coolify/app/Console/Commands/Mapledeploy/UserRevoke.php

<?php

namespace App\Console\Commands\Mapledeploy;

use App\Models\User;
use Illuminate\Console\Command;
use Illuminate\Support\Facades\DB;
use Illuminate\Support\Facades\Hash;
use Illuminate\Support\Str;

class UserRevoke extends Command
{
    protected $signature = 'mapledeploy:user:revoke {user_id : Coolify user id}';

    protected $description = 'Revoke a Coolify user login for MapleDeploy dashboard access management';

    public function handle(): int
    {
        $userId = (int) $this->argument('user_id');
        if ($userId === 0) {
            return $this->failWith('CANNOT_REVOKE_ROOT_USER');
        }

        $user = User::find($userId);
        if (! $user) {
            return $this->failWith('USER_NOT_FOUND');
        }

        $user->forceFill([
            'password' => Hash::make(Str::random(64)),
            // MapleDeploy branding: OAuth login matches by email, so keep a
            // persistent marker that the callback can reject after revocation.
            'remember_token' => 'mapledeploy-revoked:'.Str::random(40),
        ])->save();
        $user->tokens()->delete();
        // MapleDeploy branding: revocation must end any active browser sessions.
        DB::table('sessions')->where('user_id', $user->id)->delete();

        $this->line(json_encode([
            'revoked' => [
                'id' => $user->id,
                'email' => $user->email,
            ],
        ], JSON_THROW_ON_ERROR));

        return self::SUCCESS;
    }

    private function failWith(string $code): int
    {
        $this->line(json_encode(['error' => $code], JSON_THROW_ON_ERROR));

        return self::FAILURE;
    }
}
feat(auth): add dashboard-managed Coolify users 2026-06-14 15:47:50 +00:00			`<?php`

			`namespace App\Console\Commands\Mapledeploy;`

			`use App\Models\User;`
			`use Illuminate\Console\Command;`
			`use Illuminate\Support\Facades\DB;`
			`use Illuminate\Support\Facades\Hash;`
			`use Illuminate\Support\Str;`

			`class UserRevoke extends Command`
			`{`
			`protected $signature = 'mapledeploy:user:revoke {user_id : Coolify user id}';`

			`protected $description = 'Revoke a Coolify user login for MapleDeploy dashboard access management';`

			`public function handle(): int`
			`{`
			`$userId = (int) $this->argument('user_id');`
			`if ($userId === 0) {`
			`return $this->failWith('CANNOT_REVOKE_ROOT_USER');`
			`}`

			`$user = User::find($userId);`
			`if (! $user) {`
			`return $this->failWith('USER_NOT_FOUND');`
			`}`

			`$user->forceFill([`
			`'password' => Hash::make(Str::random(64)),`
			`// MapleDeploy branding: OAuth login matches by email, so keep a`
			`// persistent marker that the callback can reject after revocation.`
			`'remember_token' => 'mapledeploy-revoked:'.Str::random(40),`
			`])->save();`
			`$user->tokens()->delete();`
			`// MapleDeploy branding: revocation must end any active browser sessions.`
			`DB::table('sessions')->where('user_id', $user->id)->delete();`

			`$this->line(json_encode([`
			`'revoked' => [`
			`'id' => $user->id,`
			`'email' => $user->email,`
			`],`
			`], JSON_THROW_ON_ERROR));`

			`return self::SUCCESS;`
			`}`

			`private function failWith(string $code): int`
			`{`
			`$this->line(json_encode(['error' => $code], JSON_THROW_ON_ERROR));`

			`return self::FAILURE;`
			`}`
			`}`