Commit Graph

15033 Commits

Author SHA1 Message Date
ShadowArcanist a1e5357870 feat(ui): add helper text for frequency input on scheduled task view 2026-03-29 15:46:11 +05:30
ShadowArcanist 401227932e feat(ui): reorganize scheduled task single view layout 2026-03-29 15:43:46 +05:30
ShadowArcanist 5037497ada feat(ui): add enable/disable button for scheduled task 2026-03-29 15:36:32 +05:30
ShadowArcanist 1f864dc49b feat(ui): show task name on title for scheduled task single view 2026-03-29 15:29:17 +05:30
ShadowArcanist d33cd7ca71 fix(ui): keep sidebar visible on scheduled task single view 2026-03-29 15:27:40 +05:30
Andras Bacsai 72118d61f9 feat(databases): add public port timeout configuration
Add support for configuring public port timeout on databases via API:
- Add public_port_timeout field to schema documentation with 3600s default
- Add validation rules (integer|nullable|min:1)
- Update all database type configurations to support the field
- Add comprehensive test coverage for the feature
2026-03-28 17:08:02 +01:00
Andras Bacsai 3b2e6e11f1 refactor: use random_int() for email change verification codes (#9226) 2026-03-28 15:18:00 +01:00
Andras Bacsai 377ce24b6d Add URL validation for notification webhook fields (#9224) 2026-03-28 14:39:27 +01:00
Andras Bacsai 0b8c75f8ed fix(webhooks): add validation to block unsafe webhook URLs
Prevent server-side request forgery (SSRF) attacks by validating webhook URLs before sending requests. Blocks loopback addresses, cloud metadata endpoints, and localhost URLs.

- Add SafeWebhookUrl rule validation in SendWebhookJob.handle()
- Log warning when unsafe URLs are rejected
- Add comprehensive unit tests covering valid and invalid URL scenarios
2026-03-28 14:23:08 +01:00
Andras Bacsai 91ab0b38d6 refactor: move admin route into middleware group (#9225) 2026-03-28 14:18:16 +01:00
Andras Bacsai f493b96be3 refactor: use random_int() for email change verification codes
Replace mt_rand/rand with random_int for stronger randomness guarantees
in verification code generation and Blade component keying.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-28 12:25:54 +01:00
Andras Bacsai aea201fcba refactor: move admin route into middleware group and harden authorization
Move the admin panel route into the existing auth middleware group and
replace client-side redirects with server-side abort calls in the
Livewire component. Extract shared authorization logic into reusable
private methods.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-28 12:24:40 +01:00
Andras Bacsai 564cd8368b fix: add URL validation for notification webhook fields
Add SafeWebhookUrl validation rule to notification webhook URL fields
(Slack, Discord, custom webhook) to enforce safe URL patterns including
scheme validation and hostname checks.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-28 12:22:59 +01:00
Andras Bacsai 98569e4edb fix: use server-side config for password reset URL generation (#9193) 2026-03-28 12:20:42 +01:00
Andras Bacsai 25dcde6a47 fix: sanitize error output in server validation logs (#9197) 2026-03-28 12:13:50 +01:00
Andras Bacsai e396c70903 refactor: simplify TrustHosts middleware and use APP_URL as base_url fallback
- Delegate host validation to parent class instead of custom implementation
- Update base_url() helper to use config('app.url') instead of url('/')
- Add test for APP_URL fallback when no FQDN or public IPs configured
- Remove dedicated TrustHostsMiddlewareTest (logic now tested via integration tests)
2026-03-28 12:12:48 +01:00
Andras Bacsai bd9a8cee07 style(dev): standardize log message format with INFO/ERROR prefixes
- Add INFO prefix to informational messages
- Add ERROR prefix to error messages
- Fix grammar and punctuation for consistency
2026-03-28 12:07:34 +01:00
Andras Bacsai c28fbab36a style(docker): standardize service startup log message format
Align log messages across all service startup scripts (horizon, nightwatch-agent,
scheduler-worker) in both development and production environments to use a
consistent "   INFO  " prefix format.
2026-03-27 19:05:36 +01:00
Andras Bacsai 638f1d37f1 feat(subscription): add billing interval to price preview
Extract and return the billing interval (month/year) from subscription pricing
data in fetchPricePreview. Update the view to dynamically display the correct
billing period based on the preview response instead of using static PHP logic.
2026-03-27 19:05:13 +01:00
Andras Bacsai ba6f0cdb38 Merge remote-tracking branch 'origin/next' into fix/trust-hosts-url-generation 2026-03-27 14:14:36 +01:00
Andras Bacsai af3826eac0 feat(reset-password): add IPv6 support and header poisoning protection
- Add support for bracketed IPv6 addresses when FQDN is not configured
- Harden password reset URL generation against X-Forwarded-Host header poisoning
- Add test coverage for IPv6-only configurations with malicious headers
- Update imports and clean up exception syntax in shared helpers
2026-03-27 14:14:01 +01:00
Andras Bacsai 9b0088072c refactor(docker): migrate service startup from Artisan commands to shell scripts
Remove custom Artisan console commands (Horizon, Nightwatch, Scheduler) and
refactor service startup logic directly into s6-overlay shell scripts. Check
environment variables from .env instead of routing through Laravel config.

Services now sleep when disabled instead of exiting immediately. Both
development and production environments updated consistently.
2026-03-27 14:12:30 +01:00
Andras Bacsai e1d4b4682e fix: harden TrustHosts middleware and use base_url() for password reset links
- Fix circular cache dependency in TrustHosts where handle() checked cache
  before hosts() could populate it, causing host validation to never activate
- Validate both Host and X-Forwarded-Host headers against trusted hosts list
  (X-Forwarded-Host is checked before TrustProxies applies it to the request)
- Use base_url() instead of url() for password reset link generation so the
  URL is derived from server-side config (FQDN / public IP) instead of the
  request context
- Strip port from X-Forwarded-Host before matching (e.g. host:443 → host)
- Add tests for host validation, cache population, and reset URL generation

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-26 18:39:54 +01:00
Andras Bacsai 103d5b6c06 fix: sanitize error output in server validation logs
Escape dynamic error messages with htmlspecialchars() before
concatenating into HTML strings stored in validation_logs. Add a
Purify-based mutator on Server model as defense-in-depth, with a
dedicated HTMLPurifier config that allows only safe structural tags.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-26 18:36:36 +01:00
Andras Bacsai e39678aea5 refactor: split invitation endpoint into GET/POST flow (#9192) 2026-03-26 14:46:27 +01:00
Andras Bacsai 25d424c743 refactor: split invitation endpoint into GET (show) and POST (accept)
Refactor the invitation acceptance flow to use a landing page pattern:
- GET shows invitation details (team name, role, confirmation button)
- POST processes the acceptance with proper form submission
- Remove unused revoke GET route (handled by Livewire component)
- Add Blade view for the invitation landing page
- Add feature tests for the new invitation flow

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-26 14:30:27 +01:00
Andras Bacsai 5ed77f337a Add URL validation for GitHub source fields (#9190) 2026-03-26 13:48:07 +01:00
Andras Bacsai 0fce7fa948 fix: add URL validation for GitHub source api_url and html_url fields
Add SafeExternalUrl validation rule that ensures URLs point to
publicly-routable hosts. Apply to all GitHub source entry points
(Livewire Create, Livewire Change, API create and update).

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-26 13:45:33 +01:00
Andras Bacsai 2729dffb3e refactor: simplify remote process chain and harden ActivityMonitor (#9189) 2026-03-26 13:28:37 +01:00
Andras Bacsai 3e0d48faea refactor: simplify remote process chain and harden ActivityMonitor
- Inline PrepareCoolifyTask and CoolifyTaskArgs into remote_process(),
  removing two single-consumer abstraction layers
- Add #[Locked] attribute to ActivityMonitor $activityId property
- Add team ownership verification in ActivityMonitor.hydrateActivity()
  with server_uuid fallback and fail-closed default
- Store team_id in activity properties for proper scoping
- Update CLAUDE.md to remove stale reference
- Add comprehensive tests for activity monitor authorization

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-26 13:26:16 +01:00
Andras Bacsai c8efbf107a fix(storage): use escapeshellarg for volume names in shell commands (#9185) 2026-03-26 13:08:10 +01:00
Andras Bacsai f9a9dc80aa fix(api): add volume name validation to storage API endpoints
Apply the same Docker volume name pattern validation to the API
create and update storage endpoints for applications, databases,
and services controllers.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-26 12:17:39 +01:00
Andras Bacsai d2064dd499 fix(storage): use escapeshellarg for volume names in shell commands
Add proper shell escaping for persistent volume names when used in
docker volume rm commands. Also add volume name validation pattern
to ValidationPatterns for consistent input checking.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-26 11:06:30 +01:00
Andras Bacsai d77e4c864f fix(backup): use escapeshellarg for credentials in backup commands (#9175) 2026-03-26 07:50:09 +01:00
Andras Bacsai fecb80b596 fix(storage): consistent path validation and escaping for file volumes (#9176) 2026-03-26 07:44:46 +01:00
Andras Bacsai 3fdce06b65 fix(storage): consistent path validation and escaping for file volumes
Ensure all file volume paths are validated and properly escaped before
use. Previously, only directory mount paths were validated at the input
layer — file mount paths now receive the same treatment across Livewire
components, API controllers, and the model layer.

- Validate and escape fs_path at the top of saveStorageOnServer() before
  any commands are built
- Add path validation to submitFileStorage() in Storage Livewire component
- Add path validation to file mount creation in Applications, Services,
  and Databases API controllers
- Add regression tests for path validation coverage

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-25 23:44:37 +01:00
Andras Bacsai 952f324797 fix(backup): use escapeshellarg for credentials in database backup commands
Apply proper shell escaping to all user-controlled values interpolated into
backup shell commands (PostgreSQL username/password, MySQL/MariaDB root
password, MongoDB URI). Also URL-encode MongoDB credentials before embedding
in connection URI. Adds unit tests for escaping behavior.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-25 23:43:57 +01:00
Andras Bacsai ad95d65aca fix(deployment): normalize whitespace in pre/post deployment commands (#9173) 2026-03-25 20:59:18 +01:00
Andras Bacsai 6f163ddf02 fix(deployment): normalize whitespace in pre/post deployment commands
Ensure pre_deployment_command and post_deployment_command have consistent
whitespace handling, matching the existing pattern used for health_check_command.
Adds regression tests for the normalization behavior.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-25 20:57:17 +01:00
Andras Bacsai 47668121a4 feat(deployment): add command_hidden flag to hide command text in logs (#9167) 2026-03-25 20:51:07 +01:00
Andras Bacsai 944a038349 fix(livewire): add input validation to unmanaged container operations (#9172) 2026-03-25 20:42:57 +01:00
Andras Bacsai ae31111813 fix(livewire): add input validation to unmanaged container operations
Add container name validation and shell argument escaping to
startUnmanaged, stopUnmanaged, restartUnmanaged, and restartContainer
methods, consistent with existing patterns used elsewhere in the
codebase.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-25 20:42:00 +01:00
Andras Bacsai e2ba44d0c3 fix(validation): allow ampersands and quotes in shell-safe command pattern
Previously, the SHELL_SAFE_COMMAND_PATTERN was overly restrictive and blocked
legitimate characters needed for common Docker operations:

- Allow & for command chaining with && in multi-step build commands
- Allow " for build arguments with spaces (e.g., --build-arg KEY="value")

Update validation messages to reflect the new allowed operators and refactor
code to use imports instead of full class paths for better readability.
2026-03-25 20:27:21 +01:00
Andras Bacsai c8a96b6f12 fix(livewire): add Locked attributes and consolidate container name validation (#9171) 2026-03-25 20:26:42 +01:00
Andras Bacsai d486bf09ab fix(livewire): add Locked attributes and consolidate container name validation
- Add #[Locked] to server-set properties on Import component (resourceId,
  resourceType, serverId, resourceUuid, resourceDbType, container) to
  prevent client-side modification via Livewire wire protocol
- Add container name validation in runImport() and restoreFromS3()
  using shared ValidationPatterns::isValidContainerName()
- Scope server lookup to current team via ownedByCurrentTeam()
- Consolidate duplicate container name regex from Import,
  ExecuteContainerCommand, and Terminal into shared
  ValidationPatterns::isValidContainerName() static helper
- Add tests for container name validation, locked attributes, and
  team-scoped server lookup

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-25 20:21:39 +01:00
Andras Bacsai 0fed553207 fix(settings): require instance admin authorization for updates page 2026-03-25 19:33:51 +01:00
Andras Bacsai f0c8ff6a77 Update ByHetzner.php 2026-03-25 19:26:13 +01:00
Andras Bacsai 3470f8b2a6 add new skills 2026-03-25 19:22:09 +01:00
Andras Bacsai 0a621bb90e update laravel boost 2026-03-25 19:21:53 +01:00
Andras Bacsai bc91b41f92 fix(terminal): apply authorization middleware to terminal bootstrap routes (#9169) 2026-03-25 18:44:08 +01:00