coolify/app/Http/Controllers/UploadController.php

<?php

namespace App\Http\Controllers;

use Illuminate\Http\Request;
use Illuminate\Http\UploadedFile;
use Illuminate\Routing\Controller as BaseController;
use Pion\Laravel\ChunkUpload\Exceptions\UploadMissingFileException;
use Pion\Laravel\ChunkUpload\Handler\HandlerFactory;
use Pion\Laravel\ChunkUpload\Receiver\FileReceiver;

class UploadController extends BaseController
{
    private const MAX_BYTES = 10 * 1024 * 1024 * 1024; // 10 GiB

    private const ALLOWED_EXTENSIONS = [
        'sql',
        'sql.gz',
        'gz',
        'zip',
        'tar',
        'tar.gz',
        'tgz',
        'dump',
        'bak',
        'bson',
        'bson.gz',
        'archive',
        'archive.gz',
        'bz2',
        'xz',
    ];

    public function upload(Request $request)
    {
        $databaseIdentifier = request()->route('databaseUuid');
        $resource = getResourceByUuid($databaseIdentifier, data_get(auth()->user()->currentTeam(), 'id'));
        if (is_null($resource)) {
            return response()->json(['error' => 'You do not have permission for this database'], 500);
        }

        $chunk = $request->file('file');
        $originalName = $chunk instanceof UploadedFile ? $chunk->getClientOriginalName() : null;
        if (blank($originalName) || ! self::hasAllowedExtension($originalName)) {
            return response()->json([
                'error' => 'Unsupported file type. Allowed extensions: '.implode(', ', self::ALLOWED_EXTENSIONS),
            ], 422);
        }

        $declaredTotalSize = (int) $request->input('dzTotalFilesize', 0);
        if ($declaredTotalSize > self::MAX_BYTES) {
            return response()->json([
                'error' => 'File exceeds maximum allowed size of '.self::formatMaxSize().'.',
            ], 422);
        }

        $receiver = new FileReceiver('file', $request, HandlerFactory::classFromRequest($request));

        if ($receiver->isUploaded() === false) {
            throw new UploadMissingFileException;
        }

        $save = $receiver->receive();

        if ($save->isFinished()) {
            // Use the original identifier from the route to maintain path consistency
            // For ServiceDatabase: {name}-{service_uuid}
            // For standalone databases: {uuid}
            return $this->saveFile($save->getFile(), $databaseIdentifier);
        }

        $handler = $save->handler();

        return response()->json([
            'done' => $handler->getPercentageDone(),
            'status' => true,
        ]);
    }

    protected function saveFile(UploadedFile $file, string $resourceIdentifier)
    {
        $originalName = $file->getClientOriginalName();
        $size = $file->getSize();

        if (! self::hasAllowedExtension($originalName) || $size === false || $size > self::MAX_BYTES) {
            @unlink($file->getPathname());

            return response()->json([
                'error' => 'Uploaded file failed validation.',
            ], 422);
        }

        $mime = str_replace('/', '-', $file->getMimeType());
        $filePath = "upload/{$resourceIdentifier}";
        $finalPath = storage_path('app/'.$filePath);
        $file->move($finalPath, 'restore');

        return response()->json([
            'mime_type' => $mime,
        ]);
    }

    private static function hasAllowedExtension(string $name): bool
    {
        $lower = strtolower($name);
        $suffixes = array_map(fn ($ext) => '.'.$ext, self::ALLOWED_EXTENSIONS);
        usort($suffixes, fn ($a, $b) => strlen($b) <=> strlen($a));

        foreach ($suffixes as $suffix) {
            if (! str_ends_with($lower, $suffix)) {
                continue;
            }

            $stem = substr($lower, 0, -strlen($suffix));
            if ($stem !== '' && ! str_ends_with($stem, '.')) {
                return true;
            }

            return false;
        }

        return false;
    }

    private static function formatMaxSize(): string
    {
        return (self::MAX_BYTES / (1024 * 1024 * 1024)).' GiB';
    }
}
feat: upload large backups 2024-04-11 10:13:11 +00:00			`<?php`

			`namespace App\Http\Controllers;`

			`use Illuminate\Http\Request;`
			`use Illuminate\Http\UploadedFile;`
Fix styling 2024-06-10 20:43:34 +00:00			`use Illuminate\Routing\Controller as BaseController;`
feat: upload large backups 2024-04-11 10:13:11 +00:00			`use Pion\Laravel\ChunkUpload\Exceptions\UploadMissingFileException;`
			`use Pion\Laravel\ChunkUpload\Handler\HandlerFactory;`
			`use Pion\Laravel\ChunkUpload\Receiver\FileReceiver;`

			`class UploadController extends BaseController`
			`{`
refactor(backup): validate database backup upload file type and size Add allowlist of backup file extensions (sql, sql.gz, tar, tgz, zip, dump, bak, bson, archive, bz2, xz, and compound variants) and enforce a 10 GiB maximum file size on the backup upload endpoint. Validation runs early on each chunk using the dropzone metadata and again on the assembled file. Also drops the unused createFilename helper and the commented-out S3 block. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> 2026-04-20 09:45:00 +00:00			`private const MAX_BYTES = 10 * 1024 * 1024 * 1024; // 10 GiB`

			`private const ALLOWED_EXTENSIONS = [`
			`'sql',`
			`'sql.gz',`
			`'gz',`
			`'zip',`
			`'tar',`
			`'tar.gz',`
			`'tgz',`
			`'dump',`
			`'bak',`
			`'bson',`
			`'bson.gz',`
			`'archive',`
			`'archive.gz',`
			`'bz2',`
			`'xz',`
			`];`

feat: upload large backups 2024-04-11 10:13:11 +00:00			`public function upload(Request $request)`
			`{`
feat: Refactor service database management and backup functionalities - Introduced a new sidebar component for service database navigation. - Updated routes for database import and backup functionalities. - Refactored the database import view to improve clarity and maintainability. - Consolidated service application and database views into a more cohesive structure. - Removed deprecated service application view and integrated its functionalities into the service index. - Enhanced user experience with modal confirmations for critical actions. - Improved code readability and organization across various components. 2026-01-02 15:29:48 +00:00			`$databaseIdentifier = request()->route('databaseUuid');`
			`$resource = getResourceByUuid($databaseIdentifier, data_get(auth()->user()->currentTeam(), 'id'));`
feat: upload large backups 2024-04-11 10:13:11 +00:00			`if (is_null($resource)) {`
			`return response()->json(['error' => 'You do not have permission for this database'], 500);`
			`}`
refactor(backup): validate database backup upload file type and size Add allowlist of backup file extensions (sql, sql.gz, tar, tgz, zip, dump, bak, bson, archive, bz2, xz, and compound variants) and enforce a 10 GiB maximum file size on the backup upload endpoint. Validation runs early on each chunk using the dropzone metadata and again on the assembled file. Also drops the unused createFilename helper and the commented-out S3 block. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> 2026-04-20 09:45:00 +00:00
			`$chunk = $request->file('file');`
			`$originalName = $chunk instanceof UploadedFile ? $chunk->getClientOriginalName() : null;`
			`if (blank($originalName) \|\| ! self::hasAllowedExtension($originalName)) {`
			`return response()->json([`
			`'error' => 'Unsupported file type. Allowed extensions: '.implode(', ', self::ALLOWED_EXTENSIONS),`
			`], 422);`
			`}`

			`$declaredTotalSize = (int) $request->input('dzTotalFilesize', 0);`
			`if ($declaredTotalSize > self::MAX_BYTES) {`
			`return response()->json([`
			`'error' => 'File exceeds maximum allowed size of '.self::formatMaxSize().'.',`
			`], 422);`
			`}`

Fix styling 2024-06-10 20:43:34 +00:00			`$receiver = new FileReceiver('file', $request, HandlerFactory::classFromRequest($request));`
feat: upload large backups 2024-04-11 10:13:11 +00:00
			`if ($receiver->isUploaded() === false) {`
Fix styling 2024-07-24 19:11:12 +00:00			`throw new UploadMissingFileException;`
feat: upload large backups 2024-04-11 10:13:11 +00:00			`}`

			`$save = $receiver->receive();`

			`if ($save->isFinished()) {`
feat: Refactor service database management and backup functionalities - Introduced a new sidebar component for service database navigation. - Updated routes for database import and backup functionalities. - Refactored the database import view to improve clarity and maintainability. - Consolidated service application and database views into a more cohesive structure. - Removed deprecated service application view and integrated its functionalities into the service index. - Enhanced user experience with modal confirmations for critical actions. - Improved code readability and organization across various components. 2026-01-02 15:29:48 +00:00			`// Use the original identifier from the route to maintain path consistency`
			`// For ServiceDatabase: {name}-{service_uuid}`
			`// For standalone databases: {uuid}`
			`return $this->saveFile($save->getFile(), $databaseIdentifier);`
feat: upload large backups 2024-04-11 10:13:11 +00:00			`}`

			`$handler = $save->handler();`
Fix styling 2024-06-10 20:43:34 +00:00
feat: upload large backups 2024-04-11 10:13:11 +00:00			`return response()->json([`
Fix styling 2024-06-10 20:43:34 +00:00			`'done' => $handler->getPercentageDone(),`
			`'status' => true,`
feat: upload large backups 2024-04-11 10:13:11 +00:00			`]);`
			`}`
refactor(backup): validate database backup upload file type and size Add allowlist of backup file extensions (sql, sql.gz, tar, tgz, zip, dump, bak, bson, archive, bz2, xz, and compound variants) and enforce a 10 GiB maximum file size on the backup upload endpoint. Validation runs early on each chunk using the dropzone metadata and again on the assembled file. Also drops the unused createFilename helper and the commented-out S3 block. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> 2026-04-20 09:45:00 +00:00
feat: Refactor service database management and backup functionalities - Introduced a new sidebar component for service database navigation. - Updated routes for database import and backup functionalities. - Refactored the database import view to improve clarity and maintainability. - Consolidated service application and database views into a more cohesive structure. - Removed deprecated service application view and integrated its functionalities into the service index. - Enhanced user experience with modal confirmations for critical actions. - Improved code readability and organization across various components. 2026-01-02 15:29:48 +00:00			`protected function saveFile(UploadedFile $file, string $resourceIdentifier)`
feat: upload large backups 2024-04-11 10:13:11 +00:00			`{`
refactor(backup): validate database backup upload file type and size Add allowlist of backup file extensions (sql, sql.gz, tar, tgz, zip, dump, bak, bson, archive, bz2, xz, and compound variants) and enforce a 10 GiB maximum file size on the backup upload endpoint. Validation runs early on each chunk using the dropzone metadata and again on the assembled file. Also drops the unused createFilename helper and the commented-out S3 block. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> 2026-04-20 09:45:00 +00:00			`$originalName = $file->getClientOriginalName();`
			`$size = $file->getSize();`

			`if (! self::hasAllowedExtension($originalName) \|\| $size === false \|\| $size > self::MAX_BYTES) {`
			`@unlink($file->getPathname());`

			`return response()->json([`
			`'error' => 'Uploaded file failed validation.',`
			`], 422);`
			`}`

feat: upload large backups 2024-04-11 10:13:11 +00:00			`$mime = str_replace('/', '-', $file->getMimeType());`
feat: Refactor service database management and backup functionalities - Introduced a new sidebar component for service database navigation. - Updated routes for database import and backup functionalities. - Refactored the database import view to improve clarity and maintainability. - Consolidated service application and database views into a more cohesive structure. - Removed deprecated service application view and integrated its functionalities into the service index. - Enhanced user experience with modal confirmations for critical actions. - Improved code readability and organization across various components. 2026-01-02 15:29:48 +00:00			`$filePath = "upload/{$resourceIdentifier}";`
Fix styling 2024-06-10 20:43:34 +00:00			`$finalPath = storage_path('app/'.$filePath);`
feat: upload large backups 2024-04-11 10:13:11 +00:00			`$file->move($finalPath, 'restore');`

			`return response()->json([`
Fix styling 2024-06-10 20:43:34 +00:00			`'mime_type' => $mime,`
feat: upload large backups 2024-04-11 10:13:11 +00:00			`]);`
			`}`
Fix styling 2024-06-10 20:43:34 +00:00
refactor(backup): validate database backup upload file type and size Add allowlist of backup file extensions (sql, sql.gz, tar, tgz, zip, dump, bak, bson, archive, bz2, xz, and compound variants) and enforce a 10 GiB maximum file size on the backup upload endpoint. Validation runs early on each chunk using the dropzone metadata and again on the assembled file. Also drops the unused createFilename helper and the commented-out S3 block. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> 2026-04-20 09:45:00 +00:00			`private static function hasAllowedExtension(string $name): bool`
feat: upload large backups 2024-04-11 10:13:11 +00:00			`{`
refactor(backup): validate database backup upload file type and size Add allowlist of backup file extensions (sql, sql.gz, tar, tgz, zip, dump, bak, bson, archive, bz2, xz, and compound variants) and enforce a 10 GiB maximum file size on the backup upload endpoint. Validation runs early on each chunk using the dropzone metadata and again on the assembled file. Also drops the unused createFilename helper and the commented-out S3 block. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> 2026-04-20 09:45:00 +00:00			`$lower = strtolower($name);`
			`$suffixes = array_map(fn ($ext) => '.'.$ext, self::ALLOWED_EXTENSIONS);`
			`usort($suffixes, fn ($a, $b) => strlen($b) <=> strlen($a));`

			`foreach ($suffixes as $suffix) {`
			`if (! str_ends_with($lower, $suffix)) {`
			`continue;`
			`}`

			`$stem = substr($lower, 0, -strlen($suffix));`
			`if ($stem !== '' && ! str_ends_with($stem, '.')) {`
			`return true;`
			`}`
feat: upload large backups 2024-04-11 10:13:11 +00:00
refactor(backup): validate database backup upload file type and size Add allowlist of backup file extensions (sql, sql.gz, tar, tgz, zip, dump, bak, bson, archive, bz2, xz, and compound variants) and enforce a 10 GiB maximum file size on the backup upload endpoint. Validation runs early on each chunk using the dropzone metadata and again on the assembled file. Also drops the unused createFilename helper and the commented-out S3 block. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> 2026-04-20 09:45:00 +00:00			`return false;`
			`}`

			`return false;`
			`}`
feat: upload large backups 2024-04-11 10:13:11 +00:00
refactor(backup): validate database backup upload file type and size Add allowlist of backup file extensions (sql, sql.gz, tar, tgz, zip, dump, bak, bson, archive, bz2, xz, and compound variants) and enforce a 10 GiB maximum file size on the backup upload endpoint. Validation runs early on each chunk using the dropzone metadata and again on the assembled file. Also drops the unused createFilename helper and the commented-out S3 block. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> 2026-04-20 09:45:00 +00:00			`private static function formatMaxSize(): string`
			`{`
			`return (self::MAX_BYTES / (1024 * 1024 * 1024)).' GiB';`
feat: upload large backups 2024-04-11 10:13:11 +00:00			`}`
			`}`