tiennm99/coolify
1
0
Fork 0
mirror of https://github.com/tiennm99/coolify.git synced 2026-04-24 16:19:51 +00:00
Code Issues Packages Projects Releases Wiki Activity

Restrict upgrade-status endpoint to authenticated root team members

Browse Source 
- Add auth:sanctum middleware to /api/upgrade-status route
- Check user belongs to root team (id 0) before returning status
- Return 403 if user is not authorized
- Update frontend to send credentials with fetch request
- Update OpenAPI docs with 401/403 responses

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
Andras Bacsai
2025-12-12 21:16:36 +01:00
parent dc9f612df4
commit 3cc416a806
3 changed files with 41 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
routes/api.php
+11 -1
View File
@@ -19,11 +19,21 @@ use App\Models\Server;
use Illuminate\Support\Facades\Route;
Route::get('/health', [OtherController::class, 'healthcheck']);
Route::get('/upgrade-status', [OtherController::class, 'upgradeStatus']);
Route::group([
'prefix' => 'v1',
], function () {
Route::get('/health', [OtherController::class, 'healthcheck']);
});
Route::group([
'middleware' => ['auth:sanctum'],
], function () {
Route::get('/upgrade-status', [OtherController::class, 'upgradeStatus']);
});
Route::group([
'middleware' => ['auth:sanctum'],
'prefix' => 'v1',
], function () {
Route::get('/upgrade-status', [OtherController::class, 'upgradeStatus']);
});