From 74c70b431cfa0bdefe49f9aed10267186719d971 Mon Sep 17 00:00:00 2001 From: Andras Bacsai <5845193+andrasbacsai@users.noreply.github.com> Date: Tue, 14 Oct 2025 17:04:48 +0200 Subject: [PATCH 1/2] fix: prevent TypeError in database General components with null server MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Nullable server + guard to avoid TypeError/NPE. Don't terminate the app, terminate the bug. Changes: - Made Server property nullable (?Server $server = null) in all 8 database General components - Added guard clause in mount() to check for null server before accessing it - Displays user-friendly error message when destination server is not configured - Prevents crashes in methods like isLogDrainEnabled() and sslCertificates() Fixed components: - Mariadb, Dragonfly, Clickhouse, Keydb - Mysql, Mongodb, Redis, Postgresql 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude --- app/Livewire/Project/Database/Clickhouse/General.php | 7 ++++++- app/Livewire/Project/Database/Dragonfly/General.php | 7 ++++++- app/Livewire/Project/Database/Keydb/General.php | 7 ++++++- app/Livewire/Project/Database/Mariadb/General.php | 7 ++++++- app/Livewire/Project/Database/Mongodb/General.php | 7 ++++++- app/Livewire/Project/Database/Mysql/General.php | 7 ++++++- app/Livewire/Project/Database/Postgresql/General.php | 7 ++++++- app/Livewire/Project/Database/Redis/General.php | 7 ++++++- 8 files changed, 48 insertions(+), 8 deletions(-) diff --git a/app/Livewire/Project/Database/Clickhouse/General.php b/app/Livewire/Project/Database/Clickhouse/General.php index b80775853..d41609c75 100644 --- a/app/Livewire/Project/Database/Clickhouse/General.php +++ b/app/Livewire/Project/Database/Clickhouse/General.php @@ -16,7 +16,7 @@ class General extends Component { use AuthorizesRequests; - public Server $server; + public ?Server $server = null; public StandaloneClickhouse $database; @@ -58,6 +58,11 @@ public function mount() try { $this->syncData(); $this->server = data_get($this->database, 'destination.server'); + if (! $this->server) { + $this->dispatch('error', 'Database destination server is not configured.'); + + return; + } } catch (\Throwable $e) { return handleError($e, $this); } diff --git a/app/Livewire/Project/Database/Dragonfly/General.php b/app/Livewire/Project/Database/Dragonfly/General.php index 4b93e69d7..69633e302 100644 --- a/app/Livewire/Project/Database/Dragonfly/General.php +++ b/app/Livewire/Project/Database/Dragonfly/General.php @@ -18,7 +18,7 @@ class General extends Component { use AuthorizesRequests; - public Server $server; + public ?Server $server = null; public StandaloneDragonfly $database; @@ -64,6 +64,11 @@ public function mount() try { $this->syncData(); $this->server = data_get($this->database, 'destination.server'); + if (! $this->server) { + $this->dispatch('error', 'Database destination server is not configured.'); + + return; + } $existingCert = $this->database->sslCertificates()->first(); diff --git a/app/Livewire/Project/Database/Keydb/General.php b/app/Livewire/Project/Database/Keydb/General.php index 016dc4e01..20d0486dc 100644 --- a/app/Livewire/Project/Database/Keydb/General.php +++ b/app/Livewire/Project/Database/Keydb/General.php @@ -18,7 +18,7 @@ class General extends Component { use AuthorizesRequests; - public Server $server; + public ?Server $server = null; public StandaloneKeydb $database; @@ -66,6 +66,11 @@ public function mount() try { $this->syncData(); $this->server = data_get($this->database, 'destination.server'); + if (! $this->server) { + $this->dispatch('error', 'Database destination server is not configured.'); + + return; + } $existingCert = $this->database->sslCertificates()->first(); diff --git a/app/Livewire/Project/Database/Mariadb/General.php b/app/Livewire/Project/Database/Mariadb/General.php index d565c6166..4de73f61c 100644 --- a/app/Livewire/Project/Database/Mariadb/General.php +++ b/app/Livewire/Project/Database/Mariadb/General.php @@ -18,7 +18,7 @@ class General extends Component { use AuthorizesRequests; - public Server $server; + public ?Server $server = null; public StandaloneMariadb $database; @@ -124,6 +124,11 @@ public function mount() try { $this->syncData(); $this->server = data_get($this->database, 'destination.server'); + if (! $this->server) { + $this->dispatch('error', 'Database destination server is not configured.'); + + return; + } $existingCert = $this->database->sslCertificates()->first(); diff --git a/app/Livewire/Project/Database/Mongodb/General.php b/app/Livewire/Project/Database/Mongodb/General.php index f5ecfba1c..534e90bc4 100644 --- a/app/Livewire/Project/Database/Mongodb/General.php +++ b/app/Livewire/Project/Database/Mongodb/General.php @@ -18,7 +18,7 @@ class General extends Component { use AuthorizesRequests; - public Server $server; + public ?Server $server = null; public StandaloneMongodb $database; @@ -124,6 +124,11 @@ public function mount() try { $this->syncData(); $this->server = data_get($this->database, 'destination.server'); + if (! $this->server) { + $this->dispatch('error', 'Database destination server is not configured.'); + + return; + } $existingCert = $this->database->sslCertificates()->first(); diff --git a/app/Livewire/Project/Database/Mysql/General.php b/app/Livewire/Project/Database/Mysql/General.php index 22c6eb39e..b66165527 100644 --- a/app/Livewire/Project/Database/Mysql/General.php +++ b/app/Livewire/Project/Database/Mysql/General.php @@ -20,7 +20,7 @@ class General extends Component public StandaloneMysql $database; - public Server $server; + public ?Server $server = null; public string $name; @@ -129,6 +129,11 @@ public function mount() try { $this->syncData(); $this->server = data_get($this->database, 'destination.server'); + if (! $this->server) { + $this->dispatch('error', 'Database destination server is not configured.'); + + return; + } $existingCert = $this->database->sslCertificates()->first(); diff --git a/app/Livewire/Project/Database/Postgresql/General.php b/app/Livewire/Project/Database/Postgresql/General.php index 5314d1084..eae6870b6 100644 --- a/app/Livewire/Project/Database/Postgresql/General.php +++ b/app/Livewire/Project/Database/Postgresql/General.php @@ -20,7 +20,7 @@ class General extends Component public StandalonePostgresql $database; - public Server $server; + public ?Server $server = null; public string $name; @@ -142,6 +142,11 @@ public function mount() try { $this->syncData(); $this->server = data_get($this->database, 'destination.server'); + if (! $this->server) { + $this->dispatch('error', 'Database destination server is not configured.'); + + return; + } $existingCert = $this->database->sslCertificates()->first(); diff --git a/app/Livewire/Project/Database/Redis/General.php b/app/Livewire/Project/Database/Redis/General.php index a24a977ad..6a17a6053 100644 --- a/app/Livewire/Project/Database/Redis/General.php +++ b/app/Livewire/Project/Database/Redis/General.php @@ -18,7 +18,7 @@ class General extends Component { use AuthorizesRequests; - public Server $server; + public ?Server $server = null; public StandaloneRedis $database; @@ -117,6 +117,11 @@ public function mount() try { $this->syncData(); $this->server = data_get($this->database, 'destination.server'); + if (! $this->server) { + $this->dispatch('error', 'Database destination server is not configured.'); + + return; + } $existingCert = $this->database->sslCertificates()->first(); From e20327b9c4e4a36d01e49e170fcb7cb8f5d0f283 Mon Sep 17 00:00:00 2001 From: Andras Bacsai <5845193+andrasbacsai@users.noreply.github.com> Date: Tue, 14 Oct 2025 17:33:42 +0200 Subject: [PATCH 2/2] fix: add authorization checks to database Livewire components MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Added authorization checks to 11 database-related Livewire components that were loading sensitive database configuration without verifying user permissions. Changes: - Added authorize('view', $database) to all 8 database type General.php mount() methods - Added authorization to Configuration.php before loading database - Added authorization to BackupEdit.php before loading backup config - Added authorization to Import.php before loading database resource This prevents unauthorized users from accessing database credentials, connection strings, and configuration details. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude --- app/Livewire/Project/Database/BackupEdit.php | 1 + app/Livewire/Project/Database/Clickhouse/General.php | 1 + app/Livewire/Project/Database/Configuration.php | 4 ++++ app/Livewire/Project/Database/Dragonfly/General.php | 1 + app/Livewire/Project/Database/Import.php | 1 + app/Livewire/Project/Database/Keydb/General.php | 1 + app/Livewire/Project/Database/Mariadb/General.php | 1 + app/Livewire/Project/Database/Mongodb/General.php | 1 + app/Livewire/Project/Database/Mysql/General.php | 1 + app/Livewire/Project/Database/Postgresql/General.php | 1 + app/Livewire/Project/Database/Redis/General.php | 1 + 11 files changed, 14 insertions(+) diff --git a/app/Livewire/Project/Database/BackupEdit.php b/app/Livewire/Project/Database/BackupEdit.php index b3df79008..7deaa82a9 100644 --- a/app/Livewire/Project/Database/BackupEdit.php +++ b/app/Livewire/Project/Database/BackupEdit.php @@ -85,6 +85,7 @@ class BackupEdit extends Component public function mount() { try { + $this->authorize('view', $this->backup->database); $this->parameters = get_route_parameters(); $this->syncData(); } catch (Exception $e) { diff --git a/app/Livewire/Project/Database/Clickhouse/General.php b/app/Livewire/Project/Database/Clickhouse/General.php index d41609c75..c4a7983b8 100644 --- a/app/Livewire/Project/Database/Clickhouse/General.php +++ b/app/Livewire/Project/Database/Clickhouse/General.php @@ -56,6 +56,7 @@ public function getListeners() public function mount() { try { + $this->authorize('view', $this->database); $this->syncData(); $this->server = data_get($this->database, 'destination.server'); if (! $this->server) { diff --git a/app/Livewire/Project/Database/Configuration.php b/app/Livewire/Project/Database/Configuration.php index 88ecccf99..513ba9f16 100644 --- a/app/Livewire/Project/Database/Configuration.php +++ b/app/Livewire/Project/Database/Configuration.php @@ -3,10 +3,12 @@ namespace App\Livewire\Project\Database; use Auth; +use Illuminate\Foundation\Auth\Access\AuthorizesRequests; use Livewire\Component; class Configuration extends Component { + use AuthorizesRequests; public $currentRoute; public $database; @@ -42,6 +44,8 @@ public function mount() ->where('uuid', request()->route('database_uuid')) ->firstOrFail(); + $this->authorize('view', $database); + $this->database = $database; $this->project = $project; $this->environment = $environment; diff --git a/app/Livewire/Project/Database/Dragonfly/General.php b/app/Livewire/Project/Database/Dragonfly/General.php index 69633e302..9052a4749 100644 --- a/app/Livewire/Project/Database/Dragonfly/General.php +++ b/app/Livewire/Project/Database/Dragonfly/General.php @@ -62,6 +62,7 @@ public function getListeners() public function mount() { try { + $this->authorize('view', $this->database); $this->syncData(); $this->server = data_get($this->database, 'destination.server'); if (! $this->server) { diff --git a/app/Livewire/Project/Database/Import.php b/app/Livewire/Project/Database/Import.php index 3f974f63d..7d6ac3131 100644 --- a/app/Livewire/Project/Database/Import.php +++ b/app/Livewire/Project/Database/Import.php @@ -131,6 +131,7 @@ public function getContainers() if (is_null($resource)) { abort(404); } + $this->authorize('view', $resource); $this->resource = $resource; $this->server = $this->resource->destination->server; $this->container = $this->resource->uuid; diff --git a/app/Livewire/Project/Database/Keydb/General.php b/app/Livewire/Project/Database/Keydb/General.php index 20d0486dc..6d21988e7 100644 --- a/app/Livewire/Project/Database/Keydb/General.php +++ b/app/Livewire/Project/Database/Keydb/General.php @@ -64,6 +64,7 @@ public function getListeners() public function mount() { try { + $this->authorize('view', $this->database); $this->syncData(); $this->server = data_get($this->database, 'destination.server'); if (! $this->server) { diff --git a/app/Livewire/Project/Database/Mariadb/General.php b/app/Livewire/Project/Database/Mariadb/General.php index 4de73f61c..429cfc387 100644 --- a/app/Livewire/Project/Database/Mariadb/General.php +++ b/app/Livewire/Project/Database/Mariadb/General.php @@ -122,6 +122,7 @@ protected function messages(): array public function mount() { try { + $this->authorize('view', $this->database); $this->syncData(); $this->server = data_get($this->database, 'destination.server'); if (! $this->server) { diff --git a/app/Livewire/Project/Database/Mongodb/General.php b/app/Livewire/Project/Database/Mongodb/General.php index 534e90bc4..ae725fa4b 100644 --- a/app/Livewire/Project/Database/Mongodb/General.php +++ b/app/Livewire/Project/Database/Mongodb/General.php @@ -122,6 +122,7 @@ protected function messages(): array public function mount() { try { + $this->authorize('view', $this->database); $this->syncData(); $this->server = data_get($this->database, 'destination.server'); if (! $this->server) { diff --git a/app/Livewire/Project/Database/Mysql/General.php b/app/Livewire/Project/Database/Mysql/General.php index b66165527..cffedcd23 100644 --- a/app/Livewire/Project/Database/Mysql/General.php +++ b/app/Livewire/Project/Database/Mysql/General.php @@ -127,6 +127,7 @@ protected function messages(): array public function mount() { try { + $this->authorize('view', $this->database); $this->syncData(); $this->server = data_get($this->database, 'destination.server'); if (! $this->server) { diff --git a/app/Livewire/Project/Database/Postgresql/General.php b/app/Livewire/Project/Database/Postgresql/General.php index eae6870b6..3240aadd2 100644 --- a/app/Livewire/Project/Database/Postgresql/General.php +++ b/app/Livewire/Project/Database/Postgresql/General.php @@ -140,6 +140,7 @@ protected function messages(): array public function mount() { try { + $this->authorize('view', $this->database); $this->syncData(); $this->server = data_get($this->database, 'destination.server'); if (! $this->server) { diff --git a/app/Livewire/Project/Database/Redis/General.php b/app/Livewire/Project/Database/Redis/General.php index 6a17a6053..846614d21 100644 --- a/app/Livewire/Project/Database/Redis/General.php +++ b/app/Livewire/Project/Database/Redis/General.php @@ -115,6 +115,7 @@ protected function messages(): array public function mount() { try { + $this->authorize('view', $this->database); $this->syncData(); $this->server = data_get($this->database, 'destination.server'); if (! $this->server) {