mirror of
https://github.com/Dokploy/dokploy.git
synced 2026-06-19 14:15:21 +02:00
fb5d2bd5b6
- Added server authorization checks to ensure users can only access resources for their organization. - Enhanced input validation for container and app names using regex to prevent invalid entries. - Updated multiple query procedures in both docker and swarm routers to include these checks and validations.
147 lines
3.9 KiB
TypeScript
147 lines
3.9 KiB
TypeScript
import {
|
|
containerRestart,
|
|
findServerById,
|
|
getConfig,
|
|
getContainers,
|
|
getContainersByAppLabel,
|
|
getContainersByAppNameMatch,
|
|
getServiceContainersByAppName,
|
|
getStackContainersByAppName,
|
|
} from "@dokploy/server";
|
|
import { z } from "zod";
|
|
import { createTRPCRouter, protectedProcedure } from "../trpc";
|
|
import { TRPCError } from "@trpc/server";
|
|
|
|
export const containerIdRegex = /^[a-zA-Z0-9.\-_]+$/;
|
|
|
|
export const dockerRouter = createTRPCRouter({
|
|
getContainers: protectedProcedure
|
|
.input(
|
|
z.object({
|
|
serverId: z.string().optional(),
|
|
}),
|
|
)
|
|
.query(async ({ input, ctx }) => {
|
|
if (input.serverId) {
|
|
const server = await findServerById(input.serverId);
|
|
if (server.organizationId !== ctx.session?.activeOrganizationId) {
|
|
throw new TRPCError({ code: "UNAUTHORIZED" });
|
|
}
|
|
}
|
|
return await getContainers(input.serverId);
|
|
}),
|
|
|
|
restartContainer: protectedProcedure
|
|
.input(
|
|
z.object({
|
|
containerId: z
|
|
.string()
|
|
.min(1)
|
|
.regex(containerIdRegex, "Invalid container id."),
|
|
}),
|
|
)
|
|
.mutation(async ({ input }) => {
|
|
return await containerRestart(input.containerId);
|
|
}),
|
|
|
|
getConfig: protectedProcedure
|
|
.input(
|
|
z.object({
|
|
containerId: z
|
|
.string()
|
|
.min(1)
|
|
.regex(containerIdRegex, "Invalid container id."),
|
|
serverId: z.string().optional(),
|
|
}),
|
|
)
|
|
.query(async ({ input, ctx }) => {
|
|
if (input.serverId) {
|
|
const server = await findServerById(input.serverId);
|
|
if (server.organizationId !== ctx.session?.activeOrganizationId) {
|
|
throw new TRPCError({ code: "UNAUTHORIZED" });
|
|
}
|
|
}
|
|
return await getConfig(input.containerId, input.serverId);
|
|
}),
|
|
|
|
getContainersByAppNameMatch: protectedProcedure
|
|
.input(
|
|
z.object({
|
|
appType: z
|
|
.union([z.literal("stack"), z.literal("docker-compose")])
|
|
.optional(),
|
|
appName: z.string().min(1).regex(containerIdRegex, "Invalid app name."),
|
|
serverId: z.string().optional(),
|
|
}),
|
|
)
|
|
.query(async ({ input, ctx }) => {
|
|
if (input.serverId) {
|
|
const server = await findServerById(input.serverId);
|
|
if (server.organizationId !== ctx.session?.activeOrganizationId) {
|
|
throw new TRPCError({ code: "UNAUTHORIZED" });
|
|
}
|
|
}
|
|
return await getContainersByAppNameMatch(
|
|
input.appName,
|
|
input.appType,
|
|
input.serverId,
|
|
);
|
|
}),
|
|
|
|
getContainersByAppLabel: protectedProcedure
|
|
.input(
|
|
z.object({
|
|
appName: z.string().min(1).regex(containerIdRegex, "Invalid app name."),
|
|
serverId: z.string().optional(),
|
|
type: z.enum(["standalone", "swarm"]),
|
|
}),
|
|
)
|
|
.query(async ({ input, ctx }) => {
|
|
if (input.serverId) {
|
|
const server = await findServerById(input.serverId);
|
|
if (server.organizationId !== ctx.session?.activeOrganizationId) {
|
|
throw new TRPCError({ code: "UNAUTHORIZED" });
|
|
}
|
|
}
|
|
return await getContainersByAppLabel(
|
|
input.appName,
|
|
input.type,
|
|
input.serverId,
|
|
);
|
|
}),
|
|
|
|
getStackContainersByAppName: protectedProcedure
|
|
.input(
|
|
z.object({
|
|
appName: z.string().min(1).regex(containerIdRegex, "Invalid app name."),
|
|
serverId: z.string().optional(),
|
|
}),
|
|
)
|
|
.query(async ({ input, ctx }) => {
|
|
if (input.serverId) {
|
|
const server = await findServerById(input.serverId);
|
|
if (server.organizationId !== ctx.session?.activeOrganizationId) {
|
|
throw new TRPCError({ code: "UNAUTHORIZED" });
|
|
}
|
|
}
|
|
return await getStackContainersByAppName(input.appName, input.serverId);
|
|
}),
|
|
|
|
getServiceContainersByAppName: protectedProcedure
|
|
.input(
|
|
z.object({
|
|
appName: z.string().min(1).regex(containerIdRegex, "Invalid app name."),
|
|
serverId: z.string().optional(),
|
|
}),
|
|
)
|
|
.query(async ({ input, ctx }) => {
|
|
if (input.serverId) {
|
|
const server = await findServerById(input.serverId);
|
|
if (server.organizationId !== ctx.session?.activeOrganizationId) {
|
|
throw new TRPCError({ code: "UNAUTHORIZED" });
|
|
}
|
|
}
|
|
return await getServiceContainersByAppName(input.appName, input.serverId);
|
|
}),
|
|
});
|