mirror of
https://github.com/tiennm99/coolify.git
synced 2026-07-04 09:05:31 +00:00
fix(sentinel): auto-regenerate invalid or undecryptable tokens
Replace hard validation error with self-healing token logic. Tokens that are null, empty, or fail decryption are now regenerated automatically rather than crashing sentinel startup or metrics reads. Token format changed from encrypted JSON payload to a plain 64-char random string (Str::random), eliminating double-encryption issues and simplifying the validation regex to cover the new character set. New `ensureValidSentinelToken()` method on ServerSetting centralises the get-or-regenerate contract; both StartSentinel and HasMetrics now delegate to it. HasMetrics logs a warning when regeneration occurs so operators know a sentinel container restart is required. `isValidSentinelToken()` now accepts `?string` (null → false). Adds feature tests covering: null/empty/undecryptable stored values, idempotent return of valid tokens, RuntimeException only when regeneration itself produces an invalid token, no double-encryption of newly generated tokens, and cast round-trip consistency.
This commit is contained in:
@@ -2,9 +2,11 @@
|
||||
|
||||
namespace App\Models;
|
||||
|
||||
use Illuminate\Contracts\Encryption\DecryptException;
|
||||
use Illuminate\Database\Eloquent\Casts\Attribute;
|
||||
use Illuminate\Database\Eloquent\Model;
|
||||
use Illuminate\Support\Facades\Log;
|
||||
use Illuminate\Support\Str;
|
||||
use OpenApi\Attributes as OA;
|
||||
|
||||
#[OA\Schema(
|
||||
@@ -144,19 +146,51 @@ class ServerSetting extends Model
|
||||
* Validate that a sentinel token contains only safe characters.
|
||||
* Prevents OS command injection when the token is interpolated into shell commands.
|
||||
*/
|
||||
public static function isValidSentinelToken(string $token): bool
|
||||
public static function isValidSentinelToken(?string $token): bool
|
||||
{
|
||||
if ($token === null) {
|
||||
return false;
|
||||
}
|
||||
|
||||
return (bool) preg_match('/\A[a-zA-Z0-9._\-+=\/]+\z/', $token);
|
||||
}
|
||||
|
||||
public function generateSentinelToken(bool $save = true, bool $ignoreEvent = false)
|
||||
/**
|
||||
* Returns a valid sentinel token, regenerating it if the stored value is
|
||||
* empty, undecryptable, or otherwise invalid. Throws only when regeneration
|
||||
* still fails to produce a valid token.
|
||||
*/
|
||||
public function ensureValidSentinelToken(): string
|
||||
{
|
||||
$data = [
|
||||
'server_uuid' => $this->server->uuid,
|
||||
];
|
||||
$token = json_encode($data);
|
||||
$encrypted = encrypt($token);
|
||||
$this->sentinel_token = $encrypted;
|
||||
try {
|
||||
$token = $this->sentinel_token;
|
||||
} catch (DecryptException) {
|
||||
$token = null;
|
||||
}
|
||||
|
||||
if (! self::isValidSentinelToken($token)) {
|
||||
// Clear undecryptable raw value so Eloquent's dirty-check won't try to
|
||||
// decrypt the bad original during save().
|
||||
$attrs = $this->getAttributes();
|
||||
$attrs['sentinel_token'] = null;
|
||||
$this->setRawAttributes($attrs, true);
|
||||
|
||||
$this->generateSentinelToken(save: true, ignoreEvent: true);
|
||||
$this->refresh();
|
||||
$token = $this->sentinel_token;
|
||||
}
|
||||
|
||||
if (! self::isValidSentinelToken($token)) {
|
||||
throw new \RuntimeException('Sentinel token invalid after regeneration. Allowed characters: a-z, A-Z, 0-9, dot, underscore, hyphen, plus, slash, equals.');
|
||||
}
|
||||
|
||||
return $token;
|
||||
}
|
||||
|
||||
public function generateSentinelToken(bool $save = true, bool $ignoreEvent = false): string
|
||||
{
|
||||
$token = Str::random(64);
|
||||
$this->sentinel_token = $token;
|
||||
if ($save) {
|
||||
if ($ignoreEvent) {
|
||||
$this->saveQuietly();
|
||||
|
||||
Reference in New Issue
Block a user