coolify/app/Models/S3Storage.php

<?php

namespace App\Models;

use App\Traits\HasSafeStringAttribute;
use Illuminate\Database\Eloquent\Casts\Attribute;
use Illuminate\Database\Eloquent\Factories\HasFactory;
use Illuminate\Notifications\Messages\MailMessage;
use Illuminate\Support\Facades\Storage;

class S3Storage extends BaseModel
{
    use HasFactory, HasSafeStringAttribute;

    protected $guarded = [];

    protected $casts = [
        'is_usable' => 'boolean',
        'key' => 'encrypted',
        'secret' => 'encrypted',
    ];

    /**
     * Boot the model and register event listeners.
     */
    protected static function boot(): void
    {
        parent::boot();

        // Trim whitespace from credentials before saving to prevent
        // "Malformed Access Key Id" errors from accidental whitespace in pasted values.
        // Note: We use the saving event instead of Attribute mutators because key/secret
        // use Laravel's 'encrypted' cast. Attribute mutators fire before casts, which
        // would cause issues with the encryption/decryption cycle.
        static::saving(function (S3Storage $storage) {
            if ($storage->key !== null) {
                $storage->key = trim($storage->key);
            }
            if ($storage->secret !== null) {
                $storage->secret = trim($storage->secret);
            }
        });
    }

    public static function ownedByCurrentTeam(array $select = ['*'])
    {
        $selectArray = collect($select)->concat(['id']);

        return S3Storage::whereTeamId(currentTeam()->id)->select($selectArray->all())->orderBy('name');
    }

    public function isUsable()
    {
        return $this->is_usable;
    }

    public function team()
    {
        return $this->belongsTo(Team::class);
    }

    public function awsUrl()
    {
        return "{$this->endpoint}/{$this->bucket}";
    }

    protected function path(): Attribute
    {
        return Attribute::make(
            set: function (?string $value) {
                if ($value === null || $value === '') {
                    return null;
                }

                return str($value)->trim()->start('/')->value();
            }
        );
    }

    /**
     * Trim whitespace from endpoint to prevent malformed URLs.
     */
    protected function endpoint(): Attribute
    {
        return Attribute::make(
            set: fn (?string $value) => $value ? trim($value) : null,
        );
    }

    /**
     * Trim whitespace from bucket name to prevent connection errors.
     */
    protected function bucket(): Attribute
    {
        return Attribute::make(
            set: fn (?string $value) => $value ? trim($value) : null,
        );
    }

    /**
     * Trim whitespace from region to prevent connection errors.
     */
    protected function region(): Attribute
    {
        return Attribute::make(
            set: fn (?string $value) => $value ? trim($value) : null,
        );
    }

    public function testConnection(bool $shouldSave = false)
    {
        try {
            $disk = Storage::build([
                'driver' => 's3',
                'region' => $this['region'],
                'key' => $this['key'],
                'secret' => $this['secret'],
                'bucket' => $this['bucket'],
                'endpoint' => $this['endpoint'],
                'use_path_style_endpoint' => true,
            ]);
            // Test the connection by listing files with ListObjectsV2 (S3)
            $disk->files();

            $this->unusable_email_sent = false;
            $this->is_usable = true;
        } catch (\Throwable $e) {
            $this->is_usable = false;
            if ($this->unusable_email_sent === false && is_transactional_emails_enabled()) {
                $mail = new MailMessage;
                $mail->subject('Coolify: S3 Storage Connection Error');
                $mail->view('emails.s3-connection-error', ['name' => $this->name, 'reason' => $e->getMessage(), 'url' => route('storage.show', ['storage_uuid' => $this->uuid])]);

                // Load the team with its members and their roles explicitly
                $team = $this->team()->with(['members' => function ($query) {
                    $query->withPivot('role');
                }])->first();

                // Get admins directly from the pivot relationship for this specific team
                $users = $team->members()->wherePivotIn('role', ['admin', 'owner'])->get(['users.id', 'users.email']);
                foreach ($users as $user) {
                    send_user_an_email($mail, $user->email);
                }
                $this->unusable_email_sent = true;
            }

            throw $e;
        } finally {
            if ($shouldSave) {
                $this->save();
            }
        }
    }
}
feat: add s3 storages 2023-08-07 13:31:42 +00:00			`<?php`

			`namespace App\Models;`

feat(validation): centralize validation patterns for names and descriptions - Introduced `ValidationPatterns` class to standardize validation rules and messages for name and description fields across the application. - Updated various components and models to utilize the new validation patterns, ensuring consistent sanitization and validation logic. - Replaced the `HasSafeNameAttribute` trait with `HasSafeStringAttribute` to enhance attribute handling and maintain consistency in name sanitization. - Enhanced the `CleanupNames` command to align with the new validation rules, allowing for a broader range of valid characters in names. 2025-08-19 10:14:48 +00:00			`use App\Traits\HasSafeStringAttribute;`
feat: improve S3 restore path handling and validation state - Add path attribute mutator to S3Storage model ensuring paths start with / - Add updatedS3Path hook to normalize path and reset validation state on blur - Add updatedS3StorageId hook to reset validation state when storage changes - Add Enter key support to trigger file check from path input - Use wire:model.live for S3 storage select, wire:model.blur for path input - Improve shell escaping in restore job cleanup commands - Fix isSafeTmpPath helper logic for directory validation 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> 2025-11-25 09:18:30 +00:00			`use Illuminate\Database\Eloquent\Casts\Attribute;`
feat: add s3 storages 2023-08-07 13:31:42 +00:00			`use Illuminate\Database\Eloquent\Factories\HasFactory;`
fix: database backups 2023-10-10 11:10:43 +00:00			`use Illuminate\Notifications\Messages\MailMessage;`
			`use Illuminate\Support\Facades\Storage;`
feat: add s3 storages 2023-08-07 13:31:42 +00:00
			`class S3Storage extends BaseModel`
			`{`
feat(validation): centralize validation patterns for names and descriptions - Introduced `ValidationPatterns` class to standardize validation rules and messages for name and description fields across the application. - Updated various components and models to utilize the new validation patterns, ensuring consistent sanitization and validation logic. - Replaced the `HasSafeNameAttribute` trait with `HasSafeStringAttribute` to enhance attribute handling and maintain consistency in name sanitization. - Enhanced the `CleanupNames` command to align with the new validation rules, allowing for a broader range of valid characters in names. 2025-08-19 10:14:48 +00:00			`use HasFactory, HasSafeStringAttribute;`
testing php storm code cleanup and styling 2023-08-08 09:51:36 +00:00
feat: add s3 storages 2023-08-07 13:31:42 +00:00			`protected $guarded = [];`
Fix styling 2024-06-10 20:43:34 +00:00
Revert "rector: arrrrr" This reverts commit 16c0cd10d8913417ad709ba4e737ed1f12374f45. 2025-01-07 14:31:43 +00:00			`protected $casts = [`
			`'is_usable' => 'boolean',`
			`'key' => 'encrypted',`
			`'secret' => 'encrypted',`
			`];`

Fix S3 credential whitespace issue with proper trimming - Add model saving event to trim key/secret fields (encrypted casts) - Add attribute mutators to trim endpoint, bucket, region fields - Create migration to fix existing S3 storage records with whitespace - Use chunking in migration to handle large datasets efficiently - Verify re-encryption validity before committing changes Fixes #7469 #7594 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com> 2025-12-15 11:05:54 +00:00			`/**`
			`* Boot the model and register event listeners.`
			`*/`
			`protected static function boot(): void`
			`{`
			`parent::boot();`

			`// Trim whitespace from credentials before saving to prevent`
			`// "Malformed Access Key Id" errors from accidental whitespace in pasted values.`
			`// Note: We use the saving event instead of Attribute mutators because key/secret`
			`// use Laravel's 'encrypted' cast. Attribute mutators fire before casts, which`
			`// would cause issues with the encryption/decryption cycle.`
			`static::saving(function (S3Storage $storage) {`
			`if ($storage->key !== null) {`
			`$storage->key = trim($storage->key);`
			`}`
			`if ($storage->secret !== null) {`
			`$storage->secret = trim($storage->secret);`
			`}`
			`});`
			`}`

Fix styling 2024-06-10 20:43:34 +00:00			`public static function ownedByCurrentTeam(array $select = ['*'])`
feat: add s3 storages 2023-08-07 13:31:42 +00:00			`{`
			`$selectArray = collect($select)->concat(['id']);`
Fix styling 2024-06-10 20:43:34 +00:00
wip: boarding 2023-08-22 15:44:49 +00:00			`return S3Storage::whereTeamId(currentTeam()->id)->select($selectArray->all())->orderBy('name');`
feat: add s3 storages 2023-08-07 13:31:42 +00:00			`}`
Fix styling 2024-06-10 20:43:34 +00:00
fix: database backups 2023-10-10 11:10:43 +00:00			`public function isUsable()`
			`{`
			`return $this->is_usable;`
			`}`
testing php storm code cleanup and styling 2023-08-08 09:51:36 +00:00
fix: database backups 2023-10-10 11:10:43 +00:00			`public function team()`
			`{`
			`return $this->belongsTo(Team::class);`
			`}`
Fix styling 2024-06-10 20:43:34 +00:00
testing php storm code cleanup and styling 2023-08-08 09:51:36 +00:00			`public function awsUrl()`
			`{`
feat: add s3 storages 2023-08-07 13:31:42 +00:00			`return "{$this->endpoint}/{$this->bucket}";`
			`}`
testing php storm code cleanup and styling 2023-08-08 09:51:36 +00:00
feat: improve S3 restore path handling and validation state - Add path attribute mutator to S3Storage model ensuring paths start with / - Add updatedS3Path hook to normalize path and reset validation state on blur - Add updatedS3StorageId hook to reset validation state when storage changes - Add Enter key support to trigger file check from path input - Use wire:model.live for S3 storage select, wire:model.blur for path input - Improve shell escaping in restore job cleanup commands - Fix isSafeTmpPath helper logic for directory validation 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> 2025-11-25 09:18:30 +00:00			`protected function path(): Attribute`
			`{`
			`return Attribute::make(`
			`set: function (?string $value) {`
			`if ($value === null \|\| $value === '') {`
			`return null;`
			`}`

			`return str($value)->trim()->start('/')->value();`
			`}`
			`);`
			`}`

Fix S3 credential whitespace issue with proper trimming - Add model saving event to trim key/secret fields (encrypted casts) - Add attribute mutators to trim endpoint, bucket, region fields - Create migration to fix existing S3 storage records with whitespace - Use chunking in migration to handle large datasets efficiently - Verify re-encryption validity before committing changes Fixes #7469 #7594 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com> 2025-12-15 11:05:54 +00:00			`/**`
			`* Trim whitespace from endpoint to prevent malformed URLs.`
			`*/`
			`protected function endpoint(): Attribute`
			`{`
			`return Attribute::make(`
			`set: fn (?string $value) => $value ? trim($value) : null,`
			`);`
			`}`

			`/**`
			`* Trim whitespace from bucket name to prevent connection errors.`
			`*/`
			`protected function bucket(): Attribute`
			`{`
			`return Attribute::make(`
			`set: fn (?string $value) => $value ? trim($value) : null,`
			`);`
			`}`

			`/**`
			`* Trim whitespace from region to prevent connection errors.`
			`*/`
			`protected function region(): Attribute`
			`{`
			`return Attribute::make(`
			`set: fn (?string $value) => $value ? trim($value) : null,`
			`);`
			`}`

Refactor storage connection handling and project initialization 2023-11-15 08:34:27 +00:00			`public function testConnection(bool $shouldSave = false)`
testing php storm code cleanup and styling 2023-08-08 09:51:36 +00:00			`{`
fix: database backups 2023-10-10 11:10:43 +00:00			`try {`
fix(core): improve connection testing with dynamic disk configuration for s3 backups 2025-02-13 09:07:58 +00:00			`$disk = Storage::build([`
			`'driver' => 's3',`
			`'region' => $this['region'],`
			`'key' => $this['key'],`
			`'secret' => $this['secret'],`
			`'bucket' => $this['bucket'],`
			`'endpoint' => $this['endpoint'],`
			`'use_path_style_endpoint' => true,`
			`]);`
			`// Test the connection by listing files with ListObjectsV2 (S3)`
			`$disk->files();`

fix: database backups 2023-10-10 11:10:43 +00:00			`$this->unusable_email_sent = false;`
			`$this->is_usable = true;`
Revert "rector: arrrrr" This reverts commit 16c0cd10d8913417ad709ba4e737ed1f12374f45. 2025-01-07 14:31:43 +00:00			`} catch (\Throwable $e) {`
fix: database backups 2023-10-10 11:10:43 +00:00			`$this->is_usable = false;`
feat: new shared function name `is_transactional_emails_enabled()` 2024-12-09 14:34:24 +00:00			`if ($this->unusable_email_sent === false && is_transactional_emails_enabled()) {`
Revert "rector: arrrrr" This reverts commit 16c0cd10d8913417ad709ba4e737ed1f12374f45. 2025-01-07 14:31:43 +00:00			`$mail = new MailMessage;`
			`$mail->subject('Coolify: S3 Storage Connection Error');`
			`$mail->view('emails.s3-connection-error', ['name' => $this->name, 'reason' => $e->getMessage(), 'url' => route('storage.show', ['storage_uuid' => $this->uuid])]);`
fix(s3-storage): optimize team admin notification query 2025-02-13 08:55:24 +00:00
			`// Load the team with its members and their roles explicitly`
			`$team = $this->team()->with(['members' => function ($query) {`
			`$query->withPivot('role');`
			`}])->first();`

			`// Get admins directly from the pivot relationship for this specific team`
			`$users = $team->members()->wherePivotIn('role', ['admin', 'owner'])->get(['users.id', 'users.email']);`
fix: database backups 2023-10-10 11:10:43 +00:00			`foreach ($users as $user) {`
Revert "rector: arrrrr" This reverts commit 16c0cd10d8913417ad709ba4e737ed1f12374f45. 2025-01-07 14:31:43 +00:00			`send_user_an_email($mail, $user->email);`
fix: database backups 2023-10-10 11:10:43 +00:00			`}`
			`$this->unusable_email_sent = true;`
			`}`

			`throw $e;`
			`} finally {`
Refactor storage connection handling and project initialization 2023-11-15 08:34:27 +00:00			`if ($shouldSave) {`
			`$this->save();`
			`}`
fix: database backups 2023-10-10 11:10:43 +00:00			`}`
feat: add s3 storages 2023-08-07 13:31:42 +00:00			`}`
testing php storm code cleanup and styling 2023-08-08 09:51:36 +00:00			`}`