From 6e73f7f2e49992a8abb5fc93af9f2d3df7bbf353 Mon Sep 17 00:00:00 2001
From: Andras Bacsai <andras.bacsai@gmail.com>
Date: Tue, 24 Oct 2023 15:40:29 +0200
Subject: [PATCH 1/4] fix: encrypt mongodb password

---
 app/Models/StandaloneMongodb.php | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

diff --git a/app/Models/StandaloneMongodb.php b/app/Models/StandaloneMongodb.php
index 6d9158a64..06a6cb537 100644
--- a/app/Models/StandaloneMongodb.php
+++ b/app/Models/StandaloneMongodb.php
@@ -42,6 +42,20 @@ protected static function booted()
         });
     }
 
+    public function mongoInitdbRootPassword(): Attribute
+    {
+        return Attribute::make(
+            get: function ($value) {
+                try {
+                    return decrypt($value);
+                } catch (\Throwable $th) {
+                    $this->mongo_initdb_root_password = encrypt($value);
+                    $this->save();
+                    return $value;
+                }
+            }
+        );
+    }
     public function portsMappings(): Attribute
     {
         return Attribute::make(
@@ -63,7 +77,8 @@ public function type(): string
     {
         return 'standalone-mongodb';
     }
-    public function getDbUrl(bool $useInternal = false) {
+    public function getDbUrl(bool $useInternal = false)
+    {
         if ($this->is_public && !$useInternal) {
             return "mongodb://{$this->mongo_initdb_root_username}:{$this->mongo_initdb_root_password}@{$this->destination->server->getIp}:{$this->public_port}/?directConnection=true";
         } else {

From 0232cf5b4c4b80e1d90fc0cbb95f04a941e810b2 Mon Sep 17 00:00:00 2001
From: Andras Bacsai <andras.bacsai@gmail.com>
Date: Tue, 24 Oct 2023 15:41:21 +0200
Subject: [PATCH 2/4] feat: lock environment variables

---
 .../Shared/EnvironmentVariable/All.php        | 24 ++++++--
 .../Shared/EnvironmentVariable/Show.php       | 33 +++++++---
 app/Models/EnvironmentVariable.php            | 16 +++--
 ...wn_once_to_environment_variables_table.php | 28 +++++++++
 .../shared/environment-variable/all.blade.php |  3 +-
 .../environment-variable/show.blade.php       | 60 ++++++++++++-------
 6 files changed, 121 insertions(+), 43 deletions(-)
 create mode 100644 database/migrations/2023_10_24_124934_add_is_shown_once_to_environment_variables_table.php

diff --git a/app/Http/Livewire/Project/Shared/EnvironmentVariable/All.php b/app/Http/Livewire/Project/Shared/EnvironmentVariable/All.php
index 9b714a590..b1fa237e0 100644
--- a/app/Http/Livewire/Project/Shared/EnvironmentVariable/All.php
+++ b/app/Http/Livewire/Project/Shared/EnvironmentVariable/All.php
@@ -31,11 +31,17 @@ public function mount()
     public function getDevView()
     {
         $this->variables = $this->resource->environment_variables->map(function ($item) {
+            if ($item->is_shown_once) {
+                return "$item->key=(locked secret)";
+            }
             return "$item->key=$item->value";
         })->sort()->join('
 ');
         if ($this->showPreview) {
             $this->variablesPreview = $this->resource->environment_variables_preview->map(function ($item) {
+                if ($item->is_shown_once) {
+                    return "$item->key=(locked secret)";
+                }
                 return "$item->key=$item->value";
             })->sort()->join('
 ');
@@ -49,19 +55,27 @@ public function saveVariables($isPreview)
     {
         if ($isPreview) {
             $variables = parseEnvFormatToArray($this->variablesPreview);
-            $existingVariables = $this->resource->environment_variables_preview();
-            $this->resource->environment_variables_preview()->delete();
         } else {
             $variables = parseEnvFormatToArray($this->variables);
-            $existingVariables = $this->resource->environment_variables();
-            $this->resource->environment_variables()->delete();
         }
         foreach ($variables as $key => $variable) {
-            $found = $existingVariables->where('key', $key)->first();
+            $found = $this->resource->environment_variables()->where('key', $key)->first();
+            $foundPreview = $this->resource->environment_variables_preview()->where('key', $key)->first();
             if ($found) {
+                if ($found->is_shown_once) {
+                    continue;
+                }
                 $found->value = $variable;
                 $found->save();
                 continue;
+            }
+            if ($foundPreview) {
+                if ($foundPreview->is_shown_once) {
+                    continue;
+                }
+                $foundPreview->value = $variable;
+                $foundPreview->save();
+                continue;
             } else {
                 $environment = new EnvironmentVariable();
                 $environment->key = $key;
diff --git a/app/Http/Livewire/Project/Shared/EnvironmentVariable/Show.php b/app/Http/Livewire/Project/Shared/EnvironmentVariable/Show.php
index 0ad197f1a..eed0f7052 100644
--- a/app/Http/Livewire/Project/Shared/EnvironmentVariable/Show.php
+++ b/app/Http/Livewire/Project/Shared/EnvironmentVariable/Show.php
@@ -5,7 +5,6 @@
 use App\Models\EnvironmentVariable as ModelsEnvironmentVariable;
 use Livewire\Component;
 use Visus\Cuid2\Cuid2;
-use Illuminate\Support\Str;
 
 class Show extends Component
 {
@@ -13,29 +12,45 @@ class Show extends Component
     public ModelsEnvironmentVariable $env;
     public ?string $modalId = null;
     public bool $isDisabled = false;
+    public bool $isLocked = false;
     public string $type;
 
     protected $rules = [
         'env.key' => 'required|string',
         'env.value' => 'nullable',
         'env.is_build_time' => 'required|boolean',
+        'env.is_shown_once' => 'required|boolean',
     ];
     protected $validationAttributes = [
-        'key' => 'key',
-        'value' => 'value',
-        'is_build_time' => 'build',
+        'key' => 'Key',
+        'value' => 'Value',
+        'is_build_time' => 'Build Time',
+        'is_shown_once' => 'Shown Once',
     ];
 
     public function mount()
     {
-        $this->isDisabled = false;
-        if (Str::of($this->env->key)->startsWith('SERVICE_FQDN') || Str::of($this->env->key)->startsWith('SERVICE_URL')) {
-            $this->isDisabled = true;
-        }
         $this->modalId = new Cuid2(7);
         $this->parameters = get_route_parameters();
+        $this->checkEnvs();
+    }
+    public function checkEnvs()
+    {
+        $this->isDisabled = false;
+        if (str($this->env->key)->startsWith('SERVICE_FQDN') || str($this->env->key)->startsWith('SERVICE_URL')) {
+            $this->isDisabled = true;
+        }
+        if ($this->env->is_shown_once) {
+            $this->isLocked = true;
+        }
+    }
+    public function lock()
+    {
+        $this->env->is_shown_once = true;
+        $this->env->save();
+        $this->checkEnvs();
+        $this->emit('refreshEnvs');
     }
-
     public function instantSave()
     {
         $this->submit();
diff --git a/app/Models/EnvironmentVariable.php b/app/Models/EnvironmentVariable.php
index 37619d190..5450f0127 100644
--- a/app/Models/EnvironmentVariable.php
+++ b/app/Models/EnvironmentVariable.php
@@ -11,7 +11,7 @@ class EnvironmentVariable extends Model
 {
     protected $guarded = [];
     protected $casts = [
-        "key" => 'string',
+        'key' => 'string',
         'value' => 'encrypted',
         'is_build_time' => 'boolean',
     ];
@@ -21,6 +21,10 @@ protected static function booted()
         static::created(function ($environment_variable) {
             if ($environment_variable->application_id && !$environment_variable->is_preview) {
                 $found = ModelsEnvironmentVariable::where('key', $environment_variable->key)->where('application_id', $environment_variable->application_id)->where('is_preview', true)->first();
+                $application = Application::find($environment_variable->application_id);
+                if ($application->build_pack === 'dockerfile') {
+                    return;
+                }
                 if (!$found) {
                     ModelsEnvironmentVariable::create([
                         'key' => $environment_variable->key,
@@ -33,7 +37,8 @@ protected static function booted()
             }
         });
     }
-    public function service() {
+    public function service()
+    {
         return $this->belongsTo(Service::class);
     }
     protected function value(): Attribute
@@ -55,9 +60,9 @@ private function get_environment_variables(?string $environment_variable = null)
             $variable = Str::after($environment_variable, 'global.');
             $variable = Str::before($variable, '}}');
             $variable = Str::of($variable)->trim()->value;
-               // $environment_variable = GlobalEnvironmentVariable::where('name', $environment_variable)->where('team_id', $team_id)->first()?->value;
-               ray('global env variable');
-               return $environment_variable;
+            // $environment_variable = GlobalEnvironmentVariable::where('name', $environment_variable)->where('team_id', $team_id)->first()?->value;
+            ray('global env variable');
+            return $environment_variable;
         }
         return $environment_variable;
     }
@@ -77,5 +82,4 @@ protected function key(): Attribute
             set: fn (string $value) => Str::of($value)->trim(),
         );
     }
-
 }
diff --git a/database/migrations/2023_10_24_124934_add_is_shown_once_to_environment_variables_table.php b/database/migrations/2023_10_24_124934_add_is_shown_once_to_environment_variables_table.php
new file mode 100644
index 000000000..e0df21186
--- /dev/null
+++ b/database/migrations/2023_10_24_124934_add_is_shown_once_to_environment_variables_table.php
@@ -0,0 +1,28 @@
+<?php
+
+use Illuminate\Database\Migrations\Migration;
+use Illuminate\Database\Schema\Blueprint;
+use Illuminate\Support\Facades\Schema;
+
+return new class extends Migration
+{
+    /**
+     * Run the migrations.
+     */
+    public function up(): void
+    {
+        Schema::table('environment_variables', function (Blueprint $table) {
+            $table->boolean('is_shown_once')->default(false);
+        });
+    }
+
+    /**
+     * Reverse the migrations.
+     */
+    public function down(): void
+    {
+        Schema::table('environment_variables', function (Blueprint $table) {
+            $table->dropColumn('is_shown_once');
+        });
+    }
+};
diff --git a/resources/views/livewire/project/shared/environment-variable/all.blade.php b/resources/views/livewire/project/shared/environment-variable/all.blade.php
index 6297f3822..ec1480e05 100644
--- a/resources/views/livewire/project/shared/environment-variable/all.blade.php
+++ b/resources/views/livewire/project/shared/environment-variable/all.blade.php
@@ -28,8 +28,7 @@
         @endif
     @else
         <form wire:submit.prevent='saveVariables(false)' class="flex flex-col gap-2">
-            <x-forms.textarea rows=25 class="whitespace-pre-wrap"
-                id="variables"></x-forms.textarea>
+            <x-forms.textarea rows=25 class="whitespace-pre-wrap" id="variables"></x-forms.textarea>
             <x-forms.button type="submit" class="btn btn-primary">Save</x-forms.button>
         </form>
         @if ($showPreview)
diff --git a/resources/views/livewire/project/shared/environment-variable/show.blade.php b/resources/views/livewire/project/shared/environment-variable/show.blade.php
index 6663dc12a..f41cf8bef 100644
--- a/resources/views/livewire/project/shared/environment-variable/show.blade.php
+++ b/resources/views/livewire/project/shared/environment-variable/show.blade.php
@@ -6,36 +6,54 @@ class="font-bold text-warning">({{ $env->key }})</span>?</p>
         </x-slot:modalBody>
     </x-modal>
     <form wire:submit.prevent='submit' class="flex flex-col items-center gap-2 xl:flex-row">
-        @if ($isDisabled)
+        @if ($isLocked)
+            <svg class="icon" viewBox="0 0 24 24" xmlns="http://www.w3.org/2000/svg">
+                <g fill="none" stroke="currentColor" stroke-linecap="round" stroke-linejoin="round" stroke-width="2">
+                    <path d="M5 13a2 2 0 0 1 2-2h10a2 2 0 0 1 2 2v6a2 2 0 0 1-2 2H7a2 2 0 0 1-2-2v-6z" />
+                    <path d="M11 16a1 1 0 1 0 2 0a1 1 0 0 0-2 0m-3-5V7a4 4 0 1 1 8 0v4" />
+                </g>
+            </svg>
             <x-forms.input disabled id="env.key" />
-            <x-forms.input disabled type="password" id="env.value" />
-            @if ($type !== 'service')
-                <x-forms.checkbox instantSave id="env.is_build_time" label="Build Variable?" />
-            @endif
         @else
-            <x-forms.input id="env.key" />
-            <x-forms.input type="password" id="env.value" />
-            @if ($type !== 'service')
-                <x-forms.checkbox instantSave id="env.is_build_time" label="Build Variable?" />
+            @if ($isDisabled)
+                <x-forms.input disabled id="env.key" />
+                <x-forms.input disabled type="password" id="env.value" />
+                @if ($type !== 'service')
+                    <x-forms.checkbox instantSave id="env.is_build_time" label="Build Variable?" />
+                @endif
+            @else
+                <x-forms.input id="env.key" />
+                <x-forms.input type="password" id="env.value" />
+                @if ($type !== 'service')
+                    <x-forms.checkbox instantSave id="env.is_build_time" label="Build Variable?" />
+                @endif
             @endif
         @endif
         <div class="flex gap-2">
-            @if ($isDisabled)
-                <x-forms.button disabled type="submit">
-                    Update
-                </x-forms.button>
-                <x-forms.button disabled isError isModal modalId="{{ $modalId }}">
-                    Delete
-                </x-forms.button>
-            @else
-                <x-forms.button type="submit">
-                    Update
-                </x-forms.button>
+            @if ($isLocked)
                 <x-forms.button isError isModal modalId="{{ $modalId }}">
                     Delete
                 </x-forms.button>
+            @else
+                @if ($isDisabled)
+                    <x-forms.button disabled type="submit">
+                        Update
+                    </x-forms.button>
+                    <x-forms.button disabled isError isModal modalId="{{ $modalId }}">
+                        Delete
+                    </x-forms.button>
+                @else
+                    <x-forms.button type="submit">
+                        Update
+                    </x-forms.button>
+                    <x-forms.button wire:click='lock'>
+                        Lock
+                    </x-forms.button>
+                    <x-forms.button isError isModal modalId="{{ $modalId }}">
+                        Delete
+                    </x-forms.button>
+                @endif
             @endif
-
         </div>
     </form>
 </div>

From dc86170ef5e3d3b2ff8d7b67a13048bc5401d8eb Mon Sep 17 00:00:00 2001
From: Andras Bacsai <andras.bacsai@gmail.com>
Date: Tue, 24 Oct 2023 15:41:44 +0200
Subject: [PATCH 3/4] version++

---
 config/sentry.php  | 2 +-
 config/version.php | 2 +-
 versions.json      | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/config/sentry.php b/config/sentry.php
index 25d04008a..32e27e081 100644
--- a/config/sentry.php
+++ b/config/sentry.php
@@ -7,7 +7,7 @@
 
     // The release version of your application
     // Example with dynamic git hash: trim(exec('git --git-dir ' . base_path('.git') . ' log --pretty="%h" -n1 HEAD'))
-    'release' => '4.0.0-beta.100',
+    'release' => '4.0.0-beta.101',
     // When left empty or `null` the Laravel environment will be used
     'environment' => config('app.env'),
 
diff --git a/config/version.php b/config/version.php
index 042813982..d54064579 100644
--- a/config/version.php
+++ b/config/version.php
@@ -1,3 +1,3 @@
 <?php
 
-return '4.0.0-beta.100';
+return '4.0.0-beta.101';
diff --git a/versions.json b/versions.json
index 30083a277..4c8e06b9d 100644
--- a/versions.json
+++ b/versions.json
@@ -4,7 +4,7 @@
             "version": "3.12.36"
         },
         "v4": {
-            "version": "4.0.0-beta.100"
+            "version": "4.0.0-beta.101"
         }
     }
 }

From 5e8ac1b48ea19dab11a92c045dc52f35822df8d5 Mon Sep 17 00:00:00 2001
From: Andras Bacsai <andras.bacsai@gmail.com>
Date: Tue, 24 Oct 2023 15:47:29 +0200
Subject: [PATCH 4/4] fix: mongodb healtcheck command

---
 app/Actions/Database/StartMongodb.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/Actions/Database/StartMongodb.php b/app/Actions/Database/StartMongodb.php
index 645ed6ee9..8bfb9a982 100644
--- a/app/Actions/Database/StartMongodb.php
+++ b/app/Actions/Database/StartMongodb.php
@@ -52,7 +52,7 @@ public function handle(StandaloneMongodb $database)
                     'healthcheck' => [
                         'test' => [
                             'CMD-SHELL',
-                            'mongo --eval "printjson(db.serverStatus())" | grep uptime | grep -v grep'
+                            'mongosh --eval "printjson(db.runCommand(\"ping\"))"'
                         ],
                         'interval' => '5s',
                         'timeout' => '5s',