From b4a5221caf7380d5f698d43f4f97082f89dd77eb Mon Sep 17 00:00:00 2001 From: Lucas Manchine Date: Wed, 23 Jul 2025 20:38:27 +0000 Subject: [PATCH 001/261] feat: Add stop_grace_period to swarm settings --- .../cluster/modify-swarm-settings.tsx | 26 + .../dokploy/drizzle/0104_free_thunderbolt.sql | 1 + apps/dokploy/drizzle/meta/0104_snapshot.json | 6142 +++++++++++++++++ apps/dokploy/drizzle/meta/_journal.json | 7 + packages/server/src/db/schema/application.ts | 2 + packages/server/src/utils/docker/utils.ts | 4 + 6 files changed, 6182 insertions(+) create mode 100644 apps/dokploy/drizzle/0104_free_thunderbolt.sql create mode 100644 apps/dokploy/drizzle/meta/0104_snapshot.json diff --git a/apps/dokploy/components/dashboard/application/advanced/cluster/modify-swarm-settings.tsx b/apps/dokploy/components/dashboard/application/advanced/cluster/modify-swarm-settings.tsx index b8a272e15..2342d7558 100644 --- a/apps/dokploy/components/dashboard/application/advanced/cluster/modify-swarm-settings.tsx +++ b/apps/dokploy/components/dashboard/application/advanced/cluster/modify-swarm-settings.tsx @@ -1,6 +1,7 @@ import { AlertBlock } from "@/components/shared/alert-block"; import { CodeEditor } from "@/components/shared/code-editor"; import { Button } from "@/components/ui/button"; +import { Input } from "@/components/ui/input"; import { Dialog, DialogContent, @@ -176,6 +177,7 @@ const addSwarmSettings = z.object({ modeSwarm: createStringToJSONSchema(ServiceModeSwarmSchema).nullable(), labelsSwarm: createStringToJSONSchema(LabelsSwarmSchema).nullable(), networkSwarm: createStringToJSONSchema(NetworkSwarmSchema).nullable(), + stopGracePeriodSwarm: z.string().nullable(), }); type AddSwarmSettings = z.infer; @@ -238,6 +240,7 @@ export const AddSwarmSettings = ({ applicationId }: Props) => { networkSwarm: data.networkSwarm ? JSON.stringify(data.networkSwarm, null, 2) : null, + stopGracePeriodSwarm: data.stopGracePeriodSwarm ?? null, }); } }, [form, form.reset, data]); @@ -253,6 +256,7 @@ export const AddSwarmSettings = ({ applicationId }: Props) => { modeSwarm: data.modeSwarm, labelsSwarm: data.labelsSwarm, networkSwarm: data.networkSwarm, + stopGracePeriodSwarm: data.stopGracePeriodSwarm ?? null, }) .then(async () => { toast.success("Swarm settings updated"); @@ -752,6 +756,28 @@ export const AddSwarmSettings = ({ applicationId }: Props) => { )} /> + ( + + Stop Grace Period + + Time to wait for the container to stop gracefully. + + + + + 
+										
+
+ + )} + /> - + {canDeleteEnvironments && ( + + )} )} diff --git a/apps/dokploy/components/dashboard/settings/users/add-permissions.tsx b/apps/dokploy/components/dashboard/settings/users/add-permissions.tsx index a918da98f..bb54f7005 100644 --- a/apps/dokploy/components/dashboard/settings/users/add-permissions.tsx +++ b/apps/dokploy/components/dashboard/settings/users/add-permissions.tsx @@ -161,6 +161,7 @@ const addPermissions = z.object({ canCreateServices: z.boolean().optional().default(false), canDeleteProjects: z.boolean().optional().default(false), canDeleteServices: z.boolean().optional().default(false), + canDeleteEnvironments: z.boolean().optional().default(false), canAccessToTraefikFiles: z.boolean().optional().default(false), canAccessToDocker: z.boolean().optional().default(false), canAccessToAPI: z.boolean().optional().default(false), @@ -193,6 +194,7 @@ export const AddUserPermissions = ({ userId }: Props) => { defaultValues: { accessedProjects: [], accessedServices: [], + canDeleteEnvironments: false, }, resolver: zodResolver(addPermissions), }); @@ -207,6 +209,7 @@ export const AddUserPermissions = ({ userId }: Props) => { canCreateServices: data.canCreateServices, canDeleteProjects: data.canDeleteProjects, canDeleteServices: data.canDeleteServices, + canDeleteEnvironments: data.canDeleteEnvironments || false, canAccessToTraefikFiles: data.canAccessToTraefikFiles, canAccessToDocker: data.canAccessToDocker, canAccessToAPI: data.canAccessToAPI, @@ -223,6 +226,7 @@ export const AddUserPermissions = ({ userId }: Props) => { canCreateProjects: data.canCreateProjects, canDeleteServices: data.canDeleteServices, canDeleteProjects: data.canDeleteProjects, + canDeleteEnvironments: data.canDeleteEnvironments, canAccessToTraefikFiles: data.canAccessToTraefikFiles, accessedProjects: data.accessedProjects || [], accessedEnvironments: data.accessedEnvironments || [], @@ -343,6 +347,26 @@ export const AddUserPermissions = ({ userId }: Props) => { )} /> + ( + +
+ Delete Environments + + Allow the user to delete environments + +
+ + + + + )} + /> { try { - if (ctx.user.role === "member") { - await checkEnvironmentAccess( - ctx.user.id, - input.environmentId, - ctx.session.activeOrganizationId, - "access", - ); - } const environment = await findEnvironmentById(input.environmentId); if ( environment.project.organizationId !== @@ -206,27 +199,33 @@ export const environmentRouter = createTRPCRouter({ }); } - // Check environment access for members - if (ctx.user.role === "member") { - const { accessedEnvironments } = await findMemberById( - ctx.user.id, - ctx.session.activeOrganizationId, - ); + // Check environment deletion permission + await checkEnvironmentDeletionPermission( + ctx.user.id, + environment.projectId, + ctx.session.activeOrganizationId, + ); - if (!accessedEnvironments.includes(environment.environmentId)) { - throw new TRPCError({ - code: "FORBIDDEN", - message: "You are not allowed to delete this environment", - }); - } + // Additional check for environment access for members + if (ctx.user.role === "member") { + await checkEnvironmentAccess( + ctx.user.id, + input.environmentId, + ctx.session.activeOrganizationId, + "access", + ); } const deletedEnvironment = await deleteEnvironment(input.environmentId); return deletedEnvironment; } catch (error) { + if (error instanceof TRPCError) { + throw error; + } throw new TRPCError({ code: "BAD_REQUEST", message: `Error deleting the environment: ${error instanceof Error ? error.message : error}`, + cause: error, }); } }), diff --git a/packages/server/src/db/schema/account.ts b/packages/server/src/db/schema/account.ts index 3eb57b552..a7b4dc77f 100644 --- a/packages/server/src/db/schema/account.ts +++ b/packages/server/src/db/schema/account.ts @@ -108,6 +108,9 @@ export const member = pgTable("member", { canAccessToTraefikFiles: boolean("canAccessToTraefikFiles") .notNull() .default(false), + canDeleteEnvironments: boolean("canDeleteEnvironments") + .notNull() + .default(false), accessedProjects: text("accesedProjects") .array() .notNull() diff --git a/packages/server/src/db/schema/user.ts b/packages/server/src/db/schema/user.ts index 933a7490c..1b646d005 100644 --- a/packages/server/src/db/schema/user.ts +++ b/packages/server/src/db/schema/user.ts @@ -186,6 +186,7 @@ export const apiAssignPermissions = createSchema canAccessToAPI: z.boolean().optional(), canAccessToSSHKeys: z.boolean().optional(), canAccessToGitProviders: z.boolean().optional(), + canDeleteEnvironments: z.boolean().optional(), }) .required(); diff --git a/packages/server/src/services/user.ts b/packages/server/src/services/user.ts index 728d5b8ee..5b2256bf7 100644 --- a/packages/server/src/services/user.ts +++ b/packages/server/src/services/user.ts @@ -163,6 +163,24 @@ export const canPerformAccessEnvironment = async ( return false; }; +export const canPerformDeleteEnvironment = async ( + userId: string, + projectId: string, + organizationId: string, +) => { + const { accessedProjects, canDeleteEnvironments } = await findMemberById( + userId, + organizationId, + ); + const haveAccessToProject = accessedProjects.includes(projectId); + + if (canDeleteEnvironments && haveAccessToProject) { + return true; + } + + return false; +}; + export const canAccessToTraefikFiles = async ( userId: string, organizationId: string, @@ -240,6 +258,42 @@ export const checkEnvironmentAccess = async ( } }; +export const checkEnvironmentDeletionPermission = async ( + userId: string, + projectId: string, + organizationId: string, +) => { + const member = await findMemberById(userId, organizationId); + + if (!member) { + throw new TRPCError({ + code: "UNAUTHORIZED", + message: "User not found in organization", + }); + } + + if (member.role === "owner" || member.role === "admin") { + return true; + } + + if (!member.canDeleteEnvironments) { + throw new TRPCError({ + code: "UNAUTHORIZED", + message: "You don't have permission to delete environments", + }); + } + + const hasProjectAccess = member.accessedProjects.includes(projectId); + if (!hasProjectAccess) { + throw new TRPCError({ + code: "UNAUTHORIZED", + message: "You don't have access to this project", + }); + } + + return true; +}; + export const checkProjectAccess = async ( authId: string, action: "create" | "delete" | "access", From bdf0a932fe7b80793cf4061730a27c81ed9e35d1 Mon Sep 17 00:00:00 2001 From: "autofix-ci[bot]" <114827586+autofix-ci[bot]@users.noreply.github.com> Date: Fri, 12 Sep 2025 13:46:33 +0000 Subject: [PATCH 015/261] [autofix.ci] apply automated fixes --- .../dashboard/project/advanced-environment-selector.tsx | 5 +++-- packages/server/src/services/user.ts | 2 +- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/apps/dokploy/components/dashboard/project/advanced-environment-selector.tsx b/apps/dokploy/components/dashboard/project/advanced-environment-selector.tsx index 28970c641..0aa2089cb 100644 --- a/apps/dokploy/components/dashboard/project/advanced-environment-selector.tsx +++ b/apps/dokploy/components/dashboard/project/advanced-environment-selector.tsx @@ -75,8 +75,9 @@ export const AdvancedEnvironmentSelector = ({ const { data: currentUser } = api.user.get.useQuery(); // Check if user can create environments - const canCreateEnvironments = currentUser?.role === "owner" || - currentUser?.role === "admin" || + const canCreateEnvironments = + currentUser?.role === "owner" || + currentUser?.role === "admin" || currentUser?.canCreateEnvironments === true; const haveServices = diff --git a/packages/server/src/services/user.ts b/packages/server/src/services/user.ts index 8cf89144f..3cc4671c4 100644 --- a/packages/server/src/services/user.ts +++ b/packages/server/src/services/user.ts @@ -279,7 +279,7 @@ export const checkEnvironmentCreationPermission = async ( ) => { // Get user's member record const member = await findMemberById(userId, organizationId); - + if (!member) { throw new TRPCError({ code: "UNAUTHORIZED", From 65c5974b4f9ff8b77cdd69dabf741e6d8043b9d7 Mon Sep 17 00:00:00 2001 From: "autofix-ci[bot]" <114827586+autofix-ci[bot]@users.noreply.github.com> Date: Fri, 12 Sep 2025 13:49:51 +0000 Subject: [PATCH 016/261] [autofix.ci] apply automated fixes --- .../dashboard/project/advanced-environment-selector.tsx | 5 +++-- packages/server/src/services/user.ts | 2 +- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/apps/dokploy/components/dashboard/project/advanced-environment-selector.tsx b/apps/dokploy/components/dashboard/project/advanced-environment-selector.tsx index c56e59265..de6ad1252 100644 --- a/apps/dokploy/components/dashboard/project/advanced-environment-selector.tsx +++ b/apps/dokploy/components/dashboard/project/advanced-environment-selector.tsx @@ -62,8 +62,9 @@ export const AdvancedEnvironmentSelector = ({ const { data: currentUser } = api.user.get.useQuery(); // Check if user can delete environments - const canDeleteEnvironments = currentUser?.role === "owner" || - currentUser?.role === "admin" || + const canDeleteEnvironments = + currentUser?.role === "owner" || + currentUser?.role === "admin" || currentUser?.canDeleteEnvironments === true; // Form states diff --git a/packages/server/src/services/user.ts b/packages/server/src/services/user.ts index 5b2256bf7..ca8c4a3d3 100644 --- a/packages/server/src/services/user.ts +++ b/packages/server/src/services/user.ts @@ -264,7 +264,7 @@ export const checkEnvironmentDeletionPermission = async ( organizationId: string, ) => { const member = await findMemberById(userId, organizationId); - + if (!member) { throw new TRPCError({ code: "UNAUTHORIZED", From b4a3cbdff4ad37c4d75df0526a90ccab4ccba3f3 Mon Sep 17 00:00:00 2001 From: ischanx Date: Wed, 24 Sep 2025 00:14:06 +0800 Subject: [PATCH 017/261] feat(notifications): add lark webhook --- .../notifications/handle-notifications.tsx | 74 +- .../notifications/show-notifications.tsx | 8 +- .../components/icons/notification-icons.tsx | 27 + apps/dokploy/drizzle/0113_lark_webhook.sql | 13 + apps/dokploy/drizzle/meta/0113_snapshot.json | 6616 +++++++++++++++++ apps/dokploy/drizzle/meta/_journal.json | 7 + .../server/api/routers/notification.ts | 64 + packages/server/src/db/schema/notification.ts | 41 + packages/server/src/services/notification.ts | 92 + .../src/utils/notifications/build-error.ts | 134 +- .../src/utils/notifications/build-success.ts | 122 +- .../utils/notifications/database-backup.ts | 160 +- .../src/utils/notifications/docker-cleanup.ts | 84 +- .../utils/notifications/dokploy-restart.ts | 80 +- .../utils/notifications/server-threshold.ts | 100 +- .../server/src/utils/notifications/utils.ts | 16 + 16 files changed, 7591 insertions(+), 47 deletions(-) create mode 100644 apps/dokploy/drizzle/0113_lark_webhook.sql create mode 100644 apps/dokploy/drizzle/meta/0113_snapshot.json diff --git a/apps/dokploy/components/dashboard/settings/notifications/handle-notifications.tsx b/apps/dokploy/components/dashboard/settings/notifications/handle-notifications.tsx index 4e4171bee..c923419c7 100644 --- a/apps/dokploy/components/dashboard/settings/notifications/handle-notifications.tsx +++ b/apps/dokploy/components/dashboard/settings/notifications/handle-notifications.tsx @@ -12,6 +12,7 @@ import { toast } from "sonner"; import { z } from "zod"; import { DiscordIcon, + LarkIcon, SlackIcon, TelegramIcon, } from "@/components/icons/notification-icons"; @@ -110,6 +111,12 @@ export const notificationSchema = z.discriminatedUnion("type", [ priority: z.number().min(1).max(5).default(3), }) .merge(notificationBaseSchema), + z + .object({ + type: z.literal("lark"), + webhookUrl: z.string().min(1, { message: "Webhook URL is required" }), + }) + .merge(notificationBaseSchema), ]); export const notificationsMap = { @@ -125,6 +132,10 @@ export const notificationsMap = { icon: , label: "Discord", }, + lark: { + icon: , + label: "Lark", + }, email: { icon: , label: "Email", @@ -170,6 +181,8 @@ export const HandleNotifications = ({ notificationId }: Props) => { api.notification.testGotifyConnection.useMutation(); const { mutateAsync: testNtfyConnection, isLoading: isLoadingNtfy } = api.notification.testNtfyConnection.useMutation(); + const { mutateAsync: testLarkConnection, isLoading: isLoadingLark } = + api.notification.testLarkConnection.useMutation(); const slackMutation = notificationId ? api.notification.updateSlack.useMutation() : api.notification.createSlack.useMutation(); @@ -188,6 +201,9 @@ export const HandleNotifications = ({ notificationId }: Props) => { const ntfyMutation = notificationId ? api.notification.updateNtfy.useMutation() : api.notification.createNtfy.useMutation(); + const larkMutation = notificationId + ? api.notification.updateLark.useMutation() + : api.notification.createLark.useMutation(); const form = useForm({ defaultValues: { @@ -297,6 +313,19 @@ export const HandleNotifications = ({ notificationId }: Props) => { serverUrl: notification.ntfy?.serverUrl, name: notification.name, dockerCleanup: notification.dockerCleanup, + serverThreshold: notification.serverThreshold, + }); + } else if (notification.notificationType === "lark") { + form.reset({ + appBuildError: notification.appBuildError, + appDeploy: notification.appDeploy, + dokployRestart: notification.dokployRestart, + databaseBackup: notification.databaseBackup, + type: notification.notificationType, + webhookUrl: notification.lark?.webhookUrl, + name: notification.name, + dockerCleanup: notification.dockerCleanup, + serverThreshold: notification.serverThreshold, }); } } else { @@ -311,6 +340,7 @@ export const HandleNotifications = ({ notificationId }: Props) => { email: emailMutation, gotify: gotifyMutation, ntfy: ntfyMutation, + lark: larkMutation, }; const onSubmit = async (data: NotificationSchema) => { @@ -413,6 +443,20 @@ export const HandleNotifications = ({ notificationId }: Props) => { dockerCleanup: dockerCleanup, notificationId: notificationId || "", ntfyId: notification?.ntfyId || "", + serverThreshold: serverThreshold, + }); + } else if (data.type === "lark") { + promise = larkMutation.mutateAsync({ + appBuildError: appBuildError, + appDeploy: appDeploy, + dokployRestart: dokployRestart, + databaseBackup: databaseBackup, + webhookUrl: data.webhookUrl, + name: data.name, + dockerCleanup: dockerCleanup, + notificationId: notificationId || "", + larkId: notification?.larkId || "", + serverThreshold: serverThreshold, }); } @@ -502,7 +546,7 @@ export const HandleNotifications = ({ notificationId }: Props) => { />