rosslh/coolify
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Clean up status file after upgrade and reduce data exposure

Browse source 
- Delete status file 10 seconds after upgrade completes
- Reduce stale timeout from 30 to 10 minutes
- Remove timestamp from API response (internal detail)
- Treat timestamp parse failures as stale for security

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
Andras Bacsai 2025-12-12 21:14:31 +01:00
parent b8cfc3f7c9
commit dc9f612df4
2 changed files with 9 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
app/Http/Controllers/Api/OtherController.php
View file

@ -202,7 +202,6 @@ public function healthcheck(Request $request)
new OA\Property(property: 'status', type: 'string', example: 'in_progress'), new OA\Property(property: 'status', type: 'string', example: 'in_progress'),
new OA\Property(property: 'step', type: 'integer', example: 3), new OA\Property(property: 'step', type: 'integer', example: 3),
new OA\Property(property: 'message', type: 'string', example: 'Pulling Docker images'), new OA\Property(property: 'message', type: 'string', example: 'Pulling Docker images'),
new OA\Property(property: 'timestamp', type: 'string', example: '2024-01-15T10:30:45+00:00'),
] ]
)), )),
new OA\Response( new OA\Response(
@ -231,17 +230,18 @@ public function upgradeStatus(Request $request)
[$step, $message, $timestamp] = $parts; [$step, $message, $timestamp] = $parts;
// Check if status is stale (older than 30 minutes) // Check if status is stale (older than 10 minutes) - upgrades shouldn't take longer
try { try {
$statusTime = new \DateTime($timestamp); $statusTime = new \DateTime($timestamp);
$now = new \DateTime; $now = new \DateTime;
$diffMinutes = ($now->getTimestamp() - $statusTime->getTimestamp()) / 60; $diffMinutes = ($now->getTimestamp() - $statusTime->getTimestamp()) / 60;
if ($diffMinutes > 30) { if ($diffMinutes > 10) {
return response()->json(['status' => 'none']); return response()->json(['status' => 'none']);
} }
} catch (\Exception $e) { } catch (\Exception $e) {
// If timestamp parsing fails, continue with the status // If timestamp parsing fails, treat as stale for security
return response()->json(['status' => 'none']);
} }
// Determine status based on step // Determine status based on step
@ -250,7 +250,6 @@ public function upgradeStatus(Request $request)
'status' => 'error', 'status' => 'error',
'step' => 0, 'step' => 0,
'message' => $message, 'message' => $message,
'timestamp' => $timestamp,
]); ]);
} }
@ -261,7 +260,6 @@ public function upgradeStatus(Request $request)
'status' => $status, 'status' => $status,
'step' => $stepInt, 'step' => $stepInt,
'message' => $message, 'message' => $message,
'timestamp' => $timestamp,
]); ]);
} }
} }

5
scripts/upgrade.sh
View file

@ -260,6 +260,11 @@ nohup bash -c "
echo '============================================================' >>\"\$LOGFILE\" echo '============================================================' >>\"\$LOGFILE\"
echo \"Upgrade completed: \$(date '+%Y-%m-%d %H:%M:%S')\" >>\"\$LOGFILE\" echo \"Upgrade completed: \$(date '+%Y-%m-%d %H:%M:%S')\" >>\"\$LOGFILE\"
echo '============================================================' >>\"\$LOGFILE\" echo '============================================================' >>\"\$LOGFILE\"
# Clean up status file after a short delay to allow frontend to read completion
sleep 10
rm -f \"\$STATUS_FILE\"
log 'Status file cleaned up'
" >>"$LOGFILE" 2>&1 & " >>"$LOGFILE" 2>&1 &
# Give the background process a moment to start # Give the background process a moment to start