mirror of
https://github.com/Dokploy/dokploy.git
synced 2026-07-18 04:15:23 +02:00
Compare commits
44 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
|
a376b00a71 | ||
|
|
9142127fb3 | ||
|
|
31380fd325 | ||
|
|
c04d56bf2c | ||
|
|
2e867c5be1 | ||
|
|
e87a245cdc | ||
|
|
71bea42625 | ||
|
|
1cb9491013 | ||
|
|
01ac30974f | ||
|
|
1ca03d3dc2 | ||
|
|
1c4414165d | ||
|
|
93b7942f7d | ||
|
|
6224d57adb | ||
|
|
8d0ae19b58 | ||
|
|
856cf33dd8 | ||
|
|
7924794ae7 | ||
|
|
3c114e2b45 | ||
|
|
cffd8464ef | ||
|
|
b3621bcfff | ||
|
|
b4574aa097 | ||
|
|
d831607f3a | ||
|
|
995a04d30f | ||
|
|
e6bfaa2eac | ||
|
|
3912c1abcc | ||
|
|
bb30dc14fe | ||
|
|
532c8d0c0d | ||
|
|
7871ce7684 | ||
|
|
98b86300df | ||
|
|
82fcdc9598 | ||
|
|
4e3a6db83a | ||
|
|
17fdd64c10 | ||
|
|
215c4666ff | ||
|
|
9749d86b4c | ||
|
|
12a9cceec7 | ||
|
|
d3e0b100a0 | ||
|
|
a296407c85 | ||
|
|
0d79a0a221 | ||
|
|
c9ac7236a7 | ||
|
|
6e5ac41bab | ||
|
|
d7b9f01567 | ||
|
|
8f9be1636c | ||
|
|
86f941d606 | ||
|
|
1da4db2905 | ||
|
|
b3feeed3e4 |
9
.github/workflows/dokploy.yml
vendored
9
.github/workflows/dokploy.yml
vendored
@@ -152,6 +152,14 @@ jobs:
|
|||||||
VERSION=$(node -p "require('./apps/dokploy/package.json').version")
|
VERSION=$(node -p "require('./apps/dokploy/package.json').version")
|
||||||
echo "version=$VERSION" >> $GITHUB_OUTPUT
|
echo "version=$VERSION" >> $GITHUB_OUTPUT
|
||||||
|
|
||||||
|
- name: Fetch install.sh
|
||||||
|
run: |
|
||||||
|
curl -fsSL https://raw.githubusercontent.com/Dokploy/website/main/apps/website/public/install.sh -o install.sh
|
||||||
|
head -1 install.sh | grep -q '^#!' || { echo "Downloaded install.sh is not a shell script"; exit 1; }
|
||||||
|
grep -q 'DOKPLOY_VERSION' install.sh || { echo "install.sh no longer supports DOKPLOY_VERSION pinning"; exit 1; }
|
||||||
|
{ head -1 install.sh; echo "DOKPLOY_VERSION=\"\${DOKPLOY_VERSION:-${{ steps.get_version.outputs.version }}}\""; tail -n +2 install.sh; } > install-pinned.sh
|
||||||
|
mv install-pinned.sh install.sh
|
||||||
|
|
||||||
- name: Create Release
|
- name: Create Release
|
||||||
uses: softprops/action-gh-release@v2
|
uses: softprops/action-gh-release@v2
|
||||||
with:
|
with:
|
||||||
@@ -160,6 +168,7 @@ jobs:
|
|||||||
generate_release_notes: true
|
generate_release_notes: true
|
||||||
draft: false
|
draft: false
|
||||||
prerelease: false
|
prerelease: false
|
||||||
|
files: install.sh
|
||||||
env:
|
env:
|
||||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||||
|
|
||||||
|
|||||||
@@ -69,4 +69,5 @@ EXPOSE 3000
|
|||||||
HEALTHCHECK --interval=30s --timeout=5s --start-period=60s --retries=5 \
|
HEALTHCHECK --interval=30s --timeout=5s --start-period=60s --retries=5 \
|
||||||
CMD curl -fs http://localhost:3000/api/trpc/settings.health || exit 1
|
CMD curl -fs http://localhost:3000/api/trpc/settings.health || exit 1
|
||||||
|
|
||||||
CMD ["sh", "-c", "pnpm run wait-for-postgres && exec pnpm start"]
|
# Ejecutar node directamente: pnpm como wrapper queda residente (~100MB RSS)
|
||||||
|
CMD ["sh", "-c", "node -r dotenv/config dist/wait-for-postgres.mjs && node -r dotenv/config dist/migration.mjs && exec node -r dotenv/config dist/server.mjs"]
|
||||||
|
|||||||
93
apps/dokploy/__test__/env/encryption.test.ts
vendored
Normal file
93
apps/dokploy/__test__/env/encryption.test.ts
vendored
Normal file
@@ -0,0 +1,93 @@
|
|||||||
|
import {
|
||||||
|
decryptValue,
|
||||||
|
encryptValue,
|
||||||
|
exportEncryptionKeys,
|
||||||
|
isEncrypted,
|
||||||
|
} from "@dokploy/server/lib/encryption";
|
||||||
|
import { afterEach, describe, expect, it, vi } from "vitest";
|
||||||
|
|
||||||
|
describe("encryptValue / decryptValue", () => {
|
||||||
|
it("round-trips a value", () => {
|
||||||
|
const value =
|
||||||
|
"DATABASE_URL=postgres://user:secret@host:5432/db\nAPI_KEY=123";
|
||||||
|
const encrypted = encryptValue(value);
|
||||||
|
|
||||||
|
expect(encrypted).not.toBe(value);
|
||||||
|
expect(isEncrypted(encrypted)).toBe(true);
|
||||||
|
expect(encrypted).not.toContain("secret");
|
||||||
|
expect(decryptValue(encrypted)).toBe(value);
|
||||||
|
});
|
||||||
|
|
||||||
|
it("uses a random IV so equal inputs produce different ciphertexts", () => {
|
||||||
|
const value = "KEY=value";
|
||||||
|
expect(encryptValue(value)).not.toBe(encryptValue(value));
|
||||||
|
});
|
||||||
|
|
||||||
|
it("passes legacy plaintext through on decrypt", () => {
|
||||||
|
const plaintext = "KEY=legacy-plaintext-value";
|
||||||
|
expect(decryptValue(plaintext)).toBe(plaintext);
|
||||||
|
});
|
||||||
|
|
||||||
|
it("passes empty values through unchanged", () => {
|
||||||
|
expect(encryptValue("")).toBe("");
|
||||||
|
expect(decryptValue("")).toBe("");
|
||||||
|
});
|
||||||
|
|
||||||
|
it("does not double-encrypt an already encrypted value", () => {
|
||||||
|
const encrypted = encryptValue("KEY=value");
|
||||||
|
expect(encryptValue(encrypted)).toBe(encrypted);
|
||||||
|
});
|
||||||
|
|
||||||
|
it("throws a descriptive error on tampered ciphertext", () => {
|
||||||
|
const encrypted = encryptValue("KEY=value");
|
||||||
|
const tampered = `${encrypted.slice(0, -4)}AAAA`;
|
||||||
|
expect(() => decryptValue(tampered)).toThrow(/BETTER_AUTH_SECRET/);
|
||||||
|
});
|
||||||
|
|
||||||
|
it("exports the derived keys as 32-byte hex lines for backups", () => {
|
||||||
|
expect(exportEncryptionKeys()).toMatch(/^[0-9a-f]{64}(\n[0-9a-f]{64})*$/);
|
||||||
|
});
|
||||||
|
});
|
||||||
|
|
||||||
|
describe("dedicated ENCRYPTION_KEY", () => {
|
||||||
|
afterEach(() => {
|
||||||
|
vi.unstubAllEnvs();
|
||||||
|
vi.resetModules();
|
||||||
|
});
|
||||||
|
|
||||||
|
const loadWithEncryptionKey = async (key: string) => {
|
||||||
|
vi.stubEnv("ENCRYPTION_KEY", key);
|
||||||
|
vi.resetModules();
|
||||||
|
return await import("@dokploy/server/lib/encryption");
|
||||||
|
};
|
||||||
|
|
||||||
|
it("encrypts with the dedicated key when set", async () => {
|
||||||
|
const withKey = await loadWithEncryptionKey("my-dedicated-key");
|
||||||
|
const encrypted = withKey.encryptValue("KEY=value");
|
||||||
|
|
||||||
|
expect(withKey.decryptValue(encrypted)).toBe("KEY=value");
|
||||||
|
// The default (auth-secret derived) module cannot read it
|
||||||
|
expect(() => decryptValue(encrypted)).toThrow(/ENCRYPTION_KEY/);
|
||||||
|
});
|
||||||
|
|
||||||
|
it("still decrypts legacy values via the auth-secret fallback", async () => {
|
||||||
|
// Encrypted before the install adopted a dedicated key
|
||||||
|
const legacyEncrypted = encryptValue("KEY=legacy-value");
|
||||||
|
|
||||||
|
const withKey = await loadWithEncryptionKey("my-dedicated-key");
|
||||||
|
expect(withKey.decryptValue(legacyEncrypted)).toBe("KEY=legacy-value");
|
||||||
|
});
|
||||||
|
|
||||||
|
it("re-encrypts with the dedicated key on write", async () => {
|
||||||
|
const withKey = await loadWithEncryptionKey("my-dedicated-key");
|
||||||
|
const reEncrypted = withKey.encryptValue(
|
||||||
|
withKey.decryptValue(encryptValue("KEY=migrated")),
|
||||||
|
);
|
||||||
|
|
||||||
|
const other = await loadWithEncryptionKey("another-key");
|
||||||
|
// Readable only by the dedicated key (or its own fallback), proving
|
||||||
|
// the write used the primary key, not the legacy one
|
||||||
|
expect(withKey.decryptValue(reEncrypted)).toBe("KEY=migrated");
|
||||||
|
expect(() => other.decryptValue(reEncrypted)).toThrow();
|
||||||
|
});
|
||||||
|
});
|
||||||
@@ -1,8 +1,8 @@
|
|||||||
import { beforeEach, describe, expect, it, vi } from "vitest";
|
|
||||||
import {
|
import {
|
||||||
canEditDeployGitSource,
|
canEditDeployGitSource,
|
||||||
getAccessibleGitProviderIds,
|
getAccessibleGitProviderIds,
|
||||||
} from "@dokploy/server/services/git-provider";
|
} from "@dokploy/server/services/git-provider";
|
||||||
|
import { beforeEach, describe, expect, it, vi } from "vitest";
|
||||||
|
|
||||||
const mockDb = vi.hoisted(() => ({
|
const mockDb = vi.hoisted(() => ({
|
||||||
query: {
|
query: {
|
||||||
|
|||||||
@@ -1,16 +1,11 @@
|
|||||||
import { beforeEach, describe, expect, it, vi } from "vitest";
|
import { beforeEach, describe, expect, it, vi } from "vitest";
|
||||||
|
|
||||||
const hasValidLicense = vi.fn();
|
|
||||||
const getWebServerSettings = vi.fn();
|
const getWebServerSettings = vi.fn();
|
||||||
const findFirstOrg = vi.fn();
|
|
||||||
const findFirstServer = vi.fn();
|
const findFirstServer = vi.fn();
|
||||||
|
|
||||||
vi.mock("@dokploy/server/db", () => ({
|
vi.mock("@dokploy/server/db", () => ({
|
||||||
db: {
|
db: {
|
||||||
query: {
|
query: {
|
||||||
organization: {
|
|
||||||
findFirst: (...args: unknown[]) => findFirstOrg(...args),
|
|
||||||
},
|
|
||||||
server: {
|
server: {
|
||||||
findFirst: (...args: unknown[]) => findFirstServer(...args),
|
findFirst: (...args: unknown[]) => findFirstServer(...args),
|
||||||
},
|
},
|
||||||
@@ -19,91 +14,56 @@ vi.mock("@dokploy/server/db", () => ({
|
|||||||
}));
|
}));
|
||||||
|
|
||||||
vi.mock("@dokploy/server/db/schema", () => ({
|
vi.mock("@dokploy/server/db/schema", () => ({
|
||||||
organization: {},
|
|
||||||
server: {},
|
server: {},
|
||||||
}));
|
}));
|
||||||
|
|
||||||
vi.mock("@dokploy/server/services/proprietary/license-key", () => ({
|
|
||||||
hasValidLicense: (...args: unknown[]) => hasValidLicense(...args),
|
|
||||||
}));
|
|
||||||
|
|
||||||
vi.mock("@dokploy/server/services/web-server-settings", () => ({
|
vi.mock("@dokploy/server/services/web-server-settings", () => ({
|
||||||
getWebServerSettings: (...args: unknown[]) => getWebServerSettings(...args),
|
getWebServerSettings: (...args: unknown[]) => getWebServerSettings(...args),
|
||||||
}));
|
}));
|
||||||
|
|
||||||
vi.mock("drizzle-orm", () => ({ eq: vi.fn() }));
|
vi.mock("drizzle-orm", () => ({ eq: vi.fn() }));
|
||||||
|
|
||||||
import {
|
import { resolveBuildsConcurrency } from "../../server/queues/concurrency";
|
||||||
assertBuildsConcurrencyAllowed,
|
|
||||||
resolveBuildsConcurrency,
|
|
||||||
} from "../../server/queues/concurrency";
|
|
||||||
import { LOCAL_PARTITION } from "../../server/queues/in-memory-queue";
|
import { LOCAL_PARTITION } from "../../server/queues/in-memory-queue";
|
||||||
|
|
||||||
describe("resolveBuildsConcurrency (enterprise gating)", () => {
|
describe("resolveBuildsConcurrency", () => {
|
||||||
beforeEach(() => {
|
beforeEach(() => {
|
||||||
vi.clearAllMocks();
|
vi.clearAllMocks();
|
||||||
findFirstOrg.mockResolvedValue({ id: "org-1" });
|
|
||||||
});
|
});
|
||||||
|
|
||||||
describe("local web server partition", () => {
|
describe("local web server partition", () => {
|
||||||
it("returns the configured concurrency when licensed", async () => {
|
it("returns the configured concurrency", async () => {
|
||||||
getWebServerSettings.mockResolvedValue({ buildsConcurrency: 5 });
|
getWebServerSettings.mockResolvedValue({ buildsConcurrency: 5 });
|
||||||
hasValidLicense.mockResolvedValue(true);
|
|
||||||
|
|
||||||
await expect(resolveBuildsConcurrency(LOCAL_PARTITION)).resolves.toBe(5);
|
await expect(resolveBuildsConcurrency(LOCAL_PARTITION)).resolves.toBe(5);
|
||||||
});
|
});
|
||||||
|
|
||||||
it("clamps to the free max (2) when there is no valid license", async () => {
|
it("does not cap high values", async () => {
|
||||||
getWebServerSettings.mockResolvedValue({ buildsConcurrency: 10 });
|
|
||||||
hasValidLicense.mockResolvedValue(false);
|
|
||||||
|
|
||||||
await expect(resolveBuildsConcurrency(LOCAL_PARTITION)).resolves.toBe(2);
|
|
||||||
});
|
|
||||||
|
|
||||||
it("allows the free max (2) without a license", async () => {
|
|
||||||
getWebServerSettings.mockResolvedValue({ buildsConcurrency: 2 });
|
|
||||||
hasValidLicense.mockResolvedValue(false);
|
|
||||||
|
|
||||||
await expect(resolveBuildsConcurrency(LOCAL_PARTITION)).resolves.toBe(2);
|
|
||||||
});
|
|
||||||
|
|
||||||
it("does not cap the value when licensed (N allowed)", async () => {
|
|
||||||
getWebServerSettings.mockResolvedValue({ buildsConcurrency: 999 });
|
getWebServerSettings.mockResolvedValue({ buildsConcurrency: 999 });
|
||||||
hasValidLicense.mockResolvedValue(true);
|
|
||||||
|
|
||||||
await expect(resolveBuildsConcurrency(LOCAL_PARTITION)).resolves.toBe(
|
await expect(resolveBuildsConcurrency(LOCAL_PARTITION)).resolves.toBe(
|
||||||
999,
|
999,
|
||||||
);
|
);
|
||||||
});
|
});
|
||||||
|
|
||||||
|
it("floors values below 1 to 1", async () => {
|
||||||
|
getWebServerSettings.mockResolvedValue({ buildsConcurrency: 0 });
|
||||||
|
|
||||||
|
await expect(resolveBuildsConcurrency(LOCAL_PARTITION)).resolves.toBe(1);
|
||||||
|
});
|
||||||
|
|
||||||
it("defaults to 1 when settings are missing", async () => {
|
it("defaults to 1 when settings are missing", async () => {
|
||||||
getWebServerSettings.mockResolvedValue(undefined);
|
getWebServerSettings.mockResolvedValue(undefined);
|
||||||
hasValidLicense.mockResolvedValue(true);
|
|
||||||
|
|
||||||
await expect(resolveBuildsConcurrency(LOCAL_PARTITION)).resolves.toBe(1);
|
await expect(resolveBuildsConcurrency(LOCAL_PARTITION)).resolves.toBe(1);
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
|
|
||||||
describe("remote server partition", () => {
|
describe("remote server partition", () => {
|
||||||
it("returns the server concurrency when its org is licensed", async () => {
|
it("returns the server concurrency", async () => {
|
||||||
findFirstServer.mockResolvedValue({
|
findFirstServer.mockResolvedValue({ buildsConcurrency: 4 });
|
||||||
buildsConcurrency: 4,
|
|
||||||
organizationId: "org-1",
|
|
||||||
});
|
|
||||||
hasValidLicense.mockResolvedValue(true);
|
|
||||||
|
|
||||||
await expect(resolveBuildsConcurrency("server-1")).resolves.toBe(4);
|
await expect(resolveBuildsConcurrency("server-1")).resolves.toBe(4);
|
||||||
expect(hasValidLicense).toHaveBeenCalledWith("org-1");
|
|
||||||
});
|
|
||||||
|
|
||||||
it("clamps to the free max (2) when the server org is not licensed", async () => {
|
|
||||||
findFirstServer.mockResolvedValue({
|
|
||||||
buildsConcurrency: 8,
|
|
||||||
organizationId: "org-1",
|
|
||||||
});
|
|
||||||
hasValidLicense.mockResolvedValue(false);
|
|
||||||
|
|
||||||
await expect(resolveBuildsConcurrency("server-1")).resolves.toBe(2);
|
|
||||||
});
|
});
|
||||||
|
|
||||||
it("defaults to 1 for an unknown server", async () => {
|
it("defaults to 1 for an unknown server", async () => {
|
||||||
@@ -119,30 +79,3 @@ describe("resolveBuildsConcurrency (enterprise gating)", () => {
|
|||||||
await expect(resolveBuildsConcurrency(LOCAL_PARTITION)).resolves.toBe(1);
|
await expect(resolveBuildsConcurrency(LOCAL_PARTITION)).resolves.toBe(1);
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
|
|
||||||
describe("assertBuildsConcurrencyAllowed", () => {
|
|
||||||
beforeEach(() => {
|
|
||||||
vi.clearAllMocks();
|
|
||||||
});
|
|
||||||
|
|
||||||
it("allows up to the free max (2) without checking the license", async () => {
|
|
||||||
await expect(
|
|
||||||
assertBuildsConcurrencyAllowed(2, "org-1"),
|
|
||||||
).resolves.toBeUndefined();
|
|
||||||
expect(hasValidLicense).not.toHaveBeenCalled();
|
|
||||||
});
|
|
||||||
|
|
||||||
it("allows more than 2 when licensed", async () => {
|
|
||||||
hasValidLicense.mockResolvedValue(true);
|
|
||||||
await expect(
|
|
||||||
assertBuildsConcurrencyAllowed(5, "org-1"),
|
|
||||||
).resolves.toBeUndefined();
|
|
||||||
});
|
|
||||||
|
|
||||||
it("rejects more than 2 without a license", async () => {
|
|
||||||
hasValidLicense.mockResolvedValue(false);
|
|
||||||
await expect(assertBuildsConcurrencyAllowed(3, "org-1")).rejects.toThrow(
|
|
||||||
/enterprise license/i,
|
|
||||||
);
|
|
||||||
});
|
|
||||||
});
|
|
||||||
|
|||||||
@@ -1,4 +1,3 @@
|
|||||||
import { Tooltip as TooltipPrimitive } from "radix-ui";
|
|
||||||
import {
|
import {
|
||||||
Ban,
|
Ban,
|
||||||
CheckCircle2,
|
CheckCircle2,
|
||||||
@@ -8,6 +7,7 @@ import {
|
|||||||
Terminal,
|
Terminal,
|
||||||
} from "lucide-react";
|
} from "lucide-react";
|
||||||
import { useRouter } from "next/router";
|
import { useRouter } from "next/router";
|
||||||
|
import { Tooltip as TooltipPrimitive } from "radix-ui";
|
||||||
import { toast } from "sonner";
|
import { toast } from "sonner";
|
||||||
import { ShowBuildChooseForm } from "@/components/dashboard/application/build/show";
|
import { ShowBuildChooseForm } from "@/components/dashboard/application/build/show";
|
||||||
import { ShowProviderForm } from "@/components/dashboard/application/general/generic/show";
|
import { ShowProviderForm } from "@/components/dashboard/application/general/generic/show";
|
||||||
|
|||||||
@@ -1,4 +1,3 @@
|
|||||||
import { Tooltip as TooltipPrimitive } from "radix-ui";
|
|
||||||
import {
|
import {
|
||||||
ExternalLink,
|
ExternalLink,
|
||||||
FileText,
|
FileText,
|
||||||
@@ -9,6 +8,7 @@ import {
|
|||||||
RocketIcon,
|
RocketIcon,
|
||||||
Trash2,
|
Trash2,
|
||||||
} from "lucide-react";
|
} from "lucide-react";
|
||||||
|
import { Tooltip as TooltipPrimitive } from "radix-ui";
|
||||||
import { toast } from "sonner";
|
import { toast } from "sonner";
|
||||||
import { GithubIcon } from "@/components/icons/data-tools-icons";
|
import { GithubIcon } from "@/components/icons/data-tools-icons";
|
||||||
import { DateTooltip } from "@/components/shared/date-tooltip";
|
import { DateTooltip } from "@/components/shared/date-tooltip";
|
||||||
|
|||||||
@@ -1,6 +1,6 @@
|
|||||||
import { Tooltip as TooltipPrimitive } from "radix-ui";
|
|
||||||
import { Ban, CheckCircle2, RefreshCcw, Rocket, Terminal } from "lucide-react";
|
import { Ban, CheckCircle2, RefreshCcw, Rocket, Terminal } from "lucide-react";
|
||||||
import { useRouter } from "next/router";
|
import { useRouter } from "next/router";
|
||||||
|
import { Tooltip as TooltipPrimitive } from "radix-ui";
|
||||||
import { toast } from "sonner";
|
import { toast } from "sonner";
|
||||||
import { DialogAction } from "@/components/shared/dialog-action";
|
import { DialogAction } from "@/components/shared/dialog-action";
|
||||||
import { Button } from "@/components/ui/button";
|
import { Button } from "@/components/ui/button";
|
||||||
|
|||||||
@@ -79,6 +79,7 @@ const Schema = z
|
|||||||
schedule: z.string().min(1, "Schedule (Cron) required"),
|
schedule: z.string().min(1, "Schedule (Cron) required"),
|
||||||
prefix: z.string().min(1, "Prefix required"),
|
prefix: z.string().min(1, "Prefix required"),
|
||||||
enabled: z.boolean(),
|
enabled: z.boolean(),
|
||||||
|
includeEncryptionKey: z.boolean(),
|
||||||
database: z.string().min(1, "Database required"),
|
database: z.string().min(1, "Database required"),
|
||||||
keepLatestCount: z.coerce.number().optional(),
|
keepLatestCount: z.coerce.number().optional(),
|
||||||
serviceName: z.string().nullable(),
|
serviceName: z.string().nullable(),
|
||||||
@@ -223,6 +224,7 @@ export const HandleBackup = ({
|
|||||||
: "",
|
: "",
|
||||||
destinationId: "",
|
destinationId: "",
|
||||||
enabled: true,
|
enabled: true,
|
||||||
|
includeEncryptionKey: true,
|
||||||
prefix: "/",
|
prefix: "/",
|
||||||
schedule: "",
|
schedule: "",
|
||||||
keepLatestCount: undefined,
|
keepLatestCount: undefined,
|
||||||
@@ -262,6 +264,7 @@ export const HandleBackup = ({
|
|||||||
: "",
|
: "",
|
||||||
destinationId: backup?.destinationId ?? "",
|
destinationId: backup?.destinationId ?? "",
|
||||||
enabled: backup?.enabled ?? true,
|
enabled: backup?.enabled ?? true,
|
||||||
|
includeEncryptionKey: backup?.includeEncryptionKey ?? true,
|
||||||
prefix: backup?.prefix ?? "/",
|
prefix: backup?.prefix ?? "/",
|
||||||
schedule: backup?.schedule ?? "",
|
schedule: backup?.schedule ?? "",
|
||||||
keepLatestCount: backup?.keepLatestCount ?? undefined,
|
keepLatestCount: backup?.keepLatestCount ?? undefined,
|
||||||
@@ -309,6 +312,7 @@ export const HandleBackup = ({
|
|||||||
prefix: data.prefix,
|
prefix: data.prefix,
|
||||||
schedule: data.schedule,
|
schedule: data.schedule,
|
||||||
enabled: data.enabled,
|
enabled: data.enabled,
|
||||||
|
includeEncryptionKey: data.includeEncryptionKey,
|
||||||
database: data.database,
|
database: data.database,
|
||||||
keepLatestCount: data.keepLatestCount ?? null,
|
keepLatestCount: data.keepLatestCount ?? null,
|
||||||
databaseType: data.databaseType || databaseType,
|
databaseType: data.databaseType || databaseType,
|
||||||
@@ -665,6 +669,31 @@ export const HandleBackup = ({
|
|||||||
</FormItem>
|
</FormItem>
|
||||||
)}
|
)}
|
||||||
/>
|
/>
|
||||||
|
{databaseType === "web-server" && (
|
||||||
|
<FormField
|
||||||
|
control={form.control}
|
||||||
|
name="includeEncryptionKey"
|
||||||
|
render={({ field }) => (
|
||||||
|
<FormItem className="flex flex-row items-center justify-between rounded-lg border p-3 ">
|
||||||
|
<div className="space-y-0.5">
|
||||||
|
<FormLabel>Include encryption key</FormLabel>
|
||||||
|
<FormDescription>
|
||||||
|
Stores the encryption key inside the backup so
|
||||||
|
environment variables can be restored on a new server.
|
||||||
|
Anyone with access to the backup file can decrypt
|
||||||
|
them.
|
||||||
|
</FormDescription>
|
||||||
|
</div>
|
||||||
|
<FormControl>
|
||||||
|
<Switch
|
||||||
|
checked={field.value}
|
||||||
|
onCheckedChange={field.onChange}
|
||||||
|
/>
|
||||||
|
</FormControl>
|
||||||
|
</FormItem>
|
||||||
|
)}
|
||||||
|
/>
|
||||||
|
)}
|
||||||
{backupType === "compose" && (
|
{backupType === "compose" && (
|
||||||
<>
|
<>
|
||||||
{form.watch("databaseType") === "postgres" && (
|
{form.watch("databaseType") === "postgres" && (
|
||||||
|
|||||||
@@ -1,10 +1,13 @@
|
|||||||
import type { ColumnDef } from "@tanstack/react-table";
|
import type { ColumnDef } from "@tanstack/react-table";
|
||||||
|
import copy from "copy-to-clipboard";
|
||||||
import { ArrowUpDown, MoreHorizontal } from "lucide-react";
|
import { ArrowUpDown, MoreHorizontal } from "lucide-react";
|
||||||
|
import { toast } from "sonner";
|
||||||
import { Badge } from "@/components/ui/badge";
|
import { Badge } from "@/components/ui/badge";
|
||||||
import { Button } from "@/components/ui/button";
|
import { Button } from "@/components/ui/button";
|
||||||
import {
|
import {
|
||||||
DropdownMenu,
|
DropdownMenu,
|
||||||
DropdownMenuContent,
|
DropdownMenuContent,
|
||||||
|
DropdownMenuItem,
|
||||||
DropdownMenuLabel,
|
DropdownMenuLabel,
|
||||||
DropdownMenuTrigger,
|
DropdownMenuTrigger,
|
||||||
} from "@/components/ui/dropdown-menu";
|
} from "@/components/ui/dropdown-menu";
|
||||||
@@ -37,6 +40,7 @@ export const columns: ColumnDef<Container>[] = [
|
|||||||
},
|
},
|
||||||
{
|
{
|
||||||
accessorKey: "state",
|
accessorKey: "state",
|
||||||
|
filterFn: "equals",
|
||||||
header: ({ column }) => {
|
header: ({ column }) => {
|
||||||
return (
|
return (
|
||||||
<Button
|
<Button
|
||||||
@@ -56,7 +60,7 @@ export const columns: ColumnDef<Container>[] = [
|
|||||||
variant={
|
variant={
|
||||||
value === "running"
|
value === "running"
|
||||||
? "default"
|
? "default"
|
||||||
: value === "failed"
|
: value === "exited" || value === "dead"
|
||||||
? "destructive"
|
? "destructive"
|
||||||
: "secondary"
|
: "secondary"
|
||||||
}
|
}
|
||||||
@@ -99,6 +103,28 @@ export const columns: ColumnDef<Container>[] = [
|
|||||||
},
|
},
|
||||||
cell: ({ row }) => <div className="lowercase">{row.getValue("image")}</div>,
|
cell: ({ row }) => <div className="lowercase">{row.getValue("image")}</div>,
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
accessorKey: "ports",
|
||||||
|
header: ({ column }) => {
|
||||||
|
return (
|
||||||
|
<Button
|
||||||
|
variant="ghost"
|
||||||
|
onClick={() => column.toggleSorting(column.getIsSorted() === "asc")}
|
||||||
|
>
|
||||||
|
Ports
|
||||||
|
<ArrowUpDown className="ml-2 h-4 w-4" />
|
||||||
|
</Button>
|
||||||
|
);
|
||||||
|
},
|
||||||
|
cell: ({ row }) => {
|
||||||
|
const value = row.getValue("ports") as string;
|
||||||
|
return (
|
||||||
|
<div className="max-w-[16rem] truncate lowercase" title={value}>
|
||||||
|
{value}
|
||||||
|
</div>
|
||||||
|
);
|
||||||
|
},
|
||||||
|
},
|
||||||
{
|
{
|
||||||
id: "actions",
|
id: "actions",
|
||||||
enableHiding: false,
|
enableHiding: false,
|
||||||
@@ -115,6 +141,14 @@ export const columns: ColumnDef<Container>[] = [
|
|||||||
</DropdownMenuTrigger>
|
</DropdownMenuTrigger>
|
||||||
<DropdownMenuContent align="end">
|
<DropdownMenuContent align="end">
|
||||||
<DropdownMenuLabel>Actions</DropdownMenuLabel>
|
<DropdownMenuLabel>Actions</DropdownMenuLabel>
|
||||||
|
<DropdownMenuItem
|
||||||
|
onClick={() => {
|
||||||
|
copy(container.containerId);
|
||||||
|
toast.success("Container ID copied to clipboard");
|
||||||
|
}}
|
||||||
|
>
|
||||||
|
Copy Container ID
|
||||||
|
</DropdownMenuItem>
|
||||||
<ShowDockerModalLogs
|
<ShowDockerModalLogs
|
||||||
containerId={container.containerId}
|
containerId={container.containerId}
|
||||||
serverId={container.serverId}
|
serverId={container.serverId}
|
||||||
|
|||||||
@@ -9,7 +9,7 @@ import {
|
|||||||
useReactTable,
|
useReactTable,
|
||||||
type VisibilityState,
|
type VisibilityState,
|
||||||
} from "@tanstack/react-table";
|
} from "@tanstack/react-table";
|
||||||
import { ChevronDown, Container } from "lucide-react";
|
import { ChevronDown, Container, RefreshCw } from "lucide-react";
|
||||||
import * as React from "react";
|
import * as React from "react";
|
||||||
import { Button } from "@/components/ui/button";
|
import { Button } from "@/components/ui/button";
|
||||||
import {
|
import {
|
||||||
@@ -26,6 +26,13 @@ import {
|
|||||||
DropdownMenuTrigger,
|
DropdownMenuTrigger,
|
||||||
} from "@/components/ui/dropdown-menu";
|
} from "@/components/ui/dropdown-menu";
|
||||||
import { Input } from "@/components/ui/input";
|
import { Input } from "@/components/ui/input";
|
||||||
|
import {
|
||||||
|
Select,
|
||||||
|
SelectContent,
|
||||||
|
SelectItem,
|
||||||
|
SelectTrigger,
|
||||||
|
SelectValue,
|
||||||
|
} from "@/components/ui/select";
|
||||||
import {
|
import {
|
||||||
Table,
|
Table,
|
||||||
TableBody,
|
TableBody,
|
||||||
@@ -44,10 +51,26 @@ interface Props {
|
|||||||
serverId?: string;
|
serverId?: string;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
const CONTAINER_STATES = [
|
||||||
|
"running",
|
||||||
|
"exited",
|
||||||
|
"paused",
|
||||||
|
"restarting",
|
||||||
|
"created",
|
||||||
|
"removing",
|
||||||
|
"dead",
|
||||||
|
];
|
||||||
|
|
||||||
export const ShowContainers = ({ serverId }: Props) => {
|
export const ShowContainers = ({ serverId }: Props) => {
|
||||||
const { data, isPending } = api.docker.getContainers.useQuery({
|
const { data, isPending, refetch, isRefetching } =
|
||||||
|
api.docker.getContainers.useQuery(
|
||||||
|
{
|
||||||
serverId,
|
serverId,
|
||||||
});
|
},
|
||||||
|
{
|
||||||
|
refetchInterval: 10_000,
|
||||||
|
},
|
||||||
|
);
|
||||||
|
|
||||||
const [sorting, setSorting] = React.useState<SortingState>([]);
|
const [sorting, setSorting] = React.useState<SortingState>([]);
|
||||||
const [columnFilters, setColumnFilters] = React.useState<ColumnFiltersState>(
|
const [columnFilters, setColumnFilters] = React.useState<ColumnFiltersState>(
|
||||||
@@ -106,12 +129,48 @@ export const ShowContainers = ({ serverId }: Props) => {
|
|||||||
}
|
}
|
||||||
className="md:max-w-sm"
|
className="md:max-w-sm"
|
||||||
/>
|
/>
|
||||||
<DropdownMenu>
|
<Select
|
||||||
<DropdownMenuTrigger asChild>
|
value={
|
||||||
|
(table.getColumn("state")?.getFilterValue() as string) ??
|
||||||
|
"all"
|
||||||
|
}
|
||||||
|
onValueChange={(value) =>
|
||||||
|
table
|
||||||
|
.getColumn("state")
|
||||||
|
?.setFilterValue(value === "all" ? undefined : value)
|
||||||
|
}
|
||||||
|
>
|
||||||
|
<SelectTrigger className="w-40 max-sm:w-full capitalize">
|
||||||
|
<SelectValue placeholder="Filter by state" />
|
||||||
|
</SelectTrigger>
|
||||||
|
<SelectContent>
|
||||||
|
<SelectItem value="all">All states</SelectItem>
|
||||||
|
{CONTAINER_STATES.map((state) => (
|
||||||
|
<SelectItem
|
||||||
|
key={state}
|
||||||
|
value={state}
|
||||||
|
className="capitalize"
|
||||||
|
>
|
||||||
|
{state}
|
||||||
|
</SelectItem>
|
||||||
|
))}
|
||||||
|
</SelectContent>
|
||||||
|
</Select>
|
||||||
<Button
|
<Button
|
||||||
variant="outline"
|
variant="outline"
|
||||||
className="sm:ml-auto max-sm:w-full"
|
size="icon"
|
||||||
|
className="shrink-0 sm:ml-auto"
|
||||||
|
onClick={() => refetch()}
|
||||||
|
disabled={isRefetching}
|
||||||
>
|
>
|
||||||
|
<RefreshCw
|
||||||
|
className={`h-4 w-4 ${isRefetching ? "animate-spin" : ""}`}
|
||||||
|
/>
|
||||||
|
<span className="sr-only">Refresh</span>
|
||||||
|
</Button>
|
||||||
|
<DropdownMenu>
|
||||||
|
<DropdownMenuTrigger asChild>
|
||||||
|
<Button variant="outline" className="max-sm:w-full">
|
||||||
Columns <ChevronDown className="ml-2 h-4 w-4" />
|
Columns <ChevronDown className="ml-2 h-4 w-4" />
|
||||||
</Button>
|
</Button>
|
||||||
</DropdownMenuTrigger>
|
</DropdownMenuTrigger>
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
import { Tooltip as TooltipPrimitive } from "radix-ui";
|
|
||||||
import { Ban, CheckCircle2, RefreshCcw, Rocket, Terminal } from "lucide-react";
|
import { Ban, CheckCircle2, RefreshCcw, Rocket, Terminal } from "lucide-react";
|
||||||
|
import { Tooltip as TooltipPrimitive } from "radix-ui";
|
||||||
import { useState } from "react";
|
import { useState } from "react";
|
||||||
import { toast } from "sonner";
|
import { toast } from "sonner";
|
||||||
import { DialogAction } from "@/components/shared/dialog-action";
|
import { DialogAction } from "@/components/shared/dialog-action";
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
import { Tooltip as TooltipPrimitive } from "radix-ui";
|
|
||||||
import { Ban, CheckCircle2, RefreshCcw, Rocket, Terminal } from "lucide-react";
|
import { Ban, CheckCircle2, RefreshCcw, Rocket, Terminal } from "lucide-react";
|
||||||
|
import { Tooltip as TooltipPrimitive } from "radix-ui";
|
||||||
import { useState } from "react";
|
import { useState } from "react";
|
||||||
import { toast } from "sonner";
|
import { toast } from "sonner";
|
||||||
import { DialogAction } from "@/components/shared/dialog-action";
|
import { DialogAction } from "@/components/shared/dialog-action";
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
import { Tooltip as TooltipPrimitive } from "radix-ui";
|
|
||||||
import { Ban, CheckCircle2, RefreshCcw, Rocket, Terminal } from "lucide-react";
|
import { Ban, CheckCircle2, RefreshCcw, Rocket, Terminal } from "lucide-react";
|
||||||
|
import { Tooltip as TooltipPrimitive } from "radix-ui";
|
||||||
import { useState } from "react";
|
import { useState } from "react";
|
||||||
import { toast } from "sonner";
|
import { toast } from "sonner";
|
||||||
import { DialogAction } from "@/components/shared/dialog-action";
|
import { DialogAction } from "@/components/shared/dialog-action";
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
import { Tooltip as TooltipPrimitive } from "radix-ui";
|
|
||||||
import { Ban, CheckCircle2, RefreshCcw, Rocket, Terminal } from "lucide-react";
|
import { Ban, CheckCircle2, RefreshCcw, Rocket, Terminal } from "lucide-react";
|
||||||
|
import { Tooltip as TooltipPrimitive } from "radix-ui";
|
||||||
import { useState } from "react";
|
import { useState } from "react";
|
||||||
import { toast } from "sonner";
|
import { toast } from "sonner";
|
||||||
import { DialogAction } from "@/components/shared/dialog-action";
|
import { DialogAction } from "@/components/shared/dialog-action";
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
import { Tooltip as TooltipPrimitive } from "radix-ui";
|
|
||||||
import { Ban, CheckCircle2, RefreshCcw, Rocket, Terminal } from "lucide-react";
|
import { Ban, CheckCircle2, RefreshCcw, Rocket, Terminal } from "lucide-react";
|
||||||
|
import { Tooltip as TooltipPrimitive } from "radix-ui";
|
||||||
import { useState } from "react";
|
import { useState } from "react";
|
||||||
import { toast } from "sonner";
|
import { toast } from "sonner";
|
||||||
import { DialogAction } from "@/components/shared/dialog-action";
|
import { DialogAction } from "@/components/shared/dialog-action";
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
import { Tooltip as TooltipPrimitive } from "radix-ui";
|
|
||||||
import { Ban, CheckCircle2, RefreshCcw, Rocket, Terminal } from "lucide-react";
|
import { Ban, CheckCircle2, RefreshCcw, Rocket, Terminal } from "lucide-react";
|
||||||
|
import { Tooltip as TooltipPrimitive } from "radix-ui";
|
||||||
import { useState } from "react";
|
import { useState } from "react";
|
||||||
import { toast } from "sonner";
|
import { toast } from "sonner";
|
||||||
import { DialogAction } from "@/components/shared/dialog-action";
|
import { DialogAction } from "@/components/shared/dialog-action";
|
||||||
|
|||||||
@@ -1,11 +1,4 @@
|
|||||||
import {
|
import { Area, AreaChart, CartesianGrid, XAxis, YAxis } from "recharts";
|
||||||
Area,
|
|
||||||
AreaChart,
|
|
||||||
CartesianGrid,
|
|
||||||
ResponsiveContainer,
|
|
||||||
XAxis,
|
|
||||||
YAxis,
|
|
||||||
} from "recharts";
|
|
||||||
import {
|
import {
|
||||||
type ChartConfig,
|
type ChartConfig,
|
||||||
ChartContainer,
|
ChartContainer,
|
||||||
@@ -49,13 +42,10 @@ export const RequestDistributionChart = ({
|
|||||||
);
|
);
|
||||||
|
|
||||||
return (
|
return (
|
||||||
<div className="w-full h-[200px] overflow-hidden">
|
<ChartContainer
|
||||||
<ResponsiveContainer
|
config={chartConfig}
|
||||||
width="100%"
|
className="aspect-auto h-[200px] w-full"
|
||||||
height="100%"
|
|
||||||
className="overflow-hidden"
|
|
||||||
>
|
>
|
||||||
<ChartContainer config={chartConfig}>
|
|
||||||
<AreaChart
|
<AreaChart
|
||||||
accessibilityLayer
|
accessibilityLayer
|
||||||
data={stats || []}
|
data={stats || []}
|
||||||
@@ -107,7 +97,5 @@ export const RequestDistributionChart = ({
|
|||||||
/>
|
/>
|
||||||
</AreaChart>
|
</AreaChart>
|
||||||
</ChartContainer>
|
</ChartContainer>
|
||||||
</ResponsiveContainer>
|
|
||||||
</div>
|
|
||||||
);
|
);
|
||||||
};
|
};
|
||||||
|
|||||||
@@ -4,9 +4,7 @@ import { Button } from "@/components/ui/button";
|
|||||||
import { Input } from "@/components/ui/input";
|
import { Input } from "@/components/ui/input";
|
||||||
import { api } from "@/utils/api";
|
import { api } from "@/utils/api";
|
||||||
|
|
||||||
// Free tier may set up to 2 concurrent builds; enterprise unlocks more.
|
const MAX_CONCURRENCY = 100;
|
||||||
const FREE_MAX_CONCURRENCY = 2;
|
|
||||||
const ENTERPRISE_MAX_CONCURRENCY = 100;
|
|
||||||
|
|
||||||
interface Props {
|
interface Props {
|
||||||
/**
|
/**
|
||||||
@@ -20,14 +18,10 @@ interface Props {
|
|||||||
|
|
||||||
/**
|
/**
|
||||||
* Control to set the number of concurrent builds, either for a remote server
|
* Control to set the number of concurrent builds, either for a remote server
|
||||||
* (`serverId` provided) or the local web server (omitted). Available to
|
* (`serverId` provided) or the local web server (omitted). Not shown in cloud.
|
||||||
* everyone self-hosted up to FREE_MAX_CONCURRENCY; higher values require a
|
|
||||||
* valid enterprise license. Not shown in cloud.
|
|
||||||
*/
|
*/
|
||||||
export const BuildsConcurrency = ({ serverId, label }: Props) => {
|
export const BuildsConcurrency = ({ serverId, label }: Props) => {
|
||||||
const { data: isCloud } = api.settings.isCloud.useQuery();
|
const { data: isCloud } = api.settings.isCloud.useQuery();
|
||||||
const { data: haveValidLicense } =
|
|
||||||
api.licenseKey.haveValidLicenseKey.useQuery();
|
|
||||||
|
|
||||||
const serverQuery = api.server.one.useQuery(
|
const serverQuery = api.server.one.useQuery(
|
||||||
{ serverId: serverId ?? "" },
|
{ serverId: serverId ?? "" },
|
||||||
@@ -59,10 +53,7 @@ export const BuildsConcurrency = ({ serverId, label }: Props) => {
|
|||||||
// Concurrent builds are a self-hosted feature; not shown in cloud.
|
// Concurrent builds are a self-hosted feature; not shown in cloud.
|
||||||
if (isCloud) return null;
|
if (isCloud) return null;
|
||||||
|
|
||||||
const max = haveValidLicense
|
const clamp = (n: number) => Math.min(MAX_CONCURRENCY, Math.max(1, n));
|
||||||
? ENTERPRISE_MAX_CONCURRENCY
|
|
||||||
: FREE_MAX_CONCURRENCY;
|
|
||||||
const clamp = (n: number) => Math.min(max, Math.max(1, n));
|
|
||||||
|
|
||||||
const handleSave = async () => {
|
const handleSave = async () => {
|
||||||
const parsed = clamp(Number.parseInt(value, 10) || 1);
|
const parsed = clamp(Number.parseInt(value, 10) || 1);
|
||||||
@@ -101,7 +92,7 @@ export const BuildsConcurrency = ({ serverId, label }: Props) => {
|
|||||||
<Input
|
<Input
|
||||||
type="number"
|
type="number"
|
||||||
min={1}
|
min={1}
|
||||||
max={max}
|
max={MAX_CONCURRENCY}
|
||||||
value={value}
|
value={value}
|
||||||
onChange={(e) => setValue(e.target.value)}
|
onChange={(e) => setValue(e.target.value)}
|
||||||
className="w-20"
|
className="w-20"
|
||||||
|
|||||||
@@ -97,6 +97,7 @@ export const ShowUsers = () => {
|
|||||||
<TableRow>
|
<TableRow>
|
||||||
<TableHead className="w-[100px]">Email</TableHead>
|
<TableHead className="w-[100px]">Email</TableHead>
|
||||||
<TableHead className="text-center">Role</TableHead>
|
<TableHead className="text-center">Role</TableHead>
|
||||||
|
<TableHead className="text-center">Status</TableHead>
|
||||||
<TableHead className="text-center">2FA</TableHead>
|
<TableHead className="text-center">2FA</TableHead>
|
||||||
|
|
||||||
<TableHead className="text-center">
|
<TableHead className="text-center">
|
||||||
@@ -173,6 +174,19 @@ export const ShowUsers = () => {
|
|||||||
{member.role}
|
{member.role}
|
||||||
</Badge>
|
</Badge>
|
||||||
</TableCell>
|
</TableCell>
|
||||||
|
<TableCell className="text-center">
|
||||||
|
<Badge
|
||||||
|
variant={
|
||||||
|
member.user.banned
|
||||||
|
? "destructive"
|
||||||
|
: "outline"
|
||||||
|
}
|
||||||
|
>
|
||||||
|
{member.user.banned
|
||||||
|
? "Deactivated"
|
||||||
|
: "Active"}
|
||||||
|
</Badge>
|
||||||
|
</TableCell>
|
||||||
<TableCell className="text-center">
|
<TableCell className="text-center">
|
||||||
{member.user.twoFactorEnabled
|
{member.user.twoFactorEnabled
|
||||||
? "Enabled"
|
? "Enabled"
|
||||||
|
|||||||
@@ -87,7 +87,8 @@ export const RebuildDatabase = ({ id, type }: Props) => {
|
|||||||
<AlertTriangle className="h-5 w-5 text-destructive" />
|
<AlertTriangle className="h-5 w-5 text-destructive" />
|
||||||
Are you absolutely sure?
|
Are you absolutely sure?
|
||||||
</AlertDialogTitle>
|
</AlertDialogTitle>
|
||||||
<AlertDialogDescription className="space-y-2">
|
<AlertDialogDescription asChild>
|
||||||
|
<div className="space-y-2">
|
||||||
<p>This action will:</p>
|
<p>This action will:</p>
|
||||||
<ul className="list-disc list-inside space-y-1">
|
<ul className="list-disc list-inside space-y-1">
|
||||||
<li>Stop the current database service</li>
|
<li>Stop the current database service</li>
|
||||||
@@ -98,18 +99,17 @@ export const RebuildDatabase = ({ id, type }: Props) => {
|
|||||||
<p className="font-medium text-destructive mt-4">
|
<p className="font-medium text-destructive mt-4">
|
||||||
This action cannot be undone.
|
This action cannot be undone.
|
||||||
</p>
|
</p>
|
||||||
|
</div>
|
||||||
</AlertDialogDescription>
|
</AlertDialogDescription>
|
||||||
</AlertDialogHeader>
|
</AlertDialogHeader>
|
||||||
<AlertDialogFooter>
|
<AlertDialogFooter>
|
||||||
<AlertDialogCancel>Cancel</AlertDialogCancel>
|
<AlertDialogCancel>Cancel</AlertDialogCancel>
|
||||||
<AlertDialogAction
|
<AlertDialogAction
|
||||||
onClick={handleRebuild}
|
onClick={handleRebuild}
|
||||||
className="bg-destructive text-destructive-foreground hover:bg-destructive/90"
|
disabled={isPending}
|
||||||
asChild
|
variant="destructive"
|
||||||
>
|
>
|
||||||
<Button isLoading={isPending} type="submit">
|
|
||||||
Yes, rebuild database
|
Yes, rebuild database
|
||||||
</Button>
|
|
||||||
</AlertDialogAction>
|
</AlertDialogAction>
|
||||||
</AlertDialogFooter>
|
</AlertDialogFooter>
|
||||||
</AlertDialogContent>
|
</AlertDialogContent>
|
||||||
|
|||||||
@@ -41,6 +41,7 @@ import Link from "next/link";
|
|||||||
import { usePathname } from "next/navigation";
|
import { usePathname } from "next/navigation";
|
||||||
import { useEffect, useState } from "react";
|
import { useEffect, useState } from "react";
|
||||||
import { toast } from "sonner";
|
import { toast } from "sonner";
|
||||||
|
import { Badge } from "@/components/ui/badge";
|
||||||
import {
|
import {
|
||||||
Breadcrumb,
|
Breadcrumb,
|
||||||
BreadcrumbItem,
|
BreadcrumbItem,
|
||||||
@@ -564,6 +565,8 @@ function SidebarLogo() {
|
|||||||
const { isMobile } = useSidebar();
|
const { isMobile } = useSidebar();
|
||||||
const isCollapsed = state === "collapsed" && !isMobile;
|
const isCollapsed = state === "collapsed" && !isMobile;
|
||||||
const { data: activeOrganization } = api.organization.active.useQuery();
|
const { data: activeOrganization } = api.organization.active.useQuery();
|
||||||
|
const { data: haveValidLicense } =
|
||||||
|
api.licenseKey.haveValidLicenseKey.useQuery();
|
||||||
|
|
||||||
const { data: invitations, refetch: refetchInvitations } =
|
const { data: invitations, refetch: refetchInvitations } =
|
||||||
api.user.getInvitations.useQuery();
|
api.user.getInvitations.useQuery();
|
||||||
@@ -629,9 +632,14 @@ function SidebarLogo() {
|
|||||||
isCollapsed && "hidden",
|
isCollapsed && "hidden",
|
||||||
)}
|
)}
|
||||||
>
|
>
|
||||||
|
<div className="flex items-center gap-1.5">
|
||||||
<p className="text-sm font-medium leading-none">
|
<p className="text-sm font-medium leading-none">
|
||||||
{activeOrganization?.name ?? "Select Organization"}
|
{activeOrganization?.name ?? "Select Organization"}
|
||||||
</p>
|
</p>
|
||||||
|
{haveValidLicense && (
|
||||||
|
<Badge variant="blue">Enterprise</Badge>
|
||||||
|
)}
|
||||||
|
</div>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
<ChevronsUpDown
|
<ChevronsUpDown
|
||||||
|
|||||||
235
apps/dokploy/components/proprietary/sso/scim-dialog.tsx
Normal file
235
apps/dokploy/components/proprietary/sso/scim-dialog.tsx
Normal file
@@ -0,0 +1,235 @@
|
|||||||
|
"use client";
|
||||||
|
|
||||||
|
import copy from "copy-to-clipboard";
|
||||||
|
import { Copy, KeyRound, Loader2, Plus, Trash2 } from "lucide-react";
|
||||||
|
import { type ReactNode, useState } from "react";
|
||||||
|
import { toast } from "sonner";
|
||||||
|
import { DialogAction } from "@/components/shared/dialog-action";
|
||||||
|
import { Button } from "@/components/ui/button";
|
||||||
|
import {
|
||||||
|
Dialog,
|
||||||
|
DialogContent,
|
||||||
|
DialogDescription,
|
||||||
|
DialogFooter,
|
||||||
|
DialogHeader,
|
||||||
|
DialogTitle,
|
||||||
|
DialogTrigger,
|
||||||
|
} from "@/components/ui/dialog";
|
||||||
|
import { Input } from "@/components/ui/input";
|
||||||
|
import { Label } from "@/components/ui/label";
|
||||||
|
import { api } from "@/utils/api";
|
||||||
|
import { useUrl } from "@/utils/hooks/use-url";
|
||||||
|
|
||||||
|
interface Props {
|
||||||
|
children: ReactNode;
|
||||||
|
}
|
||||||
|
|
||||||
|
export const ScimDialog = ({ children }: Props) => {
|
||||||
|
const utils = api.useUtils();
|
||||||
|
const baseURL = useUrl();
|
||||||
|
const [open, setOpen] = useState(false);
|
||||||
|
const [newProviderId, setNewProviderId] = useState("");
|
||||||
|
const [justCreatedToken, setJustCreatedToken] = useState<{
|
||||||
|
providerId: string;
|
||||||
|
token: string;
|
||||||
|
} | null>(null);
|
||||||
|
|
||||||
|
const { data: providers = [], isPending } = api.scim.listProviders.useQuery(
|
||||||
|
undefined,
|
||||||
|
{ enabled: open },
|
||||||
|
);
|
||||||
|
const { mutateAsync: generateToken, isPending: isGenerating } =
|
||||||
|
api.scim.generateToken.useMutation();
|
||||||
|
const { mutateAsync: deleteProvider, isPending: isDeleting } =
|
||||||
|
api.scim.deleteProvider.useMutation();
|
||||||
|
|
||||||
|
const scimUrl = `${baseURL || "{baseURL}"}/api/auth/scim/v2`;
|
||||||
|
|
||||||
|
const handleGenerate = async () => {
|
||||||
|
const providerId = newProviderId.trim().toLowerCase();
|
||||||
|
if (!providerId) return;
|
||||||
|
try {
|
||||||
|
const result = await generateToken({ providerId });
|
||||||
|
setJustCreatedToken({
|
||||||
|
providerId: result.providerId,
|
||||||
|
token: result.scimToken,
|
||||||
|
});
|
||||||
|
setNewProviderId("");
|
||||||
|
await utils.scim.listProviders.invalidate();
|
||||||
|
} catch (err) {
|
||||||
|
toast.error(
|
||||||
|
err instanceof Error ? err.message : "Failed to generate SCIM token",
|
||||||
|
);
|
||||||
|
}
|
||||||
|
};
|
||||||
|
|
||||||
|
const handleDelete = async (providerId: string) => {
|
||||||
|
try {
|
||||||
|
await deleteProvider({ providerId });
|
||||||
|
toast.success("SCIM provider removed");
|
||||||
|
await utils.scim.listProviders.invalidate();
|
||||||
|
} catch (err) {
|
||||||
|
toast.error(
|
||||||
|
err instanceof Error ? err.message : "Failed to delete SCIM provider",
|
||||||
|
);
|
||||||
|
}
|
||||||
|
};
|
||||||
|
|
||||||
|
const handleCopy = (value: string, label: string) => {
|
||||||
|
copy(value);
|
||||||
|
toast.success(`${label} copied`);
|
||||||
|
};
|
||||||
|
|
||||||
|
const handleOpenChange = (next: boolean) => {
|
||||||
|
setOpen(next);
|
||||||
|
if (!next) setJustCreatedToken(null);
|
||||||
|
};
|
||||||
|
|
||||||
|
return (
|
||||||
|
<Dialog open={open} onOpenChange={handleOpenChange}>
|
||||||
|
<DialogTrigger asChild>{children}</DialogTrigger>
|
||||||
|
<DialogContent className="sm:max-w-[560px]">
|
||||||
|
<DialogHeader>
|
||||||
|
<DialogTitle className="flex items-center gap-2">
|
||||||
|
<KeyRound className="size-5" />
|
||||||
|
SCIM provisioning
|
||||||
|
</DialogTitle>
|
||||||
|
<DialogDescription>
|
||||||
|
Automatically provision, update, and deactivate users from your
|
||||||
|
identity provider (Okta, Entra ID, etc.). Configure the SCIM
|
||||||
|
endpoint below in your IdP.
|
||||||
|
</DialogDescription>
|
||||||
|
</DialogHeader>
|
||||||
|
<div className="space-y-4 py-2">
|
||||||
|
<div className="grid gap-1">
|
||||||
|
<Label className="text-xs font-medium text-muted-foreground">
|
||||||
|
SCIM 2.0 endpoint URL
|
||||||
|
</Label>
|
||||||
|
<div className="flex items-center gap-2">
|
||||||
|
<p className="flex-1 break-all rounded-md bg-muted px-2 py-1.5 font-mono text-xs">
|
||||||
|
{scimUrl}
|
||||||
|
</p>
|
||||||
|
<Button
|
||||||
|
variant="outline"
|
||||||
|
size="icon"
|
||||||
|
className="size-8 shrink-0"
|
||||||
|
onClick={() => handleCopy(scimUrl, "Endpoint URL")}
|
||||||
|
disabled={!baseURL}
|
||||||
|
>
|
||||||
|
<Copy className="size-3.5" />
|
||||||
|
</Button>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
{justCreatedToken && (
|
||||||
|
<div className="rounded-md border border-amber-500/40 bg-amber-500/10 p-3">
|
||||||
|
<p className="text-sm font-medium">
|
||||||
|
Bearer token for {justCreatedToken.providerId}
|
||||||
|
</p>
|
||||||
|
<p className="mt-1 text-xs text-muted-foreground">
|
||||||
|
Copy this token now — it will not be shown again. Paste it into
|
||||||
|
your IdP's SCIM configuration.
|
||||||
|
</p>
|
||||||
|
<div className="mt-2 flex items-center gap-2">
|
||||||
|
<p className="flex-1 break-all rounded-md bg-background px-2 py-1.5 font-mono text-xs">
|
||||||
|
{justCreatedToken.token}
|
||||||
|
</p>
|
||||||
|
<Button
|
||||||
|
variant="outline"
|
||||||
|
size="icon"
|
||||||
|
className="size-8 shrink-0"
|
||||||
|
onClick={() =>
|
||||||
|
handleCopy(justCreatedToken.token, "Bearer token")
|
||||||
|
}
|
||||||
|
>
|
||||||
|
<Copy className="size-3.5" />
|
||||||
|
</Button>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
)}
|
||||||
|
|
||||||
|
<div className="space-y-2">
|
||||||
|
<Label className="text-sm font-medium">
|
||||||
|
Generate token for a new provider
|
||||||
|
</Label>
|
||||||
|
<div className="flex gap-2">
|
||||||
|
<Input
|
||||||
|
value={newProviderId}
|
||||||
|
onChange={(e) => setNewProviderId(e.target.value)}
|
||||||
|
placeholder="okta, entra, jumpcloud..."
|
||||||
|
className="font-mono text-sm"
|
||||||
|
onKeyDown={(e) => {
|
||||||
|
if (e.key === "Enter") {
|
||||||
|
e.preventDefault();
|
||||||
|
void handleGenerate();
|
||||||
|
}
|
||||||
|
}}
|
||||||
|
/>
|
||||||
|
<Button
|
||||||
|
size="sm"
|
||||||
|
onClick={handleGenerate}
|
||||||
|
disabled={!newProviderId.trim() || isGenerating}
|
||||||
|
>
|
||||||
|
<Plus className="mr-1 size-4" />
|
||||||
|
Generate
|
||||||
|
</Button>
|
||||||
|
</div>
|
||||||
|
<p className="text-xs text-muted-foreground">
|
||||||
|
Choose a unique identifier for this IdP connection (lowercase,
|
||||||
|
alphanumeric, dashes).
|
||||||
|
</p>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
<div className="space-y-2">
|
||||||
|
<Label className="text-sm font-medium">Existing providers</Label>
|
||||||
|
{isPending ? (
|
||||||
|
<div className="flex items-center gap-2 justify-center py-4">
|
||||||
|
<Loader2 className="size-4 animate-spin text-muted-foreground" />
|
||||||
|
<span className="text-sm text-muted-foreground">
|
||||||
|
Loading...
|
||||||
|
</span>
|
||||||
|
</div>
|
||||||
|
) : providers.length === 0 ? (
|
||||||
|
<p className="rounded-md border border-dashed bg-muted/30 px-3 py-4 text-center text-sm text-muted-foreground">
|
||||||
|
No SCIM providers configured yet.
|
||||||
|
</p>
|
||||||
|
) : (
|
||||||
|
<ul className="flex flex-col gap-2">
|
||||||
|
{providers.map((provider) => (
|
||||||
|
<li
|
||||||
|
key={provider.id}
|
||||||
|
className="flex items-center gap-2 rounded-md border bg-muted/30 px-3 py-2"
|
||||||
|
>
|
||||||
|
<span className="flex-1 font-mono text-sm">
|
||||||
|
{provider.providerId}
|
||||||
|
</span>
|
||||||
|
<DialogAction
|
||||||
|
title="Remove SCIM provider"
|
||||||
|
description={`Remove "${provider.providerId}"? Existing provisioned users will stay but the IdP will no longer be able to sync.`}
|
||||||
|
type="destructive"
|
||||||
|
onClick={() => handleDelete(provider.providerId)}
|
||||||
|
>
|
||||||
|
<Button
|
||||||
|
variant="ghost"
|
||||||
|
size="icon"
|
||||||
|
className="size-8 shrink-0 text-destructive hover:text-destructive"
|
||||||
|
disabled={isDeleting}
|
||||||
|
>
|
||||||
|
<Trash2 className="size-3.5" />
|
||||||
|
</Button>
|
||||||
|
</DialogAction>
|
||||||
|
</li>
|
||||||
|
))}
|
||||||
|
</ul>
|
||||||
|
)}
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
<DialogFooter>
|
||||||
|
<Button variant="outline" onClick={() => handleOpenChange(false)}>
|
||||||
|
Close
|
||||||
|
</Button>
|
||||||
|
</DialogFooter>
|
||||||
|
</DialogContent>
|
||||||
|
</Dialog>
|
||||||
|
);
|
||||||
|
};
|
||||||
@@ -2,6 +2,7 @@
|
|||||||
|
|
||||||
import {
|
import {
|
||||||
Eye,
|
Eye,
|
||||||
|
KeyRound,
|
||||||
Loader2,
|
Loader2,
|
||||||
LogIn,
|
LogIn,
|
||||||
Pencil,
|
Pencil,
|
||||||
@@ -34,6 +35,7 @@ import { api } from "@/utils/api";
|
|||||||
import { useUrl } from "@/utils/hooks/use-url";
|
import { useUrl } from "@/utils/hooks/use-url";
|
||||||
import { RegisterOidcDialog } from "./register-oidc-dialog";
|
import { RegisterOidcDialog } from "./register-oidc-dialog";
|
||||||
import { RegisterSamlDialog } from "./register-saml-dialog";
|
import { RegisterSamlDialog } from "./register-saml-dialog";
|
||||||
|
import { ScimDialog } from "./scim-dialog";
|
||||||
|
|
||||||
type ProviderForDetails = {
|
type ProviderForDetails = {
|
||||||
id: string | null;
|
id: string | null;
|
||||||
@@ -169,15 +171,22 @@ export const SSOSettings = () => {
|
|||||||
Users can sign in with their organization's IdP.
|
Users can sign in with their organization's IdP.
|
||||||
</CardDescription>
|
</CardDescription>
|
||||||
</div>
|
</div>
|
||||||
|
<div className="flex flex-wrap gap-2 shrink-0">
|
||||||
<Button
|
<Button
|
||||||
variant="outline"
|
variant="outline"
|
||||||
size="sm"
|
size="sm"
|
||||||
onClick={() => setManageOriginsOpen(true)}
|
onClick={() => setManageOriginsOpen(true)}
|
||||||
className="shrink-0"
|
|
||||||
>
|
>
|
||||||
<Shield className="mr-2 size-4" />
|
<Shield className="mr-2 size-4" />
|
||||||
Manage origins
|
Manage origins
|
||||||
</Button>
|
</Button>
|
||||||
|
<ScimDialog>
|
||||||
|
<Button variant="outline" size="sm">
|
||||||
|
<KeyRound className="mr-2 size-4" />
|
||||||
|
Manage SCIM
|
||||||
|
</Button>
|
||||||
|
</ScimDialog>
|
||||||
|
</div>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
{isPending ? (
|
{isPending ? (
|
||||||
|
|||||||
@@ -1,8 +1,7 @@
|
|||||||
import * as React from "react";
|
|
||||||
import { Accordion as AccordionPrimitive } from "radix-ui";
|
|
||||||
|
|
||||||
import { cn } from "@/lib/utils";
|
|
||||||
import { ChevronDownIcon, ChevronUpIcon } from "lucide-react";
|
import { ChevronDownIcon, ChevronUpIcon } from "lucide-react";
|
||||||
|
import { Accordion as AccordionPrimitive } from "radix-ui";
|
||||||
|
import type * as React from "react";
|
||||||
|
import { cn } from "@/lib/utils";
|
||||||
|
|
||||||
function Accordion({
|
function Accordion({
|
||||||
className,
|
className,
|
||||||
|
|||||||
@@ -1,10 +1,9 @@
|
|||||||
"use client";
|
"use client";
|
||||||
|
|
||||||
import * as React from "react";
|
|
||||||
import { AlertDialog as AlertDialogPrimitive } from "radix-ui";
|
import { AlertDialog as AlertDialogPrimitive } from "radix-ui";
|
||||||
|
import type * as React from "react";
|
||||||
import { cn } from "@/lib/utils";
|
|
||||||
import { Button } from "@/components/ui/button";
|
import { Button } from "@/components/ui/button";
|
||||||
|
import { cn } from "@/lib/utils";
|
||||||
|
|
||||||
function AlertDialog({
|
function AlertDialog({
|
||||||
...props
|
...props
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
import * as React from "react";
|
|
||||||
import { cva, type VariantProps } from "class-variance-authority";
|
import { cva, type VariantProps } from "class-variance-authority";
|
||||||
|
import type * as React from "react";
|
||||||
|
|
||||||
import { cn } from "@/lib/utils";
|
import { cn } from "@/lib/utils";
|
||||||
|
|
||||||
|
|||||||
@@ -1,7 +1,7 @@
|
|||||||
"use client";
|
"use client";
|
||||||
|
|
||||||
import * as React from "react";
|
|
||||||
import { Avatar as AvatarPrimitive } from "radix-ui";
|
import { Avatar as AvatarPrimitive } from "radix-ui";
|
||||||
|
import type * as React from "react";
|
||||||
|
|
||||||
import { cn } from "@/lib/utils";
|
import { cn } from "@/lib/utils";
|
||||||
|
|
||||||
|
|||||||
@@ -1,8 +1,7 @@
|
|||||||
import * as React from "react";
|
|
||||||
import { Slot } from "radix-ui";
|
|
||||||
|
|
||||||
import { cn } from "@/lib/utils";
|
|
||||||
import { ChevronRightIcon, MoreHorizontalIcon } from "lucide-react";
|
import { ChevronRightIcon, MoreHorizontalIcon } from "lucide-react";
|
||||||
|
import { Slot } from "radix-ui";
|
||||||
|
import type * as React from "react";
|
||||||
|
import { cn } from "@/lib/utils";
|
||||||
|
|
||||||
function Breadcrumb({ className, ...props }: React.ComponentProps<"nav">) {
|
function Breadcrumb({ className, ...props }: React.ComponentProps<"nav">) {
|
||||||
return (
|
return (
|
||||||
|
|||||||
@@ -1,4 +1,4 @@
|
|||||||
import * as React from "react";
|
import type * as React from "react";
|
||||||
|
|
||||||
import { cn } from "@/lib/utils";
|
import { cn } from "@/lib/utils";
|
||||||
|
|
||||||
|
|||||||
@@ -1,6 +1,6 @@
|
|||||||
import * as React from "react";
|
import * as React from "react";
|
||||||
import * as RechartsPrimitive from "recharts";
|
|
||||||
import type { TooltipValueType } from "recharts";
|
import type { TooltipValueType } from "recharts";
|
||||||
|
import * as RechartsPrimitive from "recharts";
|
||||||
|
|
||||||
import { cn } from "@/lib/utils";
|
import { cn } from "@/lib/utils";
|
||||||
|
|
||||||
|
|||||||
@@ -1,10 +1,9 @@
|
|||||||
"use client";
|
"use client";
|
||||||
|
|
||||||
import * as React from "react";
|
|
||||||
import { Checkbox as CheckboxPrimitive } from "radix-ui";
|
|
||||||
|
|
||||||
import { cn } from "@/lib/utils";
|
|
||||||
import { CheckIcon } from "lucide-react";
|
import { CheckIcon } from "lucide-react";
|
||||||
|
import { Checkbox as CheckboxPrimitive } from "radix-ui";
|
||||||
|
import type * as React from "react";
|
||||||
|
import { cn } from "@/lib/utils";
|
||||||
|
|
||||||
function Checkbox({
|
function Checkbox({
|
||||||
className,
|
className,
|
||||||
|
|||||||
@@ -1,9 +1,8 @@
|
|||||||
"use client";
|
"use client";
|
||||||
|
|
||||||
import * as React from "react";
|
|
||||||
import { Command as CommandPrimitive } from "cmdk";
|
import { Command as CommandPrimitive } from "cmdk";
|
||||||
|
import { CheckIcon, SearchIcon } from "lucide-react";
|
||||||
import { cn } from "@/lib/utils";
|
import type * as React from "react";
|
||||||
import {
|
import {
|
||||||
Dialog,
|
Dialog,
|
||||||
DialogContent,
|
DialogContent,
|
||||||
@@ -12,7 +11,7 @@ import {
|
|||||||
DialogTitle,
|
DialogTitle,
|
||||||
} from "@/components/ui/dialog";
|
} from "@/components/ui/dialog";
|
||||||
import { InputGroup, InputGroupAddon } from "@/components/ui/input-group";
|
import { InputGroup, InputGroupAddon } from "@/components/ui/input-group";
|
||||||
import { SearchIcon, CheckIcon } from "lucide-react";
|
import { cn } from "@/lib/utils";
|
||||||
|
|
||||||
function Command({
|
function Command({
|
||||||
className,
|
className,
|
||||||
@@ -45,10 +44,6 @@ function CommandDialog({
|
|||||||
}) {
|
}) {
|
||||||
return (
|
return (
|
||||||
<Dialog {...props}>
|
<Dialog {...props}>
|
||||||
<DialogHeader className="sr-only">
|
|
||||||
<DialogTitle>{title}</DialogTitle>
|
|
||||||
<DialogDescription>{description}</DialogDescription>
|
|
||||||
</DialogHeader>
|
|
||||||
<DialogContent
|
<DialogContent
|
||||||
className={cn(
|
className={cn(
|
||||||
"top-1/3 translate-y-0 overflow-hidden rounded-xl! p-0",
|
"top-1/3 translate-y-0 overflow-hidden rounded-xl! p-0",
|
||||||
@@ -56,7 +51,11 @@ function CommandDialog({
|
|||||||
)}
|
)}
|
||||||
showCloseButton={showCloseButton}
|
showCloseButton={showCloseButton}
|
||||||
>
|
>
|
||||||
{children}
|
<DialogHeader className="sr-only">
|
||||||
|
<DialogTitle>{title}</DialogTitle>
|
||||||
|
<DialogDescription>{description}</DialogDescription>
|
||||||
|
</DialogHeader>
|
||||||
|
<Command>{children}</Command>
|
||||||
</DialogContent>
|
</DialogContent>
|
||||||
</Dialog>
|
</Dialog>
|
||||||
);
|
);
|
||||||
@@ -68,7 +67,7 @@ function CommandInput({
|
|||||||
}: React.ComponentProps<typeof CommandPrimitive.Input>) {
|
}: React.ComponentProps<typeof CommandPrimitive.Input>) {
|
||||||
return (
|
return (
|
||||||
<div data-slot="command-input-wrapper" className="p-1 pb-0">
|
<div data-slot="command-input-wrapper" className="p-1 pb-0">
|
||||||
<InputGroup className="h-11! rounded-lg! border-input/30 bg-input/30 shadow-none! *:data-[slot=input-group-addon]:pl-2!">
|
<InputGroup className="h-11! in-data-[slot=dialog-content]:h-12! rounded-lg! border-input/30 bg-input/30 shadow-none! *:data-[slot=input-group-addon]:pl-2! in-data-[slot=dialog-content]:*:[svg]:size-5">
|
||||||
<CommandPrimitive.Input
|
<CommandPrimitive.Input
|
||||||
data-slot="command-input"
|
data-slot="command-input"
|
||||||
className={cn(
|
className={cn(
|
||||||
@@ -122,7 +121,7 @@ function CommandGroup({
|
|||||||
<CommandPrimitive.Group
|
<CommandPrimitive.Group
|
||||||
data-slot="command-group"
|
data-slot="command-group"
|
||||||
className={cn(
|
className={cn(
|
||||||
"overflow-hidden p-1 text-foreground **:[[cmdk-group-heading]]:px-2 **:[[cmdk-group-heading]]:py-1.5 **:[[cmdk-group-heading]]:text-xs **:[[cmdk-group-heading]]:font-medium **:[[cmdk-group-heading]]:text-muted-foreground",
|
"overflow-hidden p-1 text-foreground **:[[cmdk-group-heading]]:px-2 **:[[cmdk-group-heading]]:py-1.5 **:[[cmdk-group-heading]]:text-xs **:[[cmdk-group-heading]]:font-medium **:[[cmdk-group-heading]]:text-muted-foreground in-data-[slot=dialog-content]:**:[[cmdk-group]:not([hidden])_~[cmdk-group]]:pt-0",
|
||||||
className,
|
className,
|
||||||
)}
|
)}
|
||||||
{...props}
|
{...props}
|
||||||
@@ -152,7 +151,7 @@ function CommandItem({
|
|||||||
<CommandPrimitive.Item
|
<CommandPrimitive.Item
|
||||||
data-slot="command-item"
|
data-slot="command-item"
|
||||||
className={cn(
|
className={cn(
|
||||||
"group/command-item relative flex cursor-default items-center gap-2 rounded-sm px-2 py-1.5 text-sm outline-hidden select-none in-data-[slot=dialog-content]:rounded-lg! data-[disabled=true]:pointer-events-none data-[disabled=true]:opacity-50 data-selected:bg-muted data-selected:text-foreground [&_svg]:pointer-events-none [&_svg]:shrink-0 [&_svg:not([class*='size-'])]:size-4 data-selected:*:[svg]:text-foreground",
|
"group/command-item relative flex cursor-default items-center gap-2 rounded-sm px-2 py-1.5 in-data-[slot=dialog-content]:py-3 text-sm outline-hidden select-none in-data-[slot=dialog-content]:rounded-lg! data-[disabled=true]:pointer-events-none data-[disabled=true]:opacity-50 data-selected:bg-muted data-selected:text-foreground [&_svg]:pointer-events-none [&_svg]:shrink-0 [&_svg:not([class*='size-'])]:size-4 in-data-[slot=dialog-content]:[&_svg:not([class*='size-'])]:size-5 data-selected:*:[svg]:text-foreground",
|
||||||
className,
|
className,
|
||||||
)}
|
)}
|
||||||
{...props}
|
{...props}
|
||||||
|
|||||||
@@ -1,10 +1,9 @@
|
|||||||
"use client";
|
"use client";
|
||||||
|
|
||||||
import * as React from "react";
|
import { CheckIcon, ChevronRightIcon } from "lucide-react";
|
||||||
import { ContextMenu as ContextMenuPrimitive } from "radix-ui";
|
import { ContextMenu as ContextMenuPrimitive } from "radix-ui";
|
||||||
|
import type * as React from "react";
|
||||||
import { cn } from "@/lib/utils";
|
import { cn } from "@/lib/utils";
|
||||||
import { ChevronRightIcon, CheckIcon } from "lucide-react";
|
|
||||||
|
|
||||||
function ContextMenu({
|
function ContextMenu({
|
||||||
...props
|
...props
|
||||||
|
|||||||
@@ -1,10 +1,9 @@
|
|||||||
import * as React from "react";
|
import { XIcon } from "lucide-react";
|
||||||
import { Dialog as DialogPrimitive } from "radix-ui";
|
import { Dialog as DialogPrimitive } from "radix-ui";
|
||||||
|
import type * as React from "react";
|
||||||
import { cn } from "@/lib/utils";
|
|
||||||
import { Button } from "@/components/ui/button";
|
import { Button } from "@/components/ui/button";
|
||||||
import { wasNestedPopupJustClosed } from "@/components/ui/nested-popup-context";
|
import { wasNestedPopupJustClosed } from "@/components/ui/nested-popup-context";
|
||||||
import { XIcon } from "lucide-react";
|
import { cn } from "@/lib/utils";
|
||||||
|
|
||||||
function Dialog({
|
function Dialog({
|
||||||
...props
|
...props
|
||||||
|
|||||||
@@ -1,9 +1,8 @@
|
|||||||
import * as React from "react";
|
|
||||||
import { DropdownMenu as DropdownMenuPrimitive } from "radix-ui";
|
|
||||||
|
|
||||||
import { cn } from "@/lib/utils";
|
|
||||||
import { markNestedPopupClosed } from "@/components/ui/nested-popup-context";
|
|
||||||
import { CheckIcon, ChevronRightIcon } from "lucide-react";
|
import { CheckIcon, ChevronRightIcon } from "lucide-react";
|
||||||
|
import { DropdownMenu as DropdownMenuPrimitive } from "radix-ui";
|
||||||
|
import type * as React from "react";
|
||||||
|
import { markNestedPopupClosed } from "@/components/ui/nested-popup-context";
|
||||||
|
import { cn } from "@/lib/utils";
|
||||||
|
|
||||||
function DropdownMenu({
|
function DropdownMenu({
|
||||||
onOpenChange,
|
onOpenChange,
|
||||||
|
|||||||
@@ -1,9 +1,9 @@
|
|||||||
"use client";
|
"use client";
|
||||||
|
|
||||||
import { Accordion as AccordionPrimitive } from "radix-ui";
|
|
||||||
// import { ScrollArea } from "@acme/components/ui/scroll-area";
|
// import { ScrollArea } from "@acme/components/ui/scroll-area";
|
||||||
// import { cn } from "@acme/components/lib/utils";
|
// import { cn } from "@acme/components/lib/utils";
|
||||||
import { ChevronRight, type LucideIcon } from "lucide-react";
|
import { ChevronRight, type LucideIcon } from "lucide-react";
|
||||||
|
import { Accordion as AccordionPrimitive } from "radix-ui";
|
||||||
import React from "react";
|
import React from "react";
|
||||||
import useResizeObserver from "use-resize-observer";
|
import useResizeObserver from "use-resize-observer";
|
||||||
import { cn } from "@/lib/utils";
|
import { cn } from "@/lib/utils";
|
||||||
|
|||||||
@@ -1,4 +1,4 @@
|
|||||||
import { Label as LabelPrimitive, Slot } from "radix-ui";
|
import { type Label as LabelPrimitive, Slot } from "radix-ui";
|
||||||
import * as React from "react";
|
import * as React from "react";
|
||||||
import {
|
import {
|
||||||
Controller,
|
Controller,
|
||||||
|
|||||||
@@ -1,12 +1,11 @@
|
|||||||
"use client";
|
"use client";
|
||||||
|
|
||||||
import * as React from "react";
|
|
||||||
import { cva, type VariantProps } from "class-variance-authority";
|
import { cva, type VariantProps } from "class-variance-authority";
|
||||||
|
import type * as React from "react";
|
||||||
import { cn } from "@/lib/utils";
|
|
||||||
import { Button } from "@/components/ui/button";
|
import { Button } from "@/components/ui/button";
|
||||||
import { Input } from "@/components/ui/input";
|
import { Input } from "@/components/ui/input";
|
||||||
import { Textarea } from "@/components/ui/textarea";
|
import { Textarea } from "@/components/ui/textarea";
|
||||||
|
import { cn } from "@/lib/utils";
|
||||||
|
|
||||||
function InputGroup({ className, ...props }: React.ComponentProps<"div">) {
|
function InputGroup({ className, ...props }: React.ComponentProps<"div">) {
|
||||||
return (
|
return (
|
||||||
|
|||||||
@@ -1,8 +1,7 @@
|
|||||||
import * as React from "react";
|
|
||||||
import { OTPInput, OTPInputContext } from "input-otp";
|
import { OTPInput, OTPInputContext } from "input-otp";
|
||||||
|
|
||||||
import { cn } from "@/lib/utils";
|
|
||||||
import { MinusIcon } from "lucide-react";
|
import { MinusIcon } from "lucide-react";
|
||||||
|
import * as React from "react";
|
||||||
|
import { cn } from "@/lib/utils";
|
||||||
|
|
||||||
function InputOTP({
|
function InputOTP({
|
||||||
className,
|
className,
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
import * as React from "react";
|
|
||||||
import { Label as LabelPrimitive } from "radix-ui";
|
import { Label as LabelPrimitive } from "radix-ui";
|
||||||
|
import type * as React from "react";
|
||||||
|
|
||||||
import { cn } from "@/lib/utils";
|
import { cn } from "@/lib/utils";
|
||||||
|
|
||||||
|
|||||||
@@ -1,10 +1,9 @@
|
|||||||
"use client";
|
"use client";
|
||||||
|
|
||||||
import * as React from "react";
|
|
||||||
import { Popover as PopoverPrimitive } from "radix-ui";
|
import { Popover as PopoverPrimitive } from "radix-ui";
|
||||||
|
import type * as React from "react";
|
||||||
import { cn } from "@/lib/utils";
|
|
||||||
import { markNestedPopupClosed } from "@/components/ui/nested-popup-context";
|
import { markNestedPopupClosed } from "@/components/ui/nested-popup-context";
|
||||||
|
import { cn } from "@/lib/utils";
|
||||||
|
|
||||||
function Popover({
|
function Popover({
|
||||||
onOpenChange,
|
onOpenChange,
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
import * as React from "react";
|
|
||||||
import { Progress as ProgressPrimitive } from "radix-ui";
|
import { Progress as ProgressPrimitive } from "radix-ui";
|
||||||
|
import type * as React from "react";
|
||||||
|
|
||||||
import { cn } from "@/lib/utils";
|
import { cn } from "@/lib/utils";
|
||||||
|
|
||||||
|
|||||||
@@ -1,7 +1,7 @@
|
|||||||
"use client";
|
"use client";
|
||||||
|
|
||||||
import * as React from "react";
|
|
||||||
import { RadioGroup as RadioGroupPrimitive } from "radix-ui";
|
import { RadioGroup as RadioGroupPrimitive } from "radix-ui";
|
||||||
|
import type * as React from "react";
|
||||||
|
|
||||||
import { cn } from "@/lib/utils";
|
import { cn } from "@/lib/utils";
|
||||||
|
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
import * as React from "react";
|
|
||||||
import { ScrollArea as ScrollAreaPrimitive } from "radix-ui";
|
import { ScrollArea as ScrollAreaPrimitive } from "radix-ui";
|
||||||
|
import type * as React from "react";
|
||||||
|
|
||||||
import { cn } from "@/lib/utils";
|
import { cn } from "@/lib/utils";
|
||||||
|
|
||||||
|
|||||||
@@ -1,8 +1,7 @@
|
|||||||
import * as React from "react";
|
import { CheckIcon, ChevronDownIcon, ChevronUpIcon } from "lucide-react";
|
||||||
import { Select as SelectPrimitive } from "radix-ui";
|
import { Select as SelectPrimitive } from "radix-ui";
|
||||||
|
import type * as React from "react";
|
||||||
import { cn } from "@/lib/utils";
|
import { cn } from "@/lib/utils";
|
||||||
import { ChevronDownIcon, CheckIcon, ChevronUpIcon } from "lucide-react";
|
|
||||||
|
|
||||||
function Select({
|
function Select({
|
||||||
...props
|
...props
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
import * as React from "react";
|
|
||||||
import { Separator as SeparatorPrimitive } from "radix-ui";
|
import { Separator as SeparatorPrimitive } from "radix-ui";
|
||||||
|
import type * as React from "react";
|
||||||
|
|
||||||
import { cn } from "@/lib/utils";
|
import { cn } from "@/lib/utils";
|
||||||
|
|
||||||
|
|||||||
@@ -1,9 +1,8 @@
|
|||||||
import * as React from "react";
|
|
||||||
import { Dialog as SheetPrimitive } from "radix-ui";
|
|
||||||
|
|
||||||
import { cn } from "@/lib/utils";
|
|
||||||
import { Button } from "@/components/ui/button";
|
|
||||||
import { XIcon } from "lucide-react";
|
import { XIcon } from "lucide-react";
|
||||||
|
import { Dialog as SheetPrimitive } from "radix-ui";
|
||||||
|
import type * as React from "react";
|
||||||
|
import { Button } from "@/components/ui/button";
|
||||||
|
import { cn } from "@/lib/utils";
|
||||||
|
|
||||||
function Sheet({ ...props }: React.ComponentProps<typeof SheetPrimitive.Root>) {
|
function Sheet({ ...props }: React.ComponentProps<typeof SheetPrimitive.Root>) {
|
||||||
return <SheetPrimitive.Root data-slot="sheet" {...props} />;
|
return <SheetPrimitive.Root data-slot="sheet" {...props} />;
|
||||||
|
|||||||
@@ -368,7 +368,7 @@ function SidebarContent({ className, ...props }: React.ComponentProps<"div">) {
|
|||||||
data-slot="sidebar-content"
|
data-slot="sidebar-content"
|
||||||
data-sidebar="content"
|
data-sidebar="content"
|
||||||
className={cn(
|
className={cn(
|
||||||
"no-scrollbar flex min-h-0 flex-1 flex-col gap-2 overflow-auto group-data-[collapsible=icon]:overflow-hidden",
|
"no-scrollbar flex min-h-0 flex-1 flex-col gap-2 overflow-y-auto overflow-x-hidden",
|
||||||
className,
|
className,
|
||||||
)}
|
)}
|
||||||
{...props}
|
{...props}
|
||||||
|
|||||||
@@ -1,14 +1,14 @@
|
|||||||
"use client";
|
"use client";
|
||||||
|
|
||||||
import { useTheme } from "next-themes";
|
|
||||||
import { Toaster as Sonner, type ToasterProps } from "sonner";
|
|
||||||
import {
|
import {
|
||||||
CircleCheckIcon,
|
CircleCheckIcon,
|
||||||
InfoIcon,
|
InfoIcon,
|
||||||
TriangleAlertIcon,
|
|
||||||
OctagonXIcon,
|
|
||||||
Loader2Icon,
|
Loader2Icon,
|
||||||
|
OctagonXIcon,
|
||||||
|
TriangleAlertIcon,
|
||||||
} from "lucide-react";
|
} from "lucide-react";
|
||||||
|
import { useTheme } from "next-themes";
|
||||||
|
import { Toaster as Sonner, type ToasterProps } from "sonner";
|
||||||
|
|
||||||
const Toaster = ({ ...props }: ToasterProps) => {
|
const Toaster = ({ ...props }: ToasterProps) => {
|
||||||
const { theme = "system" } = useTheme();
|
const { theme = "system" } = useTheme();
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
import * as React from "react";
|
|
||||||
import { Switch as SwitchPrimitive } from "radix-ui";
|
import { Switch as SwitchPrimitive } from "radix-ui";
|
||||||
|
import type * as React from "react";
|
||||||
|
|
||||||
import { cn } from "@/lib/utils";
|
import { cn } from "@/lib/utils";
|
||||||
|
|
||||||
|
|||||||
@@ -1,6 +1,6 @@
|
|||||||
"use client";
|
"use client";
|
||||||
|
|
||||||
import * as React from "react";
|
import type * as React from "react";
|
||||||
|
|
||||||
import { cn } from "@/lib/utils";
|
import { cn } from "@/lib/utils";
|
||||||
|
|
||||||
|
|||||||
@@ -1,6 +1,6 @@
|
|||||||
import * as React from "react";
|
|
||||||
import { cva, type VariantProps } from "class-variance-authority";
|
import { cva, type VariantProps } from "class-variance-authority";
|
||||||
import { Tabs as TabsPrimitive } from "radix-ui";
|
import { Tabs as TabsPrimitive } from "radix-ui";
|
||||||
|
import type * as React from "react";
|
||||||
|
|
||||||
import { cn } from "@/lib/utils";
|
import { cn } from "@/lib/utils";
|
||||||
|
|
||||||
|
|||||||
@@ -1,4 +1,4 @@
|
|||||||
import * as React from "react";
|
import type * as React from "react";
|
||||||
|
|
||||||
import { cn } from "@/lib/utils";
|
import { cn } from "@/lib/utils";
|
||||||
|
|
||||||
|
|||||||
@@ -1,8 +1,8 @@
|
|||||||
"use client";
|
"use client";
|
||||||
|
|
||||||
import * as React from "react";
|
|
||||||
import { cva, type VariantProps } from "class-variance-authority";
|
import { cva, type VariantProps } from "class-variance-authority";
|
||||||
import { Toggle as TogglePrimitive } from "radix-ui";
|
import { Toggle as TogglePrimitive } from "radix-ui";
|
||||||
|
import type * as React from "react";
|
||||||
|
|
||||||
import { cn } from "@/lib/utils";
|
import { cn } from "@/lib/utils";
|
||||||
|
|
||||||
|
|||||||
13
apps/dokploy/drizzle/0173_aspiring_annihilus.sql
Normal file
13
apps/dokploy/drizzle/0173_aspiring_annihilus.sql
Normal file
@@ -0,0 +1,13 @@
|
|||||||
|
CREATE TABLE "scim_provider" (
|
||||||
|
"id" text PRIMARY KEY NOT NULL,
|
||||||
|
"provider_id" text NOT NULL,
|
||||||
|
"scim_token" text NOT NULL,
|
||||||
|
"organization_id" text,
|
||||||
|
CONSTRAINT "scim_provider_provider_id_unique" UNIQUE("provider_id"),
|
||||||
|
CONSTRAINT "scim_provider_scim_token_unique" UNIQUE("scim_token")
|
||||||
|
);
|
||||||
|
--> statement-breakpoint
|
||||||
|
ALTER TABLE "two_factor" ADD COLUMN "verified" boolean DEFAULT true NOT NULL;--> statement-breakpoint
|
||||||
|
ALTER TABLE "two_factor" ADD COLUMN "failed_verification_count" integer DEFAULT 0 NOT NULL;--> statement-breakpoint
|
||||||
|
ALTER TABLE "two_factor" ADD COLUMN "locked_until" timestamp;--> statement-breakpoint
|
||||||
|
ALTER TABLE "scim_provider" ADD CONSTRAINT "scim_provider_organization_id_organization_id_fk" FOREIGN KEY ("organization_id") REFERENCES "public"."organization"("id") ON DELETE cascade ON UPDATE no action;
|
||||||
1
apps/dokploy/drizzle/0174_great_naoko.sql
Normal file
1
apps/dokploy/drizzle/0174_great_naoko.sql
Normal file
@@ -0,0 +1 @@
|
|||||||
|
ALTER TABLE "backup" ADD COLUMN "includeEncryptionKey" boolean DEFAULT true NOT NULL;
|
||||||
8544
apps/dokploy/drizzle/meta/0173_snapshot.json
Normal file
8544
apps/dokploy/drizzle/meta/0173_snapshot.json
Normal file
File diff suppressed because it is too large
Load Diff
8551
apps/dokploy/drizzle/meta/0174_snapshot.json
Normal file
8551
apps/dokploy/drizzle/meta/0174_snapshot.json
Normal file
File diff suppressed because it is too large
Load Diff
@@ -1212,6 +1212,20 @@
|
|||||||
"when": 1781045439162,
|
"when": 1781045439162,
|
||||||
"tag": "0172_quick_the_professor",
|
"tag": "0172_quick_the_professor",
|
||||||
"breakpoints": true
|
"breakpoints": true
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"idx": 173,
|
||||||
|
"version": "7",
|
||||||
|
"when": 1783494977500,
|
||||||
|
"tag": "0173_aspiring_annihilus",
|
||||||
|
"breakpoints": true
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"idx": 174,
|
||||||
|
"version": "7",
|
||||||
|
"when": 1783674181297,
|
||||||
|
"tag": "0174_great_naoko",
|
||||||
|
"breakpoints": true
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
@@ -1,6 +1,6 @@
|
|||||||
{
|
{
|
||||||
"name": "dokploy",
|
"name": "dokploy",
|
||||||
"version": "v0.29.10",
|
"version": "v0.29.12",
|
||||||
"private": true,
|
"private": true,
|
||||||
"license": "Apache-2.0",
|
"license": "Apache-2.0",
|
||||||
"type": "module",
|
"type": "module",
|
||||||
@@ -47,8 +47,9 @@
|
|||||||
"@ai-sdk/mistral": "^3.0.20",
|
"@ai-sdk/mistral": "^3.0.20",
|
||||||
"@ai-sdk/openai": "^3.0.29",
|
"@ai-sdk/openai": "^3.0.29",
|
||||||
"@ai-sdk/openai-compatible": "^2.0.30",
|
"@ai-sdk/openai-compatible": "^2.0.30",
|
||||||
"@better-auth/api-key": "1.5.4",
|
"@better-auth/api-key": "1.6.23",
|
||||||
"@better-auth/sso": "1.5.4",
|
"@better-auth/scim": "1.6.23",
|
||||||
|
"@better-auth/sso": "1.6.23",
|
||||||
"@codemirror/autocomplete": "^6.18.6",
|
"@codemirror/autocomplete": "^6.18.6",
|
||||||
"@codemirror/lang-css": "^6.3.1",
|
"@codemirror/lang-css": "^6.3.1",
|
||||||
"@codemirror/lang-json": "^6.0.1",
|
"@codemirror/lang-json": "^6.0.1",
|
||||||
@@ -82,7 +83,7 @@
|
|||||||
"ai": "^6.0.86",
|
"ai": "^6.0.86",
|
||||||
"ai-sdk-ollama": "^3.7.0",
|
"ai-sdk-ollama": "^3.7.0",
|
||||||
"bcrypt": "5.1.1",
|
"bcrypt": "5.1.1",
|
||||||
"better-auth": "1.5.4",
|
"better-auth": "1.6.23",
|
||||||
"bl": "6.0.11",
|
"bl": "6.0.11",
|
||||||
"boxen": "^7.1.1",
|
"boxen": "^7.1.1",
|
||||||
"bullmq": "5.67.3",
|
"bullmq": "5.67.3",
|
||||||
@@ -94,7 +95,7 @@
|
|||||||
"dockerode": "4.0.2",
|
"dockerode": "4.0.2",
|
||||||
"dompurify": "^3.3.3",
|
"dompurify": "^3.3.3",
|
||||||
"dotenv": "16.4.5",
|
"dotenv": "16.4.5",
|
||||||
"drizzle-orm": "0.45.1",
|
"drizzle-orm": "0.45.2",
|
||||||
"drizzle-zod": "0.8.3",
|
"drizzle-zod": "0.8.3",
|
||||||
"fancy-ansi": "^0.1.3",
|
"fancy-ansi": "^0.1.3",
|
||||||
"input-otp": "^1.4.2",
|
"input-otp": "^1.4.2",
|
||||||
|
|||||||
@@ -1039,7 +1039,9 @@ const EnvironmentPage = (
|
|||||||
<CardHeader className="p-0">
|
<CardHeader className="p-0">
|
||||||
<CardTitle className="text-xl flex flex-row gap-2 items-center">
|
<CardTitle className="text-xl flex flex-row gap-2 items-center">
|
||||||
<FolderInput className="size-6 text-muted-foreground self-center" />
|
<FolderInput className="size-6 text-muted-foreground self-center" />
|
||||||
|
<p className="text-base font-medium max-w-[250px] truncate">
|
||||||
{currentEnvironment.project.name}
|
{currentEnvironment.project.name}
|
||||||
|
</p>
|
||||||
<AdvancedEnvironmentSelector
|
<AdvancedEnvironmentSelector
|
||||||
projectId={projectId}
|
projectId={projectId}
|
||||||
currentEnvironmentId={environmentId}
|
currentEnvironmentId={environmentId}
|
||||||
|
|||||||
@@ -29,8 +29,6 @@ const Page = () => {
|
|||||||
<CardDescription>
|
<CardDescription>
|
||||||
Configure how many deployments can build at the same time on
|
Configure how many deployments can build at the same time on
|
||||||
each server. Builds of the same service are always serialized.
|
each server. Builds of the same service are always serialized.
|
||||||
Free plan allows up to 2 concurrent builds; an enterprise
|
|
||||||
license unlocks more.
|
|
||||||
</CardDescription>
|
</CardDescription>
|
||||||
</CardHeader>
|
</CardHeader>
|
||||||
<CardContent className="flex flex-col gap-6">
|
<CardContent className="flex flex-col gap-6">
|
||||||
|
|||||||
@@ -54,20 +54,6 @@ const Page = ({ isCloud }: Props) => {
|
|||||||
</EnterpriseFeatureGate>
|
</EnterpriseFeatureGate>
|
||||||
</div>
|
</div>
|
||||||
</Card>
|
</Card>
|
||||||
<Card className="h-full bg-sidebar p-2.5 rounded-xl mx-auto w-full">
|
|
||||||
<div className="rounded-xl bg-background shadow-md">
|
|
||||||
<EnterpriseFeatureGate
|
|
||||||
lockedProps={{
|
|
||||||
title: "Application Authentication",
|
|
||||||
description:
|
|
||||||
"Protect deployed applications behind an OIDC SSO gate (oauth2-proxy). Part of Dokploy Enterprise.",
|
|
||||||
ctaLabel: "Go to License",
|
|
||||||
}}
|
|
||||||
>
|
|
||||||
<ForwardAuthServers />
|
|
||||||
</EnterpriseFeatureGate>
|
|
||||||
</div>
|
|
||||||
</Card>
|
|
||||||
{!isCloud && (
|
{!isCloud && (
|
||||||
<Card className="h-full bg-sidebar p-2.5 rounded-xl mx-auto w-full">
|
<Card className="h-full bg-sidebar p-2.5 rounded-xl mx-auto w-full">
|
||||||
<div className="rounded-xl bg-background shadow-md">
|
<div className="rounded-xl bg-background shadow-md">
|
||||||
|
|||||||
@@ -310,7 +310,7 @@ export default function Home({ IS_CLOUD, enforceSSO }: Props) {
|
|||||||
</button>
|
</button>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<div className="flex gap-4">
|
<div className="grid grid-cols-2 gap-4">
|
||||||
<Button
|
<Button
|
||||||
variant="outline"
|
variant="outline"
|
||||||
className="w-full"
|
className="w-full"
|
||||||
|
|||||||
@@ -32,6 +32,7 @@ import { auditLogRouter } from "./routers/proprietary/audit-log";
|
|||||||
import { customRoleRouter } from "./routers/proprietary/custom-role";
|
import { customRoleRouter } from "./routers/proprietary/custom-role";
|
||||||
import { forwardAuthRouter } from "./routers/proprietary/forward-auth";
|
import { forwardAuthRouter } from "./routers/proprietary/forward-auth";
|
||||||
import { licenseKeyRouter } from "./routers/proprietary/license-key";
|
import { licenseKeyRouter } from "./routers/proprietary/license-key";
|
||||||
|
import { scimRouter } from "./routers/proprietary/scim";
|
||||||
import { ssoRouter } from "./routers/proprietary/sso";
|
import { ssoRouter } from "./routers/proprietary/sso";
|
||||||
import { whitelabelingRouter } from "./routers/proprietary/whitelabeling";
|
import { whitelabelingRouter } from "./routers/proprietary/whitelabeling";
|
||||||
import { redirectsRouter } from "./routers/redirects";
|
import { redirectsRouter } from "./routers/redirects";
|
||||||
@@ -94,6 +95,7 @@ export const appRouter = createTRPCRouter({
|
|||||||
organization: organizationRouter,
|
organization: organizationRouter,
|
||||||
licenseKey: licenseKeyRouter,
|
licenseKey: licenseKeyRouter,
|
||||||
sso: ssoRouter,
|
sso: ssoRouter,
|
||||||
|
scim: scimRouter,
|
||||||
forwardAuth: forwardAuthRouter,
|
forwardAuth: forwardAuthRouter,
|
||||||
whitelabeling: whitelabelingRouter,
|
whitelabeling: whitelabelingRouter,
|
||||||
customRole: customRoleRouter,
|
customRole: customRoleRouter,
|
||||||
|
|||||||
75
apps/dokploy/server/api/routers/proprietary/scim.ts
Normal file
75
apps/dokploy/server/api/routers/proprietary/scim.ts
Normal file
@@ -0,0 +1,75 @@
|
|||||||
|
import { db } from "@dokploy/server/db";
|
||||||
|
import { scimProvider } from "@dokploy/server/db/schema";
|
||||||
|
import { requestToHeaders } from "@dokploy/server/index";
|
||||||
|
import { auth } from "@dokploy/server/lib/auth";
|
||||||
|
import { TRPCError } from "@trpc/server";
|
||||||
|
import { and, asc, eq } from "drizzle-orm";
|
||||||
|
import { z } from "zod";
|
||||||
|
import { createTRPCRouter, enterpriseProcedure } from "@/server/api/trpc";
|
||||||
|
|
||||||
|
const providerIdSchema = z
|
||||||
|
.string()
|
||||||
|
.min(1)
|
||||||
|
.max(64)
|
||||||
|
.regex(
|
||||||
|
/^[a-z0-9][a-z0-9-]*$/,
|
||||||
|
"Provider ID must be lowercase alphanumeric with optional dashes",
|
||||||
|
);
|
||||||
|
|
||||||
|
export const scimRouter = createTRPCRouter({
|
||||||
|
listProviders: enterpriseProcedure.query(async ({ ctx }) => {
|
||||||
|
const providers = await db.query.scimProvider.findMany({
|
||||||
|
where: eq(scimProvider.organizationId, ctx.session.activeOrganizationId),
|
||||||
|
columns: {
|
||||||
|
id: true,
|
||||||
|
providerId: true,
|
||||||
|
organizationId: true,
|
||||||
|
},
|
||||||
|
orderBy: [asc(scimProvider.providerId)],
|
||||||
|
});
|
||||||
|
return providers;
|
||||||
|
}),
|
||||||
|
generateToken: enterpriseProcedure
|
||||||
|
.input(z.object({ providerId: providerIdSchema }))
|
||||||
|
.mutation(async ({ ctx, input }) => {
|
||||||
|
const existing = await db.query.scimProvider.findFirst({
|
||||||
|
where: eq(scimProvider.providerId, input.providerId),
|
||||||
|
columns: { id: true, organizationId: true },
|
||||||
|
});
|
||||||
|
if (existing) {
|
||||||
|
throw new TRPCError({
|
||||||
|
code: "BAD_REQUEST",
|
||||||
|
message: "A SCIM provider with this ID already exists",
|
||||||
|
});
|
||||||
|
}
|
||||||
|
const result = await auth.generateSCIMToken({
|
||||||
|
body: {
|
||||||
|
providerId: input.providerId,
|
||||||
|
organizationId: ctx.session.activeOrganizationId,
|
||||||
|
},
|
||||||
|
headers: requestToHeaders(ctx.req),
|
||||||
|
});
|
||||||
|
return { scimToken: result.scimToken, providerId: input.providerId };
|
||||||
|
}),
|
||||||
|
deleteProvider: enterpriseProcedure
|
||||||
|
.input(z.object({ providerId: providerIdSchema }))
|
||||||
|
.mutation(async ({ ctx, input }) => {
|
||||||
|
const [deleted] = await db
|
||||||
|
.delete(scimProvider)
|
||||||
|
.where(
|
||||||
|
and(
|
||||||
|
eq(scimProvider.providerId, input.providerId),
|
||||||
|
eq(scimProvider.organizationId, ctx.session.activeOrganizationId),
|
||||||
|
),
|
||||||
|
)
|
||||||
|
.returning({ id: scimProvider.id });
|
||||||
|
if (!deleted) {
|
||||||
|
throw new TRPCError({
|
||||||
|
code: "NOT_FOUND",
|
||||||
|
message:
|
||||||
|
"SCIM provider not found or you do not have permission to delete it",
|
||||||
|
});
|
||||||
|
}
|
||||||
|
return { success: true };
|
||||||
|
}),
|
||||||
|
});
|
||||||
@@ -8,6 +8,7 @@ import {
|
|||||||
requestToHeaders,
|
requestToHeaders,
|
||||||
} from "@dokploy/server/index";
|
} from "@dokploy/server/index";
|
||||||
import { auth } from "@dokploy/server/lib/auth";
|
import { auth } from "@dokploy/server/lib/auth";
|
||||||
|
import { invalidateTrustedOriginsCache } from "@dokploy/server/services/admin";
|
||||||
import { getWebServerSettings } from "@dokploy/server/services/web-server-settings";
|
import { getWebServerSettings } from "@dokploy/server/services/web-server-settings";
|
||||||
import { TRPCError } from "@trpc/server";
|
import { TRPCError } from "@trpc/server";
|
||||||
import { and, asc, eq } from "drizzle-orm";
|
import { and, asc, eq } from "drizzle-orm";
|
||||||
@@ -319,6 +320,7 @@ export const ssoRouter = createTRPCRouter({
|
|||||||
.update(user)
|
.update(user)
|
||||||
.set({ trustedOrigins: next })
|
.set({ trustedOrigins: next })
|
||||||
.where(eq(user.id, ownerId));
|
.where(eq(user.id, ownerId));
|
||||||
|
invalidateTrustedOriginsCache();
|
||||||
return { success: true };
|
return { success: true };
|
||||||
}),
|
}),
|
||||||
removeTrustedOrigin: enterpriseProcedure
|
removeTrustedOrigin: enterpriseProcedure
|
||||||
@@ -346,6 +348,7 @@ export const ssoRouter = createTRPCRouter({
|
|||||||
.update(user)
|
.update(user)
|
||||||
.set({ trustedOrigins: next })
|
.set({ trustedOrigins: next })
|
||||||
.where(eq(user.id, ownerId));
|
.where(eq(user.id, ownerId));
|
||||||
|
invalidateTrustedOriginsCache();
|
||||||
return { success: true };
|
return { success: true };
|
||||||
}),
|
}),
|
||||||
updateTrustedOrigin: enterpriseProcedure
|
updateTrustedOrigin: enterpriseProcedure
|
||||||
@@ -379,6 +382,7 @@ export const ssoRouter = createTRPCRouter({
|
|||||||
.update(user)
|
.update(user)
|
||||||
.set({ trustedOrigins: next })
|
.set({ trustedOrigins: next })
|
||||||
.where(eq(user.id, ownerId));
|
.where(eq(user.id, ownerId));
|
||||||
|
invalidateTrustedOriginsCache();
|
||||||
return { success: true };
|
return { success: true };
|
||||||
}),
|
}),
|
||||||
});
|
});
|
||||||
|
|||||||
@@ -1,5 +1,7 @@
|
|||||||
import {
|
import {
|
||||||
|
getPublicWhitelabelingConfig,
|
||||||
getWebServerSettings,
|
getWebServerSettings,
|
||||||
|
hasValidLicense,
|
||||||
IS_CLOUD,
|
IS_CLOUD,
|
||||||
updateWebServerSettings,
|
updateWebServerSettings,
|
||||||
} from "@dokploy/server";
|
} from "@dokploy/server";
|
||||||
@@ -13,10 +15,13 @@ import {
|
|||||||
} from "../../trpc";
|
} from "../../trpc";
|
||||||
|
|
||||||
export const whitelabelingRouter = createTRPCRouter({
|
export const whitelabelingRouter = createTRPCRouter({
|
||||||
get: protectedProcedure.query(async () => {
|
get: protectedProcedure.query(async ({ ctx }) => {
|
||||||
if (IS_CLOUD) {
|
if (IS_CLOUD) {
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
|
if (!(await hasValidLicense(ctx.session.activeOrganizationId))) {
|
||||||
|
return null;
|
||||||
|
}
|
||||||
const settings = await getWebServerSettings();
|
const settings = await getWebServerSettings();
|
||||||
return settings?.whitelabelingConfig ?? null;
|
return settings?.whitelabelingConfig ?? null;
|
||||||
}),
|
}),
|
||||||
@@ -82,25 +87,5 @@ export const whitelabelingRouter = createTRPCRouter({
|
|||||||
|
|
||||||
// Public endpoint only for unauthenticated pages (login, register, error)
|
// Public endpoint only for unauthenticated pages (login, register, error)
|
||||||
// Returns only the fields needed for public pages
|
// Returns only the fields needed for public pages
|
||||||
getPublic: publicProcedure.query(async () => {
|
getPublic: publicProcedure.query(() => getPublicWhitelabelingConfig()),
|
||||||
if (IS_CLOUD) {
|
|
||||||
return null;
|
|
||||||
}
|
|
||||||
const settings = await getWebServerSettings();
|
|
||||||
const config = settings?.whitelabelingConfig;
|
|
||||||
if (!config) return null;
|
|
||||||
|
|
||||||
return {
|
|
||||||
appName: config.appName,
|
|
||||||
appDescription: config.appDescription,
|
|
||||||
logoUrl: config.logoUrl,
|
|
||||||
loginLogoUrl: config.loginLogoUrl,
|
|
||||||
faviconUrl: config.faviconUrl,
|
|
||||||
customCss: config.customCss,
|
|
||||||
metaTitle: config.metaTitle,
|
|
||||||
errorPageTitle: config.errorPageTitle,
|
|
||||||
errorPageDescription: config.errorPageDescription,
|
|
||||||
footerText: config.footerText,
|
|
||||||
};
|
|
||||||
}),
|
|
||||||
});
|
});
|
||||||
|
|||||||
@@ -46,7 +46,6 @@ import {
|
|||||||
redis,
|
redis,
|
||||||
server,
|
server,
|
||||||
} from "@/server/db/schema";
|
} from "@/server/db/schema";
|
||||||
import { assertBuildsConcurrencyAllowed } from "@/server/queues/concurrency";
|
|
||||||
import { applyDockerCleanupSchedule } from "@/server/utils/docker-cleanup";
|
import { applyDockerCleanupSchedule } from "@/server/utils/docker-cleanup";
|
||||||
|
|
||||||
export const serverRouter = createTRPCRouter({
|
export const serverRouter = createTRPCRouter({
|
||||||
@@ -491,10 +490,6 @@ export const serverRouter = createTRPCRouter({
|
|||||||
message: "You are not authorized to update this server",
|
message: "You are not authorized to update this server",
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
await assertBuildsConcurrencyAllowed(
|
|
||||||
input.buildsConcurrency,
|
|
||||||
ctx.session.activeOrganizationId,
|
|
||||||
);
|
|
||||||
return await updateServerById(input.serverId, {
|
return await updateServerById(input.serverId, {
|
||||||
buildsConcurrency: input.buildsConcurrency,
|
buildsConcurrency: input.buildsConcurrency,
|
||||||
});
|
});
|
||||||
|
|||||||
@@ -71,7 +71,6 @@ import {
|
|||||||
projects,
|
projects,
|
||||||
server,
|
server,
|
||||||
} from "@/server/db/schema";
|
} from "@/server/db/schema";
|
||||||
import { assertBuildsConcurrencyAllowed } from "@/server/queues/concurrency";
|
|
||||||
import { cleanAllDeploymentQueue } from "@/server/queues/queueSetup";
|
import { cleanAllDeploymentQueue } from "@/server/queues/queueSetup";
|
||||||
import { removeJob, schedule } from "@/server/utils/backup";
|
import { removeJob, schedule } from "@/server/utils/backup";
|
||||||
import packageInfo from "../../../package.json";
|
import packageInfo from "../../../package.json";
|
||||||
@@ -480,11 +479,6 @@ export const settingsRouter = createTRPCRouter({
|
|||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
await assertBuildsConcurrencyAllowed(
|
|
||||||
input.buildsConcurrency,
|
|
||||||
ctx.session.activeOrganizationId,
|
|
||||||
);
|
|
||||||
|
|
||||||
await updateWebServerSettings({
|
await updateWebServerSettings({
|
||||||
buildsConcurrency: input.buildsConcurrency,
|
buildsConcurrency: input.buildsConcurrency,
|
||||||
});
|
});
|
||||||
|
|||||||
@@ -1,32 +1,30 @@
|
|||||||
import { db } from "@dokploy/server/db";
|
import { db } from "@dokploy/server/db";
|
||||||
import { organization, server } from "@dokploy/server/db/schema";
|
import { server } from "@dokploy/server/db/schema";
|
||||||
import { hasValidLicense } from "@dokploy/server/services/proprietary/license-key";
|
|
||||||
import { getWebServerSettings } from "@dokploy/server/services/web-server-settings";
|
import { getWebServerSettings } from "@dokploy/server/services/web-server-settings";
|
||||||
import { TRPCError } from "@trpc/server";
|
|
||||||
import { eq } from "drizzle-orm";
|
import { eq } from "drizzle-orm";
|
||||||
import { LOCAL_PARTITION } from "./in-memory-queue";
|
import { LOCAL_PARTITION } from "./in-memory-queue";
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Resolve the effective builds concurrency for a queue partition.
|
* Resolve the effective builds concurrency for a queue partition.
|
||||||
*
|
*
|
||||||
* Concurrent deployments (concurrency > 1) are an enterprise feature: without a
|
|
||||||
* valid license the effective concurrency is always clamped to 1, so the
|
|
||||||
* community experience is unchanged and an expired license degrades gracefully
|
|
||||||
* back to sequential deployments instead of breaking anything.
|
|
||||||
*
|
|
||||||
* - `LOCAL_PARTITION` -> concurrency stored on the web server settings (the
|
* - `LOCAL_PARTITION` -> concurrency stored on the web server settings (the
|
||||||
* local Dokploy web server), gated by the owner organization's license.
|
* local Dokploy web server).
|
||||||
* - any other partition -> concurrency stored on the matching `server` row,
|
* - any other partition -> concurrency stored on the matching `server` row.
|
||||||
* gated by that server's organization license.
|
|
||||||
*/
|
*/
|
||||||
export const resolveBuildsConcurrency = async (
|
export const resolveBuildsConcurrency = async (
|
||||||
partition: string,
|
partition: string,
|
||||||
): Promise<number> => {
|
): Promise<number> => {
|
||||||
try {
|
try {
|
||||||
if (partition === LOCAL_PARTITION) {
|
if (partition === LOCAL_PARTITION) {
|
||||||
return await resolveLocalConcurrency();
|
const settings = await getWebServerSettings();
|
||||||
|
return normalize(settings?.buildsConcurrency ?? 1);
|
||||||
}
|
}
|
||||||
return await resolveServerConcurrency(partition);
|
|
||||||
|
const currentServer = await db.query.server.findFirst({
|
||||||
|
where: eq(server.serverId, partition),
|
||||||
|
columns: { buildsConcurrency: true },
|
||||||
|
});
|
||||||
|
return normalize(currentServer?.buildsConcurrency ?? 1);
|
||||||
} catch (error) {
|
} catch (error) {
|
||||||
console.error(
|
console.error(
|
||||||
"Failed to resolve builds concurrency, defaulting to 1",
|
"Failed to resolve builds concurrency, defaulting to 1",
|
||||||
@@ -36,55 +34,4 @@ export const resolveBuildsConcurrency = async (
|
|||||||
}
|
}
|
||||||
};
|
};
|
||||||
|
|
||||||
// Max concurrent builds allowed without an enterprise license. With a valid
|
const normalize = (value: number): number => Math.max(1, Math.floor(value));
|
||||||
// license the value is unbounded (N) — only the free tier is capped.
|
|
||||||
export const FREE_MAX_CONCURRENCY = 2;
|
|
||||||
|
|
||||||
const clamp = (value: number, licensed: boolean): number => {
|
|
||||||
const min = Math.max(1, Math.floor(value));
|
|
||||||
return licensed ? min : Math.min(FREE_MAX_CONCURRENCY, min);
|
|
||||||
};
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Validate a requested builds-concurrency value before persisting it. Free tier
|
|
||||||
* may set up to FREE_MAX_CONCURRENCY; anything higher requires a valid
|
|
||||||
* enterprise license. Throws a TRPCError when the value is not allowed.
|
|
||||||
*/
|
|
||||||
export const assertBuildsConcurrencyAllowed = async (
|
|
||||||
value: number,
|
|
||||||
organizationId: string,
|
|
||||||
): Promise<void> => {
|
|
||||||
if (value <= FREE_MAX_CONCURRENCY) return;
|
|
||||||
const licensed = await hasValidLicense(organizationId);
|
|
||||||
if (!licensed) {
|
|
||||||
throw new TRPCError({
|
|
||||||
code: "FORBIDDEN",
|
|
||||||
message: `A valid enterprise license is required to set more than ${FREE_MAX_CONCURRENCY} concurrent builds.`,
|
|
||||||
});
|
|
||||||
}
|
|
||||||
};
|
|
||||||
|
|
||||||
const resolveLocalConcurrency = async (): Promise<number> => {
|
|
||||||
const settings = await getWebServerSettings();
|
|
||||||
const buildsConcurrency = settings?.buildsConcurrency ?? 1;
|
|
||||||
|
|
||||||
// Self-hosted is single-tenant; gate on any organization's license.
|
|
||||||
const anyOrg = await db.query.organization.findFirst({
|
|
||||||
columns: { id: true },
|
|
||||||
});
|
|
||||||
const licensed = anyOrg ? await hasValidLicense(anyOrg.id) : false;
|
|
||||||
|
|
||||||
return clamp(buildsConcurrency, licensed);
|
|
||||||
};
|
|
||||||
|
|
||||||
const resolveServerConcurrency = async (serverId: string): Promise<number> => {
|
|
||||||
const currentServer = await db.query.server.findFirst({
|
|
||||||
where: eq(server.serverId, serverId),
|
|
||||||
columns: { buildsConcurrency: true, organizationId: true },
|
|
||||||
});
|
|
||||||
|
|
||||||
if (!currentServer) return 1;
|
|
||||||
|
|
||||||
const licensed = await hasValidLicense(currentServer.organizationId);
|
|
||||||
return clamp(currentServer.buildsConcurrency, licensed);
|
|
||||||
};
|
|
||||||
|
|||||||
@@ -12,8 +12,8 @@ import type { DeploymentJob } from "./queue-types";
|
|||||||
* Deployment queue.
|
* Deployment queue.
|
||||||
*
|
*
|
||||||
* Self-hosted uses an in-memory, per-group FIFO queue with configurable
|
* Self-hosted uses an in-memory, per-group FIFO queue with configurable
|
||||||
* concurrency per server (enterprise-gated). Cloud does not use the queue at
|
* concurrency per server. Cloud does not use the queue at all — deployments
|
||||||
* all — deployments run directly in the background — so we expose a no-op.
|
* run directly in the background — so we expose a no-op.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
interface DeploymentQueue {
|
interface DeploymentQueue {
|
||||||
|
|||||||
@@ -46,7 +46,9 @@
|
|||||||
},
|
},
|
||||||
"pnpm": {
|
"pnpm": {
|
||||||
"overrides": {
|
"overrides": {
|
||||||
"esbuild": "0.20.2"
|
"esbuild": "0.20.2",
|
||||||
|
"better-call": "1.3.7",
|
||||||
|
"@better-fetch/fetch": "1.3.1"
|
||||||
},
|
},
|
||||||
"peerDependencyRules": {
|
"peerDependencyRules": {
|
||||||
"ignoreMissing": [
|
"ignoreMissing": [
|
||||||
|
|||||||
@@ -22,6 +22,9 @@ export const user = pgTable("user", {
|
|||||||
.notNull(),
|
.notNull(),
|
||||||
twoFactorEnabled: boolean("two_factor_enabled").default(false),
|
twoFactorEnabled: boolean("two_factor_enabled").default(false),
|
||||||
role: text("role"),
|
role: text("role"),
|
||||||
|
banned: boolean("banned").default(false),
|
||||||
|
banReason: text("ban_reason"),
|
||||||
|
banExpires: timestamp("ban_expires"),
|
||||||
ownerId: text("owner_id"),
|
ownerId: text("owner_id"),
|
||||||
allowImpersonation: boolean("allow_impersonation").default(false),
|
allowImpersonation: boolean("allow_impersonation").default(false),
|
||||||
lastName: text("last_name").default(""),
|
lastName: text("last_name").default(""),
|
||||||
@@ -45,6 +48,7 @@ export const session = pgTable(
|
|||||||
.notNull()
|
.notNull()
|
||||||
.references(() => user.id, { onDelete: "cascade" }),
|
.references(() => user.id, { onDelete: "cascade" }),
|
||||||
activeOrganizationId: text("active_organization_id"),
|
activeOrganizationId: text("active_organization_id"),
|
||||||
|
impersonatedBy: text("impersonated_by"),
|
||||||
},
|
},
|
||||||
(table) => [index("session_userId_idx").on(table.userId)],
|
(table) => [index("session_userId_idx").on(table.userId)],
|
||||||
);
|
);
|
||||||
@@ -142,6 +146,9 @@ export const twoFactor = pgTable(
|
|||||||
userId: text("user_id")
|
userId: text("user_id")
|
||||||
.notNull()
|
.notNull()
|
||||||
.references(() => user.id, { onDelete: "cascade" }),
|
.references(() => user.id, { onDelete: "cascade" }),
|
||||||
|
verified: boolean("verified").default(true),
|
||||||
|
failedVerificationCount: integer("failed_verification_count").default(0),
|
||||||
|
lockedUntil: timestamp("locked_until"),
|
||||||
},
|
},
|
||||||
(table) => [
|
(table) => [
|
||||||
index("twoFactor_secret_idx").on(table.secret),
|
index("twoFactor_secret_idx").on(table.secret),
|
||||||
@@ -223,6 +230,13 @@ export const invitation = pgTable(
|
|||||||
],
|
],
|
||||||
);
|
);
|
||||||
|
|
||||||
|
export const scimProvider = pgTable("scim_provider", {
|
||||||
|
id: text("id").primaryKey(),
|
||||||
|
providerId: text("provider_id").notNull().unique(),
|
||||||
|
scimToken: text("scim_token").notNull().unique(),
|
||||||
|
organizationId: text("organization_id"),
|
||||||
|
});
|
||||||
|
|
||||||
export const userRelations = relations(user, ({ many }) => ({
|
export const userRelations = relations(user, ({ many }) => ({
|
||||||
sessions: many(session),
|
sessions: many(session),
|
||||||
accounts: many(account),
|
accounts: many(account),
|
||||||
|
|||||||
@@ -37,9 +37,10 @@
|
|||||||
"@ai-sdk/mistral": "^3.0.20",
|
"@ai-sdk/mistral": "^3.0.20",
|
||||||
"@ai-sdk/openai": "^3.0.29",
|
"@ai-sdk/openai": "^3.0.29",
|
||||||
"@ai-sdk/openai-compatible": "^2.0.30",
|
"@ai-sdk/openai-compatible": "^2.0.30",
|
||||||
"@better-auth/api-key": "1.5.4",
|
"@better-auth/api-key": "1.6.23",
|
||||||
"@better-auth/sso": "1.5.4",
|
"@better-auth/scim": "1.6.23",
|
||||||
"@better-auth/utils": "0.3.1",
|
"@better-auth/sso": "1.6.23",
|
||||||
|
"@better-auth/utils": "0.4.2",
|
||||||
"@faker-js/faker": "^8.4.1",
|
"@faker-js/faker": "^8.4.1",
|
||||||
"@octokit/auth-app": "^6.1.3",
|
"@octokit/auth-app": "^6.1.3",
|
||||||
"@octokit/rest": "^20.1.2",
|
"@octokit/rest": "^20.1.2",
|
||||||
@@ -51,15 +52,14 @@
|
|||||||
"ai": "^6.0.86",
|
"ai": "^6.0.86",
|
||||||
"ai-sdk-ollama": "^3.7.0",
|
"ai-sdk-ollama": "^3.7.0",
|
||||||
"bcrypt": "5.1.1",
|
"bcrypt": "5.1.1",
|
||||||
"better-auth": "1.5.4",
|
"better-auth": "1.6.23",
|
||||||
"better-call": "2.0.2",
|
|
||||||
"bl": "6.0.11",
|
"bl": "6.0.11",
|
||||||
"boxen": "^7.1.1",
|
"boxen": "^7.1.1",
|
||||||
"date-fns": "3.6.0",
|
"date-fns": "3.6.0",
|
||||||
"dockerode": "4.0.2",
|
"dockerode": "4.0.2",
|
||||||
"dotenv": "16.4.5",
|
"dotenv": "16.4.5",
|
||||||
"drizzle-dbml-generator": "0.10.0",
|
"drizzle-dbml-generator": "0.10.0",
|
||||||
"drizzle-orm": "0.45.1",
|
"drizzle-orm": "0.45.2",
|
||||||
"drizzle-zod": "0.5.1",
|
"drizzle-zod": "0.5.1",
|
||||||
"lodash": "4.17.21",
|
"lodash": "4.17.21",
|
||||||
"micromatch": "4.0.8",
|
"micromatch": "4.0.8",
|
||||||
@@ -87,7 +87,6 @@
|
|||||||
"zod": "^4.3.6"
|
"zod": "^4.3.6"
|
||||||
},
|
},
|
||||||
"devDependencies": {
|
"devDependencies": {
|
||||||
"@better-auth/cli": "1.4.21",
|
|
||||||
"@types/adm-zip": "^0.5.7",
|
"@types/adm-zip": "^0.5.7",
|
||||||
"@types/bcrypt": "5.0.2",
|
"@types/bcrypt": "5.0.2",
|
||||||
"@types/dockerode": "3.3.23",
|
"@types/dockerode": "3.3.23",
|
||||||
|
|||||||
@@ -81,7 +81,17 @@ const getDockerConfig = (): Docker => {
|
|||||||
return new Docker({ ...versionOption });
|
return new Docker({ ...versionOption });
|
||||||
};
|
};
|
||||||
|
|
||||||
export const docker = getDockerConfig();
|
// Igual que db: el módulo se evalúa una vez por copia bundleada, el cache
|
||||||
|
// evita crear un cliente (y loguear la detección del socket) por cada una.
|
||||||
|
const globalForDocker = globalThis as unknown as {
|
||||||
|
docker?: Docker;
|
||||||
|
};
|
||||||
|
|
||||||
|
if (!globalForDocker.docker) {
|
||||||
|
globalForDocker.docker = getDockerConfig();
|
||||||
|
}
|
||||||
|
|
||||||
|
export const docker = globalForDocker.docker;
|
||||||
|
|
||||||
export const paths = (isServer = false) => {
|
export const paths = (isServer = false) => {
|
||||||
const BASE_PATH =
|
const BASE_PATH =
|
||||||
|
|||||||
@@ -9,32 +9,19 @@ export * from "./schema";
|
|||||||
|
|
||||||
type Database = PostgresJsDatabase<typeof schema>;
|
type Database = PostgresJsDatabase<typeof schema>;
|
||||||
|
|
||||||
/**
|
// Este módulo se evalúa varias veces por proceso (copias duplicadas por
|
||||||
* Evita problemas de redeclaración global en monorepos.
|
// esbuild y los chunks de Next); el cache en globalThis garantiza un solo
|
||||||
* No usamos `declare global`.
|
// pool de conexiones por proceso.
|
||||||
*/
|
|
||||||
const globalForDb = globalThis as unknown as {
|
const globalForDb = globalThis as unknown as {
|
||||||
db?: Database;
|
db?: Database;
|
||||||
};
|
};
|
||||||
|
|
||||||
let dbConnection: Database;
|
|
||||||
|
|
||||||
if (process.env.NODE_ENV === "production") {
|
|
||||||
// En producción no usamos global cache
|
|
||||||
dbConnection = drizzle(postgres(dbUrl), {
|
|
||||||
schema,
|
|
||||||
});
|
|
||||||
} else {
|
|
||||||
// En desarrollo reutilizamos conexión para evitar múltiples conexiones
|
|
||||||
if (!globalForDb.db) {
|
if (!globalForDb.db) {
|
||||||
globalForDb.db = drizzle(postgres(dbUrl), {
|
globalForDb.db = drizzle(postgres(dbUrl), {
|
||||||
schema,
|
schema,
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
dbConnection = globalForDb.db;
|
export const db: Database = globalForDb.db;
|
||||||
}
|
|
||||||
|
|
||||||
export const db: Database = dbConnection;
|
|
||||||
|
|
||||||
export { dbUrl };
|
export { dbUrl };
|
||||||
|
|||||||
@@ -214,6 +214,11 @@ export const twoFactor = pgTable("two_factor", {
|
|||||||
userId: text("user_id")
|
userId: text("user_id")
|
||||||
.notNull()
|
.notNull()
|
||||||
.references(() => user.id, { onDelete: "cascade" }),
|
.references(() => user.id, { onDelete: "cascade" }),
|
||||||
|
verified: boolean("verified").notNull().default(true),
|
||||||
|
failedVerificationCount: integer("failed_verification_count")
|
||||||
|
.notNull()
|
||||||
|
.default(0),
|
||||||
|
lockedUntil: timestamp("locked_until"),
|
||||||
});
|
});
|
||||||
|
|
||||||
export const apikey = pgTable("apikey", {
|
export const apikey = pgTable("apikey", {
|
||||||
|
|||||||
@@ -51,7 +51,12 @@ import {
|
|||||||
UpdateConfigSwarmSchema,
|
UpdateConfigSwarmSchema,
|
||||||
} from "./shared";
|
} from "./shared";
|
||||||
import { sshKeys } from "./ssh-key";
|
import { sshKeys } from "./ssh-key";
|
||||||
import { APP_NAME_MESSAGE, APP_NAME_REGEX, generateAppName } from "./utils";
|
import {
|
||||||
|
APP_NAME_MESSAGE,
|
||||||
|
APP_NAME_REGEX,
|
||||||
|
encryptedText,
|
||||||
|
generateAppName,
|
||||||
|
} from "./utils";
|
||||||
export const sourceType = pgEnum("sourceType", [
|
export const sourceType = pgEnum("sourceType", [
|
||||||
"docker",
|
"docker",
|
||||||
"git",
|
"git",
|
||||||
@@ -82,11 +87,11 @@ export const applications = pgTable("application", {
|
|||||||
.$defaultFn(() => generateAppName("app"))
|
.$defaultFn(() => generateAppName("app"))
|
||||||
.unique(),
|
.unique(),
|
||||||
description: text("description"),
|
description: text("description"),
|
||||||
env: text("env"),
|
env: encryptedText("env"),
|
||||||
previewEnv: text("previewEnv"),
|
previewEnv: encryptedText("previewEnv"),
|
||||||
watchPaths: text("watchPaths").array(),
|
watchPaths: text("watchPaths").array(),
|
||||||
previewBuildArgs: text("previewBuildArgs"),
|
previewBuildArgs: encryptedText("previewBuildArgs"),
|
||||||
previewBuildSecrets: text("previewBuildSecrets"),
|
previewBuildSecrets: encryptedText("previewBuildSecrets"),
|
||||||
previewLabels: text("previewLabels").array(),
|
previewLabels: text("previewLabels").array(),
|
||||||
previewWildcard: text("previewWildcard"),
|
previewWildcard: text("previewWildcard"),
|
||||||
previewPort: integer("previewPort").default(3000),
|
previewPort: integer("previewPort").default(3000),
|
||||||
@@ -105,8 +110,8 @@ export const applications = pgTable("application", {
|
|||||||
"previewRequireCollaboratorPermissions",
|
"previewRequireCollaboratorPermissions",
|
||||||
).default(true),
|
).default(true),
|
||||||
rollbackActive: boolean("rollbackActive").default(false),
|
rollbackActive: boolean("rollbackActive").default(false),
|
||||||
buildArgs: text("buildArgs"),
|
buildArgs: encryptedText("buildArgs"),
|
||||||
buildSecrets: text("buildSecrets"),
|
buildSecrets: encryptedText("buildSecrets"),
|
||||||
memoryReservation: text("memoryReservation"),
|
memoryReservation: text("memoryReservation"),
|
||||||
memoryLimit: text("memoryLimit"),
|
memoryLimit: text("memoryLimit"),
|
||||||
cpuReservation: text("cpuReservation"),
|
cpuReservation: text("cpuReservation"),
|
||||||
|
|||||||
@@ -50,6 +50,7 @@ export const backups = pgTable("backup", {
|
|||||||
.notNull()
|
.notNull()
|
||||||
.references(() => destinations.destinationId, { onDelete: "cascade" }),
|
.references(() => destinations.destinationId, { onDelete: "cascade" }),
|
||||||
keepLatestCount: integer("keepLatestCount"),
|
keepLatestCount: integer("keepLatestCount"),
|
||||||
|
includeEncryptionKey: boolean("includeEncryptionKey").notNull().default(true),
|
||||||
backupType: backupType("backupType").notNull().default("database"),
|
backupType: backupType("backupType").notNull().default("database"),
|
||||||
databaseType: databaseType("databaseType").notNull(),
|
databaseType: databaseType("databaseType").notNull(),
|
||||||
composeId: text("composeId").references(
|
composeId: text("composeId").references(
|
||||||
@@ -160,6 +161,7 @@ const createSchema = createInsertSchema(backups, {
|
|||||||
mongoId: z.string().optional(),
|
mongoId: z.string().optional(),
|
||||||
libsqlId: z.string().optional(),
|
libsqlId: z.string().optional(),
|
||||||
userId: z.string().optional(),
|
userId: z.string().optional(),
|
||||||
|
includeEncryptionKey: z.boolean().optional(),
|
||||||
metadata: z.any().optional(),
|
metadata: z.any().optional(),
|
||||||
});
|
});
|
||||||
|
|
||||||
@@ -180,6 +182,7 @@ export const apiCreateBackup = createSchema.pick({
|
|||||||
backupType: true,
|
backupType: true,
|
||||||
composeId: true,
|
composeId: true,
|
||||||
serviceName: true,
|
serviceName: true,
|
||||||
|
includeEncryptionKey: true,
|
||||||
metadata: true,
|
metadata: true,
|
||||||
});
|
});
|
||||||
|
|
||||||
@@ -206,7 +209,10 @@ export const apiUpdateBackup = createSchema
|
|||||||
metadata: true,
|
metadata: true,
|
||||||
databaseType: true,
|
databaseType: true,
|
||||||
})
|
})
|
||||||
.required();
|
.required()
|
||||||
|
.extend({
|
||||||
|
includeEncryptionKey: z.boolean().optional(),
|
||||||
|
});
|
||||||
|
|
||||||
export const apiRestoreBackup = z.object({
|
export const apiRestoreBackup = z.object({
|
||||||
databaseId: z.string(),
|
databaseId: z.string(),
|
||||||
|
|||||||
@@ -17,7 +17,12 @@ import { schedules } from "./schedule";
|
|||||||
import { server } from "./server";
|
import { server } from "./server";
|
||||||
import { applicationStatus, triggerType } from "./shared";
|
import { applicationStatus, triggerType } from "./shared";
|
||||||
import { sshKeys } from "./ssh-key";
|
import { sshKeys } from "./ssh-key";
|
||||||
import { APP_NAME_MESSAGE, APP_NAME_REGEX, generateAppName } from "./utils";
|
import {
|
||||||
|
APP_NAME_MESSAGE,
|
||||||
|
APP_NAME_REGEX,
|
||||||
|
encryptedText,
|
||||||
|
generateAppName,
|
||||||
|
} from "./utils";
|
||||||
export const sourceTypeCompose = pgEnum("sourceTypeCompose", [
|
export const sourceTypeCompose = pgEnum("sourceTypeCompose", [
|
||||||
"git",
|
"git",
|
||||||
"github",
|
"github",
|
||||||
@@ -39,7 +44,7 @@ export const compose = pgTable("compose", {
|
|||||||
.notNull()
|
.notNull()
|
||||||
.$defaultFn(() => generateAppName("compose")),
|
.$defaultFn(() => generateAppName("compose")),
|
||||||
description: text("description"),
|
description: text("description"),
|
||||||
env: text("env"),
|
env: encryptedText("env"),
|
||||||
composeFile: text("composeFile").notNull().default(""),
|
composeFile: text("composeFile").notNull().default(""),
|
||||||
refreshToken: text("refreshToken").$defaultFn(() => nanoid()),
|
refreshToken: text("refreshToken").$defaultFn(() => nanoid()),
|
||||||
sourceType: sourceTypeCompose("sourceType").notNull().default("github"),
|
sourceType: sourceTypeCompose("sourceType").notNull().default("github"),
|
||||||
|
|||||||
@@ -11,6 +11,7 @@ import { mysql } from "./mysql";
|
|||||||
import { postgres } from "./postgres";
|
import { postgres } from "./postgres";
|
||||||
import { projects } from "./project";
|
import { projects } from "./project";
|
||||||
import { redis } from "./redis";
|
import { redis } from "./redis";
|
||||||
|
import { encryptedText } from "./utils";
|
||||||
|
|
||||||
export const environments = pgTable("environment", {
|
export const environments = pgTable("environment", {
|
||||||
environmentId: text("environmentId")
|
environmentId: text("environmentId")
|
||||||
@@ -22,7 +23,7 @@ export const environments = pgTable("environment", {
|
|||||||
createdAt: text("createdAt")
|
createdAt: text("createdAt")
|
||||||
.notNull()
|
.notNull()
|
||||||
.$defaultFn(() => new Date().toISOString()),
|
.$defaultFn(() => new Date().toISOString()),
|
||||||
env: text("env").notNull().default(""),
|
env: encryptedText("env").notNull().default(""),
|
||||||
projectId: text("projectId")
|
projectId: text("projectId")
|
||||||
.notNull()
|
.notNull()
|
||||||
.references(() => projects.projectId, { onDelete: "cascade" }),
|
.references(() => projects.projectId, { onDelete: "cascade" }),
|
||||||
|
|||||||
@@ -31,6 +31,7 @@ export * from "./redis";
|
|||||||
export * from "./registry";
|
export * from "./registry";
|
||||||
export * from "./rollbacks";
|
export * from "./rollbacks";
|
||||||
export * from "./schedule";
|
export * from "./schedule";
|
||||||
|
export * from "./scim";
|
||||||
export * from "./security";
|
export * from "./security";
|
||||||
export * from "./server";
|
export * from "./server";
|
||||||
export * from "./session";
|
export * from "./session";
|
||||||
|
|||||||
@@ -37,6 +37,7 @@ import {
|
|||||||
import {
|
import {
|
||||||
DATABASE_PASSWORD_MESSAGE,
|
DATABASE_PASSWORD_MESSAGE,
|
||||||
DATABASE_PASSWORD_REGEX,
|
DATABASE_PASSWORD_REGEX,
|
||||||
|
encryptedText,
|
||||||
generateAppName,
|
generateAppName,
|
||||||
} from "./utils";
|
} from "./utils";
|
||||||
|
|
||||||
@@ -58,7 +59,7 @@ export const libsql = pgTable("libsql", {
|
|||||||
enableNamespaces: boolean("enableNamespaces").notNull().default(false),
|
enableNamespaces: boolean("enableNamespaces").notNull().default(false),
|
||||||
dockerImage: text("dockerImage").notNull(),
|
dockerImage: text("dockerImage").notNull(),
|
||||||
command: text("command"),
|
command: text("command"),
|
||||||
env: text("env"),
|
env: encryptedText("env"),
|
||||||
// RESOURCES
|
// RESOURCES
|
||||||
memoryReservation: text("memoryReservation"),
|
memoryReservation: text("memoryReservation"),
|
||||||
memoryLimit: text("memoryLimit"),
|
memoryLimit: text("memoryLimit"),
|
||||||
|
|||||||
@@ -33,6 +33,7 @@ import {
|
|||||||
APP_NAME_REGEX,
|
APP_NAME_REGEX,
|
||||||
DATABASE_PASSWORD_MESSAGE,
|
DATABASE_PASSWORD_MESSAGE,
|
||||||
DATABASE_PASSWORD_REGEX,
|
DATABASE_PASSWORD_REGEX,
|
||||||
|
encryptedText,
|
||||||
generateAppName,
|
generateAppName,
|
||||||
} from "./utils";
|
} from "./utils";
|
||||||
|
|
||||||
@@ -54,7 +55,7 @@ export const mariadb = pgTable("mariadb", {
|
|||||||
dockerImage: text("dockerImage").notNull(),
|
dockerImage: text("dockerImage").notNull(),
|
||||||
command: text("command"),
|
command: text("command"),
|
||||||
args: text("args").array(),
|
args: text("args").array(),
|
||||||
env: text("env"),
|
env: encryptedText("env"),
|
||||||
// RESOURCES
|
// RESOURCES
|
||||||
memoryReservation: text("memoryReservation"),
|
memoryReservation: text("memoryReservation"),
|
||||||
memoryLimit: text("memoryLimit"),
|
memoryLimit: text("memoryLimit"),
|
||||||
|
|||||||
@@ -40,6 +40,7 @@ import {
|
|||||||
APP_NAME_REGEX,
|
APP_NAME_REGEX,
|
||||||
DATABASE_PASSWORD_MESSAGE,
|
DATABASE_PASSWORD_MESSAGE,
|
||||||
DATABASE_PASSWORD_REGEX,
|
DATABASE_PASSWORD_REGEX,
|
||||||
|
encryptedText,
|
||||||
generateAppName,
|
generateAppName,
|
||||||
} from "./utils";
|
} from "./utils";
|
||||||
|
|
||||||
@@ -59,7 +60,7 @@ export const mongo = pgTable("mongo", {
|
|||||||
dockerImage: text("dockerImage").notNull().default("mongo:8"),
|
dockerImage: text("dockerImage").notNull().default("mongo:8"),
|
||||||
command: text("command"),
|
command: text("command"),
|
||||||
args: text("args").array(),
|
args: text("args").array(),
|
||||||
env: text("env"),
|
env: encryptedText("env"),
|
||||||
memoryReservation: text("memoryReservation"),
|
memoryReservation: text("memoryReservation"),
|
||||||
memoryLimit: text("memoryLimit"),
|
memoryLimit: text("memoryLimit"),
|
||||||
cpuReservation: text("cpuReservation"),
|
cpuReservation: text("cpuReservation"),
|
||||||
|
|||||||
@@ -33,6 +33,7 @@ import {
|
|||||||
APP_NAME_REGEX,
|
APP_NAME_REGEX,
|
||||||
DATABASE_PASSWORD_MESSAGE,
|
DATABASE_PASSWORD_MESSAGE,
|
||||||
DATABASE_PASSWORD_REGEX,
|
DATABASE_PASSWORD_REGEX,
|
||||||
|
encryptedText,
|
||||||
generateAppName,
|
generateAppName,
|
||||||
} from "./utils";
|
} from "./utils";
|
||||||
|
|
||||||
@@ -54,7 +55,7 @@ export const mysql = pgTable("mysql", {
|
|||||||
dockerImage: text("dockerImage").notNull(),
|
dockerImage: text("dockerImage").notNull(),
|
||||||
command: text("command"),
|
command: text("command"),
|
||||||
args: text("args").array(),
|
args: text("args").array(),
|
||||||
env: text("env"),
|
env: encryptedText("env"),
|
||||||
memoryReservation: text("memoryReservation"),
|
memoryReservation: text("memoryReservation"),
|
||||||
memoryLimit: text("memoryLimit"),
|
memoryLimit: text("memoryLimit"),
|
||||||
cpuReservation: text("cpuReservation"),
|
cpuReservation: text("cpuReservation"),
|
||||||
|
|||||||
@@ -33,6 +33,7 @@ import {
|
|||||||
APP_NAME_REGEX,
|
APP_NAME_REGEX,
|
||||||
DATABASE_PASSWORD_MESSAGE,
|
DATABASE_PASSWORD_MESSAGE,
|
||||||
DATABASE_PASSWORD_REGEX,
|
DATABASE_PASSWORD_REGEX,
|
||||||
|
encryptedText,
|
||||||
generateAppName,
|
generateAppName,
|
||||||
} from "./utils";
|
} from "./utils";
|
||||||
|
|
||||||
@@ -53,7 +54,7 @@ export const postgres = pgTable("postgres", {
|
|||||||
dockerImage: text("dockerImage").notNull(),
|
dockerImage: text("dockerImage").notNull(),
|
||||||
command: text("command"),
|
command: text("command"),
|
||||||
args: text("args").array(),
|
args: text("args").array(),
|
||||||
env: text("env"),
|
env: encryptedText("env"),
|
||||||
memoryReservation: text("memoryReservation"),
|
memoryReservation: text("memoryReservation"),
|
||||||
externalPort: integer("externalPort"),
|
externalPort: integer("externalPort"),
|
||||||
memoryLimit: text("memoryLimit"),
|
memoryLimit: text("memoryLimit"),
|
||||||
|
|||||||
@@ -6,6 +6,7 @@ import { z } from "zod";
|
|||||||
import { organization } from "./account";
|
import { organization } from "./account";
|
||||||
import { environments } from "./environment";
|
import { environments } from "./environment";
|
||||||
import { projectTags } from "./tag";
|
import { projectTags } from "./tag";
|
||||||
|
import { encryptedText } from "./utils";
|
||||||
|
|
||||||
export const projects = pgTable("project", {
|
export const projects = pgTable("project", {
|
||||||
projectId: text("projectId")
|
projectId: text("projectId")
|
||||||
@@ -21,7 +22,7 @@ export const projects = pgTable("project", {
|
|||||||
organizationId: text("organizationId")
|
organizationId: text("organizationId")
|
||||||
.notNull()
|
.notNull()
|
||||||
.references(() => organization.id, { onDelete: "cascade" }),
|
.references(() => organization.id, { onDelete: "cascade" }),
|
||||||
env: text("env").notNull().default(""),
|
env: encryptedText("env").notNull().default(""),
|
||||||
});
|
});
|
||||||
|
|
||||||
export const projectRelations = relations(projects, ({ many, one }) => ({
|
export const projectRelations = relations(projects, ({ many, one }) => ({
|
||||||
@@ -37,6 +38,7 @@ const createSchema = createInsertSchema(projects, {
|
|||||||
projectId: z.string().min(1),
|
projectId: z.string().min(1),
|
||||||
name: z.string().min(1),
|
name: z.string().min(1),
|
||||||
description: z.string().optional(),
|
description: z.string().optional(),
|
||||||
|
env: z.string().optional(),
|
||||||
});
|
});
|
||||||
|
|
||||||
export const apiCreateProject = createSchema.pick({
|
export const apiCreateProject = createSchema.pick({
|
||||||
|
|||||||
@@ -27,7 +27,12 @@ import {
|
|||||||
type UpdateConfigSwarm,
|
type UpdateConfigSwarm,
|
||||||
UpdateConfigSwarmSchema,
|
UpdateConfigSwarmSchema,
|
||||||
} from "./shared";
|
} from "./shared";
|
||||||
import { APP_NAME_MESSAGE, APP_NAME_REGEX, generateAppName } from "./utils";
|
import {
|
||||||
|
APP_NAME_MESSAGE,
|
||||||
|
APP_NAME_REGEX,
|
||||||
|
encryptedText,
|
||||||
|
generateAppName,
|
||||||
|
} from "./utils";
|
||||||
|
|
||||||
export const redis = pgTable("redis", {
|
export const redis = pgTable("redis", {
|
||||||
redisId: text("redisId")
|
redisId: text("redisId")
|
||||||
@@ -44,7 +49,7 @@ export const redis = pgTable("redis", {
|
|||||||
dockerImage: text("dockerImage").notNull(),
|
dockerImage: text("dockerImage").notNull(),
|
||||||
command: text("command"),
|
command: text("command"),
|
||||||
args: text("args").array(),
|
args: text("args").array(),
|
||||||
env: text("env"),
|
env: encryptedText("env"),
|
||||||
memoryReservation: text("memoryReservation"),
|
memoryReservation: text("memoryReservation"),
|
||||||
memoryLimit: text("memoryLimit"),
|
memoryLimit: text("memoryLimit"),
|
||||||
cpuReservation: text("cpuReservation"),
|
cpuReservation: text("cpuReservation"),
|
||||||
|
|||||||
22
packages/server/src/db/schema/scim.ts
Normal file
22
packages/server/src/db/schema/scim.ts
Normal file
@@ -0,0 +1,22 @@
|
|||||||
|
import { relations } from "drizzle-orm";
|
||||||
|
import { pgTable, text } from "drizzle-orm/pg-core";
|
||||||
|
import { nanoid } from "nanoid";
|
||||||
|
import { organization } from "./account";
|
||||||
|
|
||||||
|
export const scimProvider = pgTable("scim_provider", {
|
||||||
|
id: text("id")
|
||||||
|
.primaryKey()
|
||||||
|
.$defaultFn(() => nanoid()),
|
||||||
|
providerId: text("provider_id").notNull().unique(),
|
||||||
|
scimToken: text("scim_token").notNull().unique(),
|
||||||
|
organizationId: text("organization_id").references(() => organization.id, {
|
||||||
|
onDelete: "cascade",
|
||||||
|
}),
|
||||||
|
});
|
||||||
|
|
||||||
|
export const scimProviderRelations = relations(scimProvider, ({ one }) => ({
|
||||||
|
organization: one(organization, {
|
||||||
|
fields: [scimProvider.organizationId],
|
||||||
|
references: [organization.id],
|
||||||
|
}),
|
||||||
|
}));
|
||||||
@@ -1,7 +1,36 @@
|
|||||||
|
import { decryptValue, encryptValue } from "@dokploy/server/lib/encryption";
|
||||||
import { generatePassword } from "@dokploy/server/templates";
|
import { generatePassword } from "@dokploy/server/templates";
|
||||||
import { faker } from "@faker-js/faker";
|
import { faker } from "@faker-js/faker";
|
||||||
|
import { customType } from "drizzle-orm/pg-core";
|
||||||
import { customAlphabet } from "nanoid";
|
import { customAlphabet } from "nanoid";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Text column encrypted at rest (AES-256-GCM, key derived from
|
||||||
|
* BETTER_AUTH_SECRET). Legacy plaintext values are passed through on read
|
||||||
|
* and get encrypted the next time they are written.
|
||||||
|
*/
|
||||||
|
export const encryptedText = customType<{ data: string; driverData: string }>({
|
||||||
|
dataType() {
|
||||||
|
return "text";
|
||||||
|
},
|
||||||
|
toDriver(value) {
|
||||||
|
return encryptValue(value);
|
||||||
|
},
|
||||||
|
fromDriver(value) {
|
||||||
|
try {
|
||||||
|
return decryptValue(value);
|
||||||
|
} catch {
|
||||||
|
// Fail open so a key mismatch (e.g. restoring a backup under a
|
||||||
|
// different BETTER_AUTH_SECRET) degrades to showing ciphertext
|
||||||
|
// instead of breaking every query that touches the row.
|
||||||
|
console.error(
|
||||||
|
"Failed to decrypt an encrypted column; returning the raw value. This usually means BETTER_AUTH_SECRET changed after the value was encrypted.",
|
||||||
|
);
|
||||||
|
return value;
|
||||||
|
}
|
||||||
|
},
|
||||||
|
});
|
||||||
|
|
||||||
const alphabet = "abcdefghijklmnopqrstuvwxyz123456789";
|
const alphabet = "abcdefghijklmnopqrstuvwxyz123456789";
|
||||||
|
|
||||||
const customNanoid = customAlphabet(alphabet, 6);
|
const customNanoid = customAlphabet(alphabet, 6);
|
||||||
|
|||||||
@@ -105,7 +105,7 @@ export const webServerSettings = pgTable("webServerSettings", {
|
|||||||
}),
|
}),
|
||||||
// Deployment Configuration (self-hosted only)
|
// Deployment Configuration (self-hosted only)
|
||||||
remoteServersOnly: boolean("remoteServersOnly").notNull().default(false),
|
remoteServersOnly: boolean("remoteServersOnly").notNull().default(false),
|
||||||
// Concurrent builds on the local web server (enterprise-gated to > 1)
|
// Concurrent builds on the local web server
|
||||||
buildsConcurrency: integer("buildsConcurrency").notNull().default(1),
|
buildsConcurrency: integer("buildsConcurrency").notNull().default(1),
|
||||||
// Auth Configuration (self-hosted only)
|
// Auth Configuration (self-hosted only)
|
||||||
enforceSSO: boolean("enforceSSO").notNull().default(false),
|
enforceSSO: boolean("enforceSSO").notNull().default(false),
|
||||||
|
|||||||
@@ -38,6 +38,7 @@ export * from "./services/project";
|
|||||||
export * from "./services/proprietary/forward-auth";
|
export * from "./services/proprietary/forward-auth";
|
||||||
export * from "./services/proprietary/license-key";
|
export * from "./services/proprietary/license-key";
|
||||||
export * from "./services/proprietary/sso";
|
export * from "./services/proprietary/sso";
|
||||||
|
export * from "./services/proprietary/whitelabeling";
|
||||||
export * from "./services/redirect";
|
export * from "./services/redirect";
|
||||||
export * from "./services/redis";
|
export * from "./services/redis";
|
||||||
export * from "./services/registry";
|
export * from "./services/registry";
|
||||||
|
|||||||
47
packages/server/src/lib/auth-cli.ts
Normal file
47
packages/server/src/lib/auth-cli.ts
Normal file
@@ -0,0 +1,47 @@
|
|||||||
|
import { apiKey } from "@better-auth/api-key";
|
||||||
|
import { scim } from "@better-auth/scim";
|
||||||
|
import { sso } from "@better-auth/sso";
|
||||||
|
import { betterAuth } from "better-auth";
|
||||||
|
import { drizzleAdapter } from "better-auth/adapters/drizzle";
|
||||||
|
import { admin, organization, twoFactor } from "better-auth/plugins";
|
||||||
|
import { db } from "../db";
|
||||||
|
import * as schema from "../db/schema";
|
||||||
|
import { ac, adminRole, memberRole, ownerRole } from "./access-control";
|
||||||
|
|
||||||
|
// CLI-only config for `@better-auth/cli generate` — must mirror the plugin set
|
||||||
|
// in auth.ts. Never import this from runtime code.
|
||||||
|
export const auth = betterAuth({
|
||||||
|
database: drizzleAdapter(db, {
|
||||||
|
provider: "pg",
|
||||||
|
schema,
|
||||||
|
}),
|
||||||
|
user: {
|
||||||
|
modelName: "user",
|
||||||
|
fields: {
|
||||||
|
name: "firstName",
|
||||||
|
},
|
||||||
|
additionalFields: {
|
||||||
|
role: { type: "string", input: false },
|
||||||
|
ownerId: { type: "string", input: false },
|
||||||
|
allowImpersonation: { type: "boolean", defaultValue: false },
|
||||||
|
lastName: { type: "string", required: false, defaultValue: "" },
|
||||||
|
enableEnterpriseFeatures: { type: "boolean", required: false },
|
||||||
|
isValidEnterpriseLicense: { type: "boolean", required: false },
|
||||||
|
},
|
||||||
|
},
|
||||||
|
plugins: [
|
||||||
|
apiKey({ enableMetadata: true, references: "user" }),
|
||||||
|
sso(),
|
||||||
|
twoFactor(),
|
||||||
|
organization({
|
||||||
|
ac,
|
||||||
|
roles: { owner: ownerRole, admin: adminRole, member: memberRole },
|
||||||
|
dynamicAccessControl: {
|
||||||
|
enabled: true,
|
||||||
|
maximumRolesPerOrganization: 10,
|
||||||
|
},
|
||||||
|
}),
|
||||||
|
scim(),
|
||||||
|
admin(),
|
||||||
|
],
|
||||||
|
});
|
||||||
@@ -1,10 +1,11 @@
|
|||||||
import type { IncomingMessage } from "node:http";
|
import type { IncomingMessage } from "node:http";
|
||||||
import { apiKey } from "@better-auth/api-key";
|
import { apiKey } from "@better-auth/api-key";
|
||||||
|
import { scim } from "@better-auth/scim";
|
||||||
import { sso } from "@better-auth/sso";
|
import { sso } from "@better-auth/sso";
|
||||||
import * as bcrypt from "bcrypt";
|
import * as bcrypt from "bcrypt";
|
||||||
import { betterAuth } from "better-auth";
|
import { betterAuth } from "better-auth";
|
||||||
import { drizzleAdapter } from "better-auth/adapters/drizzle";
|
import { drizzleAdapter } from "better-auth/adapters/drizzle";
|
||||||
import { APIError } from "better-auth/api";
|
import { APIError, createAuthMiddleware } from "better-auth/api";
|
||||||
import { admin, organization, twoFactor } from "better-auth/plugins";
|
import { admin, organization, twoFactor } from "better-auth/plugins";
|
||||||
import { and, desc, eq } from "drizzle-orm";
|
import { and, desc, eq } from "drizzle-orm";
|
||||||
import { IS_CLOUD } from "../constants";
|
import { IS_CLOUD } from "../constants";
|
||||||
@@ -29,7 +30,39 @@ import { getPublicIpWithFallback } from "../wss/utils";
|
|||||||
import { ac, adminRole, memberRole, ownerRole } from "./access-control";
|
import { ac, adminRole, memberRole, ownerRole } from "./access-control";
|
||||||
import { betterAuthSecret } from "./auth-secret";
|
import { betterAuthSecret } from "./auth-secret";
|
||||||
|
|
||||||
const { handler, api } = betterAuth({
|
const resolveTrustedOrigins = async () => {
|
||||||
|
try {
|
||||||
|
if (IS_CLOUD) {
|
||||||
|
return await getTrustedOrigins();
|
||||||
|
}
|
||||||
|
const [trustedOrigins, settings] = await Promise.all([
|
||||||
|
getTrustedOrigins(),
|
||||||
|
getWebServerSettings(),
|
||||||
|
]);
|
||||||
|
|
||||||
|
if (!settings) return [];
|
||||||
|
|
||||||
|
const devOrigins =
|
||||||
|
process.env.NODE_ENV === "development"
|
||||||
|
? [
|
||||||
|
"http://localhost:3000",
|
||||||
|
"https://absolutely-handy-falcon.ngrok-free.app",
|
||||||
|
]
|
||||||
|
: [];
|
||||||
|
return [
|
||||||
|
...(settings?.serverIp ? [`http://${settings?.serverIp}:3000`] : []),
|
||||||
|
...(settings?.host ? [`https://${settings?.host}`] : []),
|
||||||
|
...devOrigins,
|
||||||
|
...trustedOrigins,
|
||||||
|
];
|
||||||
|
} catch (error) {
|
||||||
|
console.error("Failed to resolve trusted origins:", error);
|
||||||
|
return [];
|
||||||
|
}
|
||||||
|
};
|
||||||
|
|
||||||
|
const createBetterAuth = () =>
|
||||||
|
betterAuth({
|
||||||
database: drizzleAdapter(db, {
|
database: drizzleAdapter(db, {
|
||||||
provider: "pg",
|
provider: "pg",
|
||||||
schema: schema,
|
schema: schema,
|
||||||
@@ -80,33 +113,14 @@ const { handler, api } = betterAuth({
|
|||||||
logger: {
|
logger: {
|
||||||
disabled: process.env.NODE_ENV === "production",
|
disabled: process.env.NODE_ENV === "production",
|
||||||
},
|
},
|
||||||
async trustedOrigins() {
|
trustedOrigins: resolveTrustedOrigins,
|
||||||
try {
|
hooks: {
|
||||||
if (IS_CLOUD) {
|
before: createAuthMiddleware(async (ctx) => {
|
||||||
return await getTrustedOrigins();
|
ctx.context.trustedOrigins = [
|
||||||
}
|
...(ctx.context.baseURL ? [new URL(ctx.context.baseURL).origin] : []),
|
||||||
const [trustedOrigins, settings] = await Promise.all([
|
...(await resolveTrustedOrigins()),
|
||||||
getTrustedOrigins(),
|
].filter(Boolean);
|
||||||
getWebServerSettings(),
|
}),
|
||||||
]);
|
|
||||||
if (!settings) return [];
|
|
||||||
const devOrigins =
|
|
||||||
process.env.NODE_ENV === "development"
|
|
||||||
? [
|
|
||||||
"http://localhost:3000",
|
|
||||||
"https://absolutely-handy-falcon.ngrok-free.app",
|
|
||||||
]
|
|
||||||
: [];
|
|
||||||
return [
|
|
||||||
...(settings?.serverIp ? [`http://${settings?.serverIp}:3000`] : []),
|
|
||||||
...(settings?.host ? [`https://${settings?.host}`] : []),
|
|
||||||
...devOrigins,
|
|
||||||
...trustedOrigins,
|
|
||||||
];
|
|
||||||
} catch (error) {
|
|
||||||
console.error("Failed to resolve trusted origins:", error);
|
|
||||||
return [];
|
|
||||||
}
|
|
||||||
},
|
},
|
||||||
emailVerification: {
|
emailVerification: {
|
||||||
sendOnSignUp: true,
|
sendOnSignUp: true,
|
||||||
@@ -125,7 +139,8 @@ const { handler, api } = betterAuth({
|
|||||||
emailAndPassword: {
|
emailAndPassword: {
|
||||||
enabled: true,
|
enabled: true,
|
||||||
autoSignIn: !IS_CLOUD,
|
autoSignIn: !IS_CLOUD,
|
||||||
requireEmailVerification: IS_CLOUD && process.env.NODE_ENV === "production",
|
requireEmailVerification:
|
||||||
|
IS_CLOUD && process.env.NODE_ENV === "production",
|
||||||
password: {
|
password: {
|
||||||
async hash(password) {
|
async hash(password) {
|
||||||
return bcrypt.hashSync(password, 10);
|
return bcrypt.hashSync(password, 10);
|
||||||
@@ -180,7 +195,8 @@ const { handler, api } = betterAuth({
|
|||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
const isSSORequest = context?.path.includes("/sso");
|
const isSSORequest = context?.path.includes("/sso");
|
||||||
if (isSSORequest) {
|
const isSCIMRequest = context?.path.includes("/scim");
|
||||||
|
if (isSSORequest || isSCIMRequest) {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
const isAdminPresent = await db.query.member.findFirst({
|
const isAdminPresent = await db.query.member.findFirst({
|
||||||
@@ -196,6 +212,7 @@ const { handler, api } = betterAuth({
|
|||||||
},
|
},
|
||||||
after: async (user, context) => {
|
after: async (user, context) => {
|
||||||
const isSSORequest = context?.path.includes("/sso");
|
const isSSORequest = context?.path.includes("/sso");
|
||||||
|
const isSCIMRequest = context?.path.includes("/scim");
|
||||||
const isAdminPresent = await db.query.member.findFirst({
|
const isAdminPresent = await db.query.member.findFirst({
|
||||||
where: eq(schema.member.role, "owner"),
|
where: eq(schema.member.role, "owner"),
|
||||||
});
|
});
|
||||||
@@ -231,6 +248,10 @@ const { handler, api } = betterAuth({
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (isSCIMRequest) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
if (IS_CLOUD || !isAdminPresent) {
|
if (IS_CLOUD || !isAdminPresent) {
|
||||||
await db.transaction(async (tx) => {
|
await db.transaction(async (tx) => {
|
||||||
const organization = await tx
|
const organization = await tx
|
||||||
@@ -399,6 +420,20 @@ const { handler, api } = betterAuth({
|
|||||||
references: "user",
|
references: "user",
|
||||||
}),
|
}),
|
||||||
sso(),
|
sso(),
|
||||||
|
scim({
|
||||||
|
beforeSCIMTokenGenerated: async ({ user }) => {
|
||||||
|
const dbUser = await db.query.user.findFirst({
|
||||||
|
where: eq(schema.user.id, user.id),
|
||||||
|
columns: { enableEnterpriseFeatures: true },
|
||||||
|
});
|
||||||
|
|
||||||
|
if (!dbUser?.enableEnterpriseFeatures) {
|
||||||
|
throw new APIError("FORBIDDEN", {
|
||||||
|
message: "SCIM provisioning requires an enterprise license",
|
||||||
|
});
|
||||||
|
}
|
||||||
|
},
|
||||||
|
}),
|
||||||
twoFactor(),
|
twoFactor(),
|
||||||
organization({
|
organization({
|
||||||
ac,
|
ac,
|
||||||
@@ -412,21 +447,37 @@ const { handler, api } = betterAuth({
|
|||||||
maximumRolesPerOrganization: 10,
|
maximumRolesPerOrganization: 10,
|
||||||
},
|
},
|
||||||
}),
|
}),
|
||||||
...(IS_CLOUD
|
// Self-hosted needs the admin plugin too: SCIM deactivation (active: false)
|
||||||
? [
|
// maps to the admin plugin's `banned` field and is rejected without it.
|
||||||
admin({
|
// adminRoles: [] keeps every /admin/* endpoint locked on self-hosted.
|
||||||
adminUserIds: [process.env.USER_ADMIN_ID as string],
|
admin(
|
||||||
}),
|
IS_CLOUD
|
||||||
]
|
? { adminUserIds: [process.env.USER_ADMIN_ID as string] }
|
||||||
: []),
|
: { adminRoles: [] },
|
||||||
|
),
|
||||||
],
|
],
|
||||||
});
|
});
|
||||||
|
|
||||||
|
// Una sola instancia de better-auth por proceso aunque el módulo esté
|
||||||
|
// duplicado en varios bundles.
|
||||||
|
const globalForAuth = globalThis as unknown as {
|
||||||
|
betterAuthInstance?: ReturnType<typeof createBetterAuth>;
|
||||||
|
};
|
||||||
|
|
||||||
|
if (!globalForAuth.betterAuthInstance) {
|
||||||
|
globalForAuth.betterAuthInstance = createBetterAuth();
|
||||||
|
}
|
||||||
|
|
||||||
|
const { handler, api } = globalForAuth.betterAuthInstance;
|
||||||
|
|
||||||
const _auth = {
|
const _auth = {
|
||||||
handler,
|
handler,
|
||||||
createApiKey: api.createApiKey,
|
createApiKey: api.createApiKey,
|
||||||
registerSSOProvider: api.registerSSOProvider,
|
registerSSOProvider: api.registerSSOProvider,
|
||||||
updateSSOProvider: api.updateSSOProvider,
|
updateSSOProvider: api.updateSSOProvider,
|
||||||
|
generateSCIMToken: api.generateSCIMToken,
|
||||||
|
listSCIMProviderConnections: api.listSCIMProviderConnections,
|
||||||
|
deleteSCIMProviderConnection: api.deleteSCIMProviderConnection,
|
||||||
};
|
};
|
||||||
|
|
||||||
export type AuthType = typeof _auth;
|
export type AuthType = typeof _auth;
|
||||||
|
|||||||
15
packages/server/src/lib/encryption-secret.ts
Normal file
15
packages/server/src/lib/encryption-secret.ts
Normal file
@@ -0,0 +1,15 @@
|
|||||||
|
import { readSecret } from "../db/constants";
|
||||||
|
|
||||||
|
const { ENCRYPTION_KEY, ENCRYPTION_KEY_FILE } = process.env;
|
||||||
|
|
||||||
|
function resolveEncryptionSecret(): string | undefined {
|
||||||
|
if (ENCRYPTION_KEY) {
|
||||||
|
return ENCRYPTION_KEY;
|
||||||
|
}
|
||||||
|
if (ENCRYPTION_KEY_FILE) {
|
||||||
|
return readSecret(ENCRYPTION_KEY_FILE);
|
||||||
|
}
|
||||||
|
return undefined;
|
||||||
|
}
|
||||||
|
|
||||||
|
export const encryptionSecret = resolveEncryptionSecret();
|
||||||
108
packages/server/src/lib/encryption.ts
Normal file
108
packages/server/src/lib/encryption.ts
Normal file
@@ -0,0 +1,108 @@
|
|||||||
|
import {
|
||||||
|
createCipheriv,
|
||||||
|
createDecipheriv,
|
||||||
|
createHmac,
|
||||||
|
randomBytes,
|
||||||
|
} from "node:crypto";
|
||||||
|
import { readFileSync } from "node:fs";
|
||||||
|
import { join } from "node:path";
|
||||||
|
import { paths } from "@dokploy/server/constants";
|
||||||
|
import { betterAuthSecret } from "./auth-secret";
|
||||||
|
import { encryptionSecret } from "./encryption-secret";
|
||||||
|
|
||||||
|
export const ENCRYPTION_KEY_BACKUP_FILE = "encryption.key";
|
||||||
|
|
||||||
|
const ENCRYPTION_PREFIX = "enc:v1:";
|
||||||
|
const IV_LENGTH = 12;
|
||||||
|
const AUTH_TAG_LENGTH = 16;
|
||||||
|
|
||||||
|
const deriveKey = (secret: string) =>
|
||||||
|
createHmac("sha256", secret).update("dokploy:db-encryption:v1").digest();
|
||||||
|
|
||||||
|
const primaryKey = deriveKey(encryptionSecret ?? betterAuthSecret);
|
||||||
|
|
||||||
|
// Installs that adopt a dedicated ENCRYPTION_KEY still hold values encrypted
|
||||||
|
// with the auth-secret-derived key; keep it as a decrypt fallback so they
|
||||||
|
// lazily re-encrypt on the next write instead of becoming unreadable.
|
||||||
|
const decryptionKeys = encryptionSecret
|
||||||
|
? [primaryKey, deriveKey(betterAuthSecret)]
|
||||||
|
: [primaryKey];
|
||||||
|
|
||||||
|
// Derived keys only — never the raw secrets. A leaked key can decrypt
|
||||||
|
// stored values, but the raw BETTER_AUTH_SECRET could also forge sessions.
|
||||||
|
export const exportEncryptionKeys = () =>
|
||||||
|
decryptionKeys.map((key) => key.toString("hex")).join("\n");
|
||||||
|
|
||||||
|
let restoredKeys: Buffer[] | undefined;
|
||||||
|
|
||||||
|
// A backup created with "include encryption key" places the original
|
||||||
|
// server's keys at BASE_PATH when restored; use them as a last-resort
|
||||||
|
// decryption fallback so restored values keep working on the new server.
|
||||||
|
const loadRestoredKeys = (): Buffer[] => {
|
||||||
|
if (restoredKeys?.length) {
|
||||||
|
return restoredKeys;
|
||||||
|
}
|
||||||
|
try {
|
||||||
|
const { BASE_PATH } = paths();
|
||||||
|
const keys = readFileSync(
|
||||||
|
join(BASE_PATH, ENCRYPTION_KEY_BACKUP_FILE),
|
||||||
|
"utf8",
|
||||||
|
)
|
||||||
|
.split("\n")
|
||||||
|
.map((line) => line.trim())
|
||||||
|
.filter(Boolean)
|
||||||
|
.map((hex) => Buffer.from(hex, "hex"))
|
||||||
|
.filter(
|
||||||
|
(key) =>
|
||||||
|
key.length === 32 && !decryptionKeys.some((own) => own.equals(key)),
|
||||||
|
);
|
||||||
|
if (keys.length) {
|
||||||
|
restoredKeys = keys;
|
||||||
|
}
|
||||||
|
} catch {
|
||||||
|
// No restored key file present.
|
||||||
|
}
|
||||||
|
return restoredKeys ?? [];
|
||||||
|
};
|
||||||
|
|
||||||
|
export const isEncrypted = (value: string) =>
|
||||||
|
value.startsWith(ENCRYPTION_PREFIX);
|
||||||
|
|
||||||
|
export const encryptValue = (value: string): string => {
|
||||||
|
if (!value || isEncrypted(value)) {
|
||||||
|
return value;
|
||||||
|
}
|
||||||
|
const iv = randomBytes(IV_LENGTH);
|
||||||
|
const cipher = createCipheriv("aes-256-gcm", primaryKey, iv);
|
||||||
|
const encrypted = Buffer.concat([
|
||||||
|
cipher.update(value, "utf8"),
|
||||||
|
cipher.final(),
|
||||||
|
]);
|
||||||
|
return `${ENCRYPTION_PREFIX}${Buffer.concat([iv, cipher.getAuthTag(), encrypted]).toString("base64")}`;
|
||||||
|
};
|
||||||
|
|
||||||
|
export const decryptValue = (value: string): string => {
|
||||||
|
if (!value || !isEncrypted(value)) {
|
||||||
|
return value;
|
||||||
|
}
|
||||||
|
const payload = Buffer.from(value.slice(ENCRYPTION_PREFIX.length), "base64");
|
||||||
|
const iv = payload.subarray(0, IV_LENGTH);
|
||||||
|
const authTag = payload.subarray(IV_LENGTH, IV_LENGTH + AUTH_TAG_LENGTH);
|
||||||
|
const encrypted = payload.subarray(IV_LENGTH + AUTH_TAG_LENGTH);
|
||||||
|
const keys = [...decryptionKeys, ...loadRestoredKeys()];
|
||||||
|
for (const key of keys) {
|
||||||
|
try {
|
||||||
|
const decipher = createDecipheriv("aes-256-gcm", key, iv);
|
||||||
|
decipher.setAuthTag(authTag);
|
||||||
|
return Buffer.concat([
|
||||||
|
decipher.update(encrypted),
|
||||||
|
decipher.final(),
|
||||||
|
]).toString("utf8");
|
||||||
|
} catch {
|
||||||
|
// GCM auth failed for this key; try the next one.
|
||||||
|
}
|
||||||
|
}
|
||||||
|
throw new Error(
|
||||||
|
"Failed to decrypt a stored secret. This usually means ENCRYPTION_KEY or BETTER_AUTH_SECRET changed after the value was encrypted.",
|
||||||
|
);
|
||||||
|
};
|
||||||
@@ -120,6 +120,10 @@ export const getDokployUrl = async () => {
|
|||||||
const TRUSTED_ORIGINS_CACHE_TTL_MS = 30 * 60_000;
|
const TRUSTED_ORIGINS_CACHE_TTL_MS = 30 * 60_000;
|
||||||
let trustedOriginsCache: { data: string[]; expiresAt: number } | null = null;
|
let trustedOriginsCache: { data: string[]; expiresAt: number } | null = null;
|
||||||
|
|
||||||
|
export const invalidateTrustedOriginsCache = () => {
|
||||||
|
trustedOriginsCache = null;
|
||||||
|
};
|
||||||
|
|
||||||
export const getTrustedOrigins = async () => {
|
export const getTrustedOrigins = async () => {
|
||||||
const runQuery = async () => {
|
const runQuery = async () => {
|
||||||
const rows = await db
|
const rows = await db
|
||||||
|
|||||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user