build / generate-release (push) Has been cancelled Details Dokploy Monitoring Build / combine-manifests (push) Has been cancelled Details feat(rollbacks): enhance fullContext type and refactor createRollback…	2025-06-22 18:01:21 +02:00
autofix-ci[bot]	412bb9e874	[autofix.ci] apply automated fixes	2025-06-22 16:00:36 +00:00
Mauricio Siu	6290c217f1	feat(rollbacks): add alert for storage usage in rollback settings - Introduced an AlertBlock component to inform users about increased storage usage when rollbacks are enabled. - Added cautionary note regarding the potential deletion of rollback images during manual cache cleaning.	2025-06-22 10:00:14 -06:00
Mauricio Siu	4babdd45ea	chore: update version in package.json to v0.23.3	2025-06-22 09:58:35 -06:00
Mauricio Siu	24bff96898	feat(rollbacks): enhance fullContext type and refactor createRollback logic - Updated fullContext type in rollbacks schema to include Application and Project types. - Refactored createRollback function to separate fullContext from input and handle it more efficiently. - Integrated environment variable preparation into the rollback process.	2025-06-22 09:56:36 -06:00