Commit Graph

5381 Commits

Author SHA1 Message Date
Andras Bacsai da5b003971 Merge remote-tracking branch 'origin/next' into unreachable-server-backoff 2026-03-31 16:46:22 +02:00
Andras Bacsai 3961077b90 feat(forms): make textarea monospace opt-in and improve multiline toggle
Add `monospace` prop to Textarea component so font-mono is no longer
applied by default. Apply it explicitly to env variable editors, private
key fields, and shared variable forms where monospace is appropriate.

Use Alpine.js x-data/x-model to make the multiline toggle reactive
without a full Livewire round-trip. Add wire:key on the input/textarea
wrappers to force proper DOM replacement when switching modes.
2026-03-31 15:37:42 +02:00
Andras Bacsai acb716cb90 fix(shared-variables): support direct mount params and comment field for server variables
Allow SharedVariables Livewire components (Environment, Project, Server)
to accept UUID parameters directly via mount() instead of relying solely
on route parameters. This enables Livewire component testing without a
live route context.

Also adds comment field support when saving/updating server shared
environment variables, guards PostgreSQL-specific migration statements
from running under SQLite (test environment compatibility), and expands
the feature test suite with server shared variable scenarios including
inline comment preservation and update behaviour.
2026-03-31 14:58:01 +02:00
Andras Bacsai 466eb8504e refactor(models): extract defaultStandaloneDockerAttributes method on Server
Extract duplicated inline StandaloneDocker attribute arrays in the
Server boot lifecycle into a dedicated method, eliminating repetition
between the root-server (id=0) and normal-server paths.

Also harden the shared_environment_variables migration by wrapping
DDL statements in DB::transaction() and using DROP CONSTRAINT IF EXISTS
to make the migration safely re-runnable.

Add unit test covering the extracted method to verify uuid is always
present in bootstrap attributes.
2026-03-31 14:44:45 +02:00
Andras Bacsai f01953d361 fix(models): add missing uuid to StandaloneDocker initialization 2026-03-31 14:41:40 +02:00
Andras Bacsai 9c646b0a9e Merge remote-tracking branch 'origin/next' into pr-7764-shadow/add-shared-server-env 2026-03-31 13:51:06 +02:00
Andras Bacsai a77e1f47d1 fix(models): replace forceCreate with forceFill+save pattern
Replaces Model::forceCreate([...]) calls with (new Model)->forceFill([...])->save()
across SettingsBackup, Server, and User models to avoid bypassing Eloquent
model event lifecycle during record creation.
2026-03-31 13:50:37 +02:00
Andras Bacsai 1a603a10ed fix(models): replace forceFill/forceCreate with fill/create and add fillable guards
Replace all uses of `forceFill`, `forceCreate`, and `forceFill` with their
non-force equivalents across models, actions, controllers, and Livewire
components. Add explicit `$fillable` arrays to all affected Eloquent models
to enforce mass assignment protection.

Add ModelFillableCreationTest and ModelFillableRegressionTest to verify that
model creation respects fillable constraints and prevent regressions.
2026-03-31 13:45:31 +02:00
Andras Bacsai 7638912fdc fix(github): reset branch state when refreshing repositories
Clear `branches` and `total_branches_count` in `loadRepositories` to avoid stale branch data after repo refreshes. Update the Livewire view to use the shared loading button pattern for refresh/load actions, and expand feature coverage for repository refresh behavior and refresh button visibility.
2026-03-31 12:50:19 +02:00
Andras Bacsai 30751a60df fix(deployment): resolve shared env vars using main server
Use `$this->mainServer` when resolving environment variable values across
deployment env generation (runtime, buildtime, nixpacks, args, and secrets
hash) so shared server-scoped values are applied consistently.

Also add `server_id` to `SharedEnvironmentVariable::$fillable` and normalize
the Livewire Blade file newline.
2026-03-31 11:07:52 +02:00
Andras Bacsai cb97a18a78 Merge remote-tracking branch 'origin/next' into pr-7764-shadow/add-shared-server-env 2026-03-31 10:52:31 +02:00
Andras Bacsai 2692496726 fix(database): refresh SSL/status state and harden clone writes
Handle database status updates more reliably by listening for `ServiceChecked`
and using explicit `refresh()` handlers in Livewire database components.

Also switch guarded clone/create paths to `forceFill`/`forceCreate` in helper
flows to avoid missing persisted attributes during app/service cloning.

Update log/terminal font stacks to Geist (with bundled variable fonts) and add
coverage for SSL status refresh, persistent volume UUID cloning, and log font
styling.
2026-03-31 09:29:36 +02:00
Andras Bacsai 1efed14169 fix(validation): add input validation for resource limit fields (#9238) 2026-03-30 21:04:10 +02:00
Andras Bacsai 6be563afc8 fix(validation): add IP validation for custom DNS servers input (#9239) 2026-03-30 21:03:39 +02:00
Andras Bacsai 3b96215226 fix(validation): add input validation for port exposes and port mappings fields (#9240) 2026-03-30 21:02:50 +02:00
Andras Bacsai 71bafa0d54 fix(validation): add URL validation for proxy redirect input (#9241) 2026-03-30 21:02:06 +02:00
Andras Bacsai 179770d836 fix(validation): add input validation for server advanced settings page (#9242) 2026-03-30 21:01:28 +02:00
Andras Bacsai 0b9d2c9e11 fix(validation): add input validation for sentinel configuration (#9243) 2026-03-30 21:00:18 +02:00
Andras Bacsai b8fb29f9a8 fix(validation): add input validation for database backup timeout (#9245) 2026-03-30 20:59:37 +02:00
Andras Bacsai c52d50cc0a fix(validation): add input validation for emails configuration (#9259) 2026-03-30 20:57:46 +02:00
Andras Bacsai 1497ad35a9 fix(models): use snake_case for Eloquent attribute access
Update property access in database components and Application model to
use snake_case conventions (common_name, subject_alternative_names)
for Eloquent attributes. Also add null-safe operators (?->) for
settings access in Application model to handle null values safely.
2026-03-30 17:29:28 +02:00
Andras Bacsai 22b267db37 feat(ui): improve schedule task single view for better UX (#9266) 2026-03-30 15:10:57 +02:00
Andras Bacsai 9a0087ff69 fix(validation): add input validation for database public port and proxy timeout (#9272) 2026-03-30 15:10:26 +02:00
Andras Bacsai 61f47cc7ee feat(deployments): support Docker image tags for preview deployments
Add end-to-end support for `docker_registry_image_tag` in preview and deployment queue flows.

- Extend deploy API to accept `pull_request_id` alias and `docker_tag` for preview deploys
- Persist preview-specific Docker tags on `application_previews` and `application_deployment_queues`
- Pass tag through `queue_application_deployment()` and de-duplicate queued jobs by tag
- Update deployment job logic to resolve and use preview Docker tags for dockerimage build packs
- Update Livewire previews UI/state to manage per-preview tags and manual preview/tag inputs
- Add migration for new tag columns and model fillable/casts updates
- Add feature and unit tests covering API behavior and tag resolution
2026-03-30 13:35:35 +02:00
Andras Bacsai 3fddc795f6 refactor: define explicit fillable attributes on all Eloquent models (#9282) 2026-03-30 13:11:58 +02:00
Andras Bacsai 850c37bedd fix(database): auto-generate missing CA cert on SSL regeneration
Prevent null CA certificate access during database SSL certificate regeneration
across KeyDB, MariaDB, MongoDB, MySQL, PostgreSQL, and Redis components.

If no CA certificate exists, attempt to generate one and re-query; if still
missing, dispatch a clear error and stop regeneration gracefully.

Add `SslCertificateRegenerationTest` coverage for missing-CA and CA-query
scenarios to prevent regressions.
2026-03-30 13:10:49 +02:00
Andras Bacsai 1da1f32f0e refactor: use forceCreate() for internal model creation
Replace create() with forceCreate() across internal model creation operations to bypass mass assignment protection. This is appropriate for internal code that constructs complete model state without user input.

Add InternalModelCreationMassAssignmentTest to ensure internal model creation behavior is properly tested. Optimize imports by using shortened Livewire attribute references and removing unused imports.
2026-03-30 13:04:11 +02:00
Andras Bacsai 71cde5a063 Merge remote-tracking branch 'origin/next' into refactor/sync-model-attributes 2026-03-30 12:41:31 +02:00
Andras Bacsai 7a1999ce39 feat(ui): add two step confirmation to enable self registration (#9277) 2026-03-30 11:47:59 +02:00
Andras Bacsai 30c7ab7b7d fix(notification): updated cloud subscription links to valid url (#9296) 2026-03-30 11:47:21 +02:00
Andras Bacsai 09f1c71a76 Merge remote-tracking branch 'origin/next' into refactor/sync-model-attributes 2026-03-30 08:14:32 +02:00
Andras Bacsai c0c0349880 refactor(models): add fillable attributes for database configuration options
Add explicit fillable attributes to Service and all Standalone* database models
for new configuration options: public_port_timeout, enable_ssl, ssl_mode,
is_log_drain_enabled, is_include_timestamps, and custom_docker_run_options.

Add tests to MassAssignmentProtectionTest to verify these attributes are
properly protected by mass assignment protection across all relevant models.
2026-03-30 08:11:23 +02:00
ShadowArcanist 31ae8dd9db fix(notification): updated cloud subscription links to valid url 2026-03-30 11:37:28 +05:30
Andras Bacsai 4ec9b7ef69 fix(clone): include uuid field when cloning persistent volumes
Ensure that the uuid field is preserved during clone operations for persistent
volumes across all clone methods (CloneMe, ResourceOperations, and the clone_application
helper). This prevents UUID conflicts and ensures cloned volumes receive new unique
identifiers as intended.

Adds test coverage validating that cloned persistent volumes receive new UUIDs
distinct from the original volumes.
2026-03-30 00:06:45 +02:00
Andras Bacsai 7b1e75f37d Merge remote-tracking branch 'origin/next' into pr-8371-v4.x 2026-03-29 23:52:37 +02:00
Andras Bacsai 7ad51241f3 Merge remote-tracking branch 'origin/next' into refactor/sync-model-attributes
# Conflicts:
#	app/Models/Application.php
#	app/Models/Service.php
#	app/Models/StandaloneClickhouse.php
#	app/Models/StandaloneDragonfly.php
#	app/Models/StandaloneKeydb.php
#	app/Models/StandaloneMariadb.php
#	app/Models/StandaloneMongodb.php
#	app/Models/StandaloneMysql.php
#	app/Models/StandalonePostgresql.php
#	app/Models/StandaloneRedis.php
#	app/Models/Team.php
#	app/Models/User.php
#	tests/Feature/MassAssignmentProtectionTest.php
2026-03-29 21:32:54 +02:00
Andras Bacsai f267a28cb2 fix: harden GetLogs Livewire component properties (#9229) 2026-03-29 21:29:23 +02:00
Andras Bacsai a52352f6cc Merge remote-tracking branch 'origin/next' into refactor/sync-model-attributes 2026-03-29 21:28:41 +02:00
Andras Bacsai 9f46586d4a refactor: define explicit fillable attributes on all Eloquent models
Replace $guarded usage with explicit $fillable arrays across all models.
Sync fillable definitions with current database schema and add tests.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-29 21:25:41 +02:00
Andras Bacsai b3256d4df1 fix(security): harden model assignment and sensitive data handling
Restrict mass-assignable attributes across user/team/redis models and
switch privileged root/team creation paths to forceFill/forceCreate.

Encrypt legacy ClickHouse admin passwords via migration and cast the
correct ClickHouse password field as encrypted.

Tighten API and runtime exposure by removing sensitive team fields from
responses and sanitizing Git/compose error messages.

Expand security-focused feature coverage for command-injection and mass
assignment protections.
2026-03-29 20:56:04 +02:00
Andras Bacsai 3fde1e0f9f fix(application): persist redirect value in setRedirect
Assign the selected redirect option before validation so valid changes are saved.
Add feature tests to verify redirect persistence and rejection when no www domain exists.
2026-03-29 20:50:03 +02:00
Andras Bacsai 9e96a20a49 fix: add validation and escaping for Docker network names (#9228) 2026-03-29 20:46:39 +02:00
Andras Bacsai 1027c73d0f refactor: scope server and project queries to current team (#9230) 2026-03-29 20:28:21 +02:00
ShadowArcanist 3a0cfeeab6 feat(ui): add two step confirmation to enable self registration 2026-03-29 22:48:02 +05:30
Andras Bacsai 3ba4553df5 fix(security): enforce team-scoped project/env lookups in onboarding
Use firstOrFail() for team-scoped project and environment lookups across
new-project Livewire flows so missing or cross-team UUIDs fail closed.
Also dispatch an error when boarding selects a non-owned project, and
update IDOR feature tests for the new error/exception behavior.
2026-03-29 15:55:03 +02:00
Andras Bacsai 96ae9ade23 fix: add input validation for install/build/start command fields (#9227) 2026-03-29 15:48:30 +02:00
ShadowArcanist c9f20ba2a2 fix(validation): add input validation for database public port and proxy timeout 2026-03-29 19:11:28 +05:30
ShadowArcanist 5037497ada feat(ui): add enable/disable button for scheduled task 2026-03-29 15:36:32 +05:30
ShadowArcanist d33cd7ca71 fix(ui): keep sidebar visible on scheduled task single view 2026-03-29 15:27:40 +05:30
ShadowArcanist 1daff4e23c fix(validation): add input validation for emails configuration 2026-03-29 12:13:30 +05:30