refactor(cloud): add validation to prevent access to shared resources

This commit is contained in:
Mauricio Siu
2024-10-04 20:44:57 -06:00
parent 5cebf5540a
commit 7c4987d84d
14 changed files with 353 additions and 146 deletions

View File

@@ -15,7 +15,9 @@ import {
findSSHKeyById,
removeSSHKeyById,
updateSSHKeyById,
IS_CLOUD,
} from "@dokploy/builders";
import { eq } from "drizzle-orm";
export const sshRouter = createTRPCRouter({
create: protectedProcedure
@@ -39,12 +41,14 @@ export const sshRouter = createTRPCRouter({
.mutation(async ({ input, ctx }) => {
try {
const sshKey = await findSSHKeyById(input.sshKeyId);
// if (sshKey.adminId !== ctx.user.adminId) {
// throw new TRPCError({
// code: "UNAUTHORIZED",
// message: "You are not allowed to delete this ssh key",
// });
// }
if (IS_CLOUD && sshKey.adminId !== ctx.user.adminId) {
// TODO: Remove isCloud in the next versions of dokploy
throw new TRPCError({
code: "UNAUTHORIZED",
message: "You are not allowed to delete this ssh key",
});
}
return await removeSSHKeyById(input.sshKeyId);
} catch (error) {
throw error;
@@ -55,7 +59,8 @@ export const sshRouter = createTRPCRouter({
.query(async ({ input, ctx }) => {
const sshKey = await findSSHKeyById(input.sshKeyId);
if (sshKey.adminId !== ctx.user.adminId) {
if (IS_CLOUD && sshKey.adminId !== ctx.user.adminId) {
// TODO: Remove isCloud in the next versions of dokploy
throw new TRPCError({
code: "UNAUTHORIZED",
message: "You are not allowed to access this ssh key",
@@ -64,10 +69,10 @@ export const sshRouter = createTRPCRouter({
return sshKey;
}),
all: protectedProcedure.query(async ({ ctx }) => {
return await db.query.sshKeys.findMany({});
// return await db.query.sshKeys.findMany({
// where: eq(sshKeys.adminId, ctx.user.adminId),
// }); // TODO: Remove this line when the cloud version is ready
return await db.query.sshKeys.findMany({
...(IS_CLOUD && { where: eq(sshKeys.adminId, ctx.user.adminId) }),
});
// TODO: Remove this line when the cloud version is ready
}),
generate: protectedProcedure
.input(apiGenerateSSHKey)
@@ -79,12 +84,13 @@ export const sshRouter = createTRPCRouter({
.mutation(async ({ input, ctx }) => {
try {
const sshKey = await findSSHKeyById(input.sshKeyId);
// if (sshKey.adminId !== ctx.user.adminId) {
// throw new TRPCError({
// code: "UNAUTHORIZED",
// message: "You are not allowed to update this ssh key",
// });
// }
if (IS_CLOUD && sshKey.adminId !== ctx.user.adminId) {
// TODO: Remove isCloud in the next versions of dokploy
throw new TRPCError({
code: "UNAUTHORIZED",
message: "You are not allowed to update this ssh key",
});
}
return await updateSSHKeyById(input);
} catch (error) {
throw new TRPCError({