mirror of
https://github.com/Dokploy/dokploy.git
synced 2026-07-11 17:05:25 +02:00
refactor(cloud): add validation to prevent access to shared resources
This commit is contained in:
@@ -15,7 +15,9 @@ import {
|
||||
findSSHKeyById,
|
||||
removeSSHKeyById,
|
||||
updateSSHKeyById,
|
||||
IS_CLOUD,
|
||||
} from "@dokploy/builders";
|
||||
import { eq } from "drizzle-orm";
|
||||
|
||||
export const sshRouter = createTRPCRouter({
|
||||
create: protectedProcedure
|
||||
@@ -39,12 +41,14 @@ export const sshRouter = createTRPCRouter({
|
||||
.mutation(async ({ input, ctx }) => {
|
||||
try {
|
||||
const sshKey = await findSSHKeyById(input.sshKeyId);
|
||||
// if (sshKey.adminId !== ctx.user.adminId) {
|
||||
// throw new TRPCError({
|
||||
// code: "UNAUTHORIZED",
|
||||
// message: "You are not allowed to delete this ssh key",
|
||||
// });
|
||||
// }
|
||||
if (IS_CLOUD && sshKey.adminId !== ctx.user.adminId) {
|
||||
// TODO: Remove isCloud in the next versions of dokploy
|
||||
throw new TRPCError({
|
||||
code: "UNAUTHORIZED",
|
||||
message: "You are not allowed to delete this ssh key",
|
||||
});
|
||||
}
|
||||
|
||||
return await removeSSHKeyById(input.sshKeyId);
|
||||
} catch (error) {
|
||||
throw error;
|
||||
@@ -55,7 +59,8 @@ export const sshRouter = createTRPCRouter({
|
||||
.query(async ({ input, ctx }) => {
|
||||
const sshKey = await findSSHKeyById(input.sshKeyId);
|
||||
|
||||
if (sshKey.adminId !== ctx.user.adminId) {
|
||||
if (IS_CLOUD && sshKey.adminId !== ctx.user.adminId) {
|
||||
// TODO: Remove isCloud in the next versions of dokploy
|
||||
throw new TRPCError({
|
||||
code: "UNAUTHORIZED",
|
||||
message: "You are not allowed to access this ssh key",
|
||||
@@ -64,10 +69,10 @@ export const sshRouter = createTRPCRouter({
|
||||
return sshKey;
|
||||
}),
|
||||
all: protectedProcedure.query(async ({ ctx }) => {
|
||||
return await db.query.sshKeys.findMany({});
|
||||
// return await db.query.sshKeys.findMany({
|
||||
// where: eq(sshKeys.adminId, ctx.user.adminId),
|
||||
// }); // TODO: Remove this line when the cloud version is ready
|
||||
return await db.query.sshKeys.findMany({
|
||||
...(IS_CLOUD && { where: eq(sshKeys.adminId, ctx.user.adminId) }),
|
||||
});
|
||||
// TODO: Remove this line when the cloud version is ready
|
||||
}),
|
||||
generate: protectedProcedure
|
||||
.input(apiGenerateSSHKey)
|
||||
@@ -79,12 +84,13 @@ export const sshRouter = createTRPCRouter({
|
||||
.mutation(async ({ input, ctx }) => {
|
||||
try {
|
||||
const sshKey = await findSSHKeyById(input.sshKeyId);
|
||||
// if (sshKey.adminId !== ctx.user.adminId) {
|
||||
// throw new TRPCError({
|
||||
// code: "UNAUTHORIZED",
|
||||
// message: "You are not allowed to update this ssh key",
|
||||
// });
|
||||
// }
|
||||
if (IS_CLOUD && sshKey.adminId !== ctx.user.adminId) {
|
||||
// TODO: Remove isCloud in the next versions of dokploy
|
||||
throw new TRPCError({
|
||||
code: "UNAUTHORIZED",
|
||||
message: "You are not allowed to update this ssh key",
|
||||
});
|
||||
}
|
||||
return await updateSSHKeyById(input);
|
||||
} catch (error) {
|
||||
throw new TRPCError({
|
||||
|
||||
Reference in New Issue
Block a user