coolify

rosslh/coolify

Fork 0

Commit graph

Author	SHA1	Message	Date
Andras Bacsai	00d6e83e7f	fix(sentinel): auto-regenerate invalid or undecryptable tokens Replace hard validation error with self-healing token logic. Tokens that are null, empty, or fail decryption are now regenerated automatically rather than crashing sentinel startup or metrics reads. Token format changed from encrypted JSON payload to a plain 64-char random string (Str::random), eliminating double-encryption issues and simplifying the validation regex to cover the new character set. New `ensureValidSentinelToken()` method on ServerSetting centralises the get-or-regenerate contract; both StartSentinel and HasMetrics now delegate to it. HasMetrics logs a warning when regeneration occurs so operators know a sentinel container restart is required. `isValidSentinelToken()` now accepts `?string` (null → false). Adds feature tests covering: null/empty/undecryptable stored values, idempotent return of valid tokens, RuntimeException only when regeneration itself produces an invalid token, no double-encryption of newly generated tokens, and cast round-trip consistency.	2026-04-29 16:44:12 +02:00
Andras Bacsai	096d4369e5	fix(sentinel): add token validation to prevent command injection Add validation to ensure sentinel tokens contain only safe characters (alphanumeric, dots, hyphens, underscores, plus, forward slash, equals), preventing OS command injection vulnerabilities when tokens are interpolated into shell commands. - Add ServerSetting::isValidSentinelToken() validation method - Validate tokens in StartSentinel action and metrics queries - Improve shell argument escaping with escapeshellarg() - Add comprehensive test coverage for token validation	2026-03-10 22:19:19 +01:00
Andras Bacsai	a8aa452475	fix: prevent metric charts from freezing when navigating with wire:navigate Wraps inline chart initialization scripts in IIFEs to create local scope for variables. This prevents "Identifier has already been declared" errors when Livewire's SPA navigation re-executes scripts, allowing smooth navigation between metrics pages without page refresh. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>	2026-01-02 12:36:17 +01:00

Author

SHA1

Message

Date

Andras Bacsai

00d6e83e7f

fix(sentinel): auto-regenerate invalid or undecryptable tokens

Replace hard validation error with self-healing token logic. Tokens that
are null, empty, or fail decryption are now regenerated automatically
rather than crashing sentinel startup or metrics reads.

Token format changed from encrypted JSON payload to a plain 64-char
random string (Str::random), eliminating double-encryption issues and
simplifying the validation regex to cover the new character set.

New `ensureValidSentinelToken()` method on ServerSetting centralises
the get-or-regenerate contract; both StartSentinel and HasMetrics now
delegate to it. HasMetrics logs a warning when regeneration occurs so
operators know a sentinel container restart is required.

`isValidSentinelToken()` now accepts `?string` (null → false).

Adds feature tests covering: null/empty/undecryptable stored values,
idempotent return of valid tokens, RuntimeException only when
regeneration itself produces an invalid token, no double-encryption of
newly generated tokens, and cast round-trip consistency.

2026-04-29 16:44:12 +02:00

Andras Bacsai

096d4369e5

fix(sentinel): add token validation to prevent command injection

Add validation to ensure sentinel tokens contain only safe characters
(alphanumeric, dots, hyphens, underscores, plus, forward slash, equals),
preventing OS command injection vulnerabilities when tokens are
interpolated into shell commands.

- Add ServerSetting::isValidSentinelToken() validation method
- Validate tokens in StartSentinel action and metrics queries
- Improve shell argument escaping with escapeshellarg()
- Add comprehensive test coverage for token validation

2026-03-10 22:19:19 +01:00

Andras Bacsai

a8aa452475

fix: prevent metric charts from freezing when navigating with wire:navigate

Wraps inline chart initialization scripts in IIFEs to create local scope for variables. This prevents "Identifier has already been declared" errors when Livewire's SPA navigation re-executes scripts, allowing smooth navigation between metrics pages without page refresh.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>

2026-01-02 12:36:17 +01:00

3 commits