rosslh/coolify
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix: add authorization checks to database Livewire components

Browse source 
Added authorization checks to 11 database-related Livewire components
that were loading sensitive database configuration without verifying
user permissions.

Changes:
- Added authorize('view', $database) to all 8 database type General.php mount() methods
- Added authorization to Configuration.php before loading database
- Added authorization to BackupEdit.php before loading backup config
- Added authorization to Import.php before loading database resource

This prevents unauthorized users from accessing database credentials,
connection strings, and configuration details.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
Andras Bacsai 2025-10-14 17:33:42 +02:00
parent a3d9ca5c5c
commit e20327b9c4
11 changed files with 14 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
app/Livewire/Project/Database/BackupEdit.php
View file

@ -85,6 +85,7 @@ class BackupEdit extends Component
public function mount()
{
try {
$this->authorize('view', $this->backup->database);
$this->parameters = get_route_parameters();
$this->syncData();
} catch (Exception $e) {

1
app/Livewire/Project/Database/Clickhouse/General.php
View file

@ -56,6 +56,7 @@ public function getListeners()
public function mount()
{
try {
$this->authorize('view', $this->database);
$this->syncData();
$this->server = data_get($this->database, 'destination.server');
if (! $this->server) {

4
app/Livewire/Project/Database/Configuration.php
View file

@ -3,10 +3,12 @@
namespace App\Livewire\Project\Database;
use Auth;
use Illuminate\Foundation\Auth\Access\AuthorizesRequests;
use Livewire\Component;
class Configuration extends Component
{
use AuthorizesRequests;
public $currentRoute;
public $database;
@ -42,6 +44,8 @@ public function mount()
->where('uuid', request()->route('database_uuid'))
->firstOrFail();
$this->authorize('view', $database);
$this->database = $database;
$this->project = $project;
$this->environment = $environment;

1
app/Livewire/Project/Database/Dragonfly/General.php
View file

@ -62,6 +62,7 @@ public function getListeners()
public function mount()
{
try {
$this->authorize('view', $this->database);
$this->syncData();
$this->server = data_get($this->database, 'destination.server');
if (! $this->server) {

1
app/Livewire/Project/Database/Import.php
View file

@ -131,6 +131,7 @@ public function getContainers()
if (is_null($resource)) {
abort(404);
}
$this->authorize('view', $resource);
$this->resource = $resource;
$this->server = $this->resource->destination->server;
$this->container = $this->resource->uuid;

1
app/Livewire/Project/Database/Keydb/General.php
View file

@ -64,6 +64,7 @@ public function getListeners()
public function mount()
{
try {
$this->authorize('view', $this->database);
$this->syncData();
$this->server = data_get($this->database, 'destination.server');
if (! $this->server) {

1
app/Livewire/Project/Database/Mariadb/General.php
View file

@ -122,6 +122,7 @@ protected function messages(): array
public function mount()
{
try {
$this->authorize('view', $this->database);
$this->syncData();
$this->server = data_get($this->database, 'destination.server');
if (! $this->server) {

1
app/Livewire/Project/Database/Mongodb/General.php
View file

@ -122,6 +122,7 @@ protected function messages(): array
public function mount()
{
try {
$this->authorize('view', $this->database);
$this->syncData();
$this->server = data_get($this->database, 'destination.server');
if (! $this->server) {

1
app/Livewire/Project/Database/Mysql/General.php
View file

@ -127,6 +127,7 @@ protected function messages(): array
public function mount()
{
try {
$this->authorize('view', $this->database);
$this->syncData();
$this->server = data_get($this->database, 'destination.server');
if (! $this->server) {

1
app/Livewire/Project/Database/Postgresql/General.php
View file

@ -140,6 +140,7 @@ protected function messages(): array
public function mount()
{
try {
$this->authorize('view', $this->database);
$this->syncData();
$this->server = data_get($this->database, 'destination.server');
if (! $this->server) {

1
app/Livewire/Project/Database/Redis/General.php
View file

@ -115,6 +115,7 @@ protected function messages(): array
public function mount()
{
try {
$this->authorize('view', $this->database);
$this->syncData();
$this->server = data_get($this->database, 'destination.server');
if (! $this->server) {