e7bbd45408
- Validate content (required string, min:10, max:2000) in OtherController@feedback - Register 'feedback' named rate limiter (3/min per user or IP) in RouteServiceProvider - Apply throttle:feedback middleware to POST /api/feedback - Forward to Discord with allowed_mentions.parse=[] and a 5s HTTP timeout Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
193 lines
6 KiB
PHP
193 lines
6 KiB
PHP
<?php
|
|
|
|
namespace App\Http\Controllers\Api;
|
|
|
|
use App\Http\Controllers\Controller;
|
|
use Illuminate\Http\Request;
|
|
use Illuminate\Support\Facades\Http;
|
|
use OpenApi\Attributes as OA;
|
|
|
|
class OtherController extends Controller
|
|
{
|
|
#[OA\Get(
|
|
summary: 'Version',
|
|
description: 'Get Coolify version.',
|
|
path: '/version',
|
|
operationId: 'version',
|
|
security: [
|
|
['bearerAuth' => []],
|
|
],
|
|
responses: [
|
|
new OA\Response(
|
|
response: 200,
|
|
description: 'Returns the version of the application',
|
|
content: new OA\MediaType(
|
|
mediaType: 'text/html',
|
|
schema: new OA\Schema(type: 'string'),
|
|
example: 'v4.0.0',
|
|
)),
|
|
new OA\Response(
|
|
response: 401,
|
|
ref: '#/components/responses/401',
|
|
),
|
|
new OA\Response(
|
|
response: 400,
|
|
ref: '#/components/responses/400',
|
|
),
|
|
]
|
|
)]
|
|
public function version(Request $request)
|
|
{
|
|
return response(config('constants.coolify.version'));
|
|
}
|
|
|
|
#[OA\Get(
|
|
summary: 'Enable API',
|
|
description: 'Enable API (only with root permissions).',
|
|
path: '/enable',
|
|
operationId: 'enable-api',
|
|
security: [
|
|
['bearerAuth' => []],
|
|
],
|
|
responses: [
|
|
new OA\Response(
|
|
response: 200,
|
|
description: 'Enable API.',
|
|
content: new OA\JsonContent(
|
|
type: 'object',
|
|
properties: [
|
|
new OA\Property(property: 'message', type: 'string', example: 'API enabled.'),
|
|
]
|
|
)),
|
|
new OA\Response(
|
|
response: 403,
|
|
description: 'You are not allowed to enable the API.',
|
|
content: new OA\JsonContent(
|
|
type: 'object',
|
|
properties: [
|
|
new OA\Property(property: 'message', type: 'string', example: 'You are not allowed to enable the API.'),
|
|
]
|
|
)),
|
|
new OA\Response(
|
|
response: 401,
|
|
ref: '#/components/responses/401',
|
|
),
|
|
new OA\Response(
|
|
response: 400,
|
|
ref: '#/components/responses/400',
|
|
),
|
|
]
|
|
)]
|
|
public function enable_api(Request $request)
|
|
{
|
|
$teamId = getTeamIdFromToken();
|
|
if (is_null($teamId)) {
|
|
return invalidTokenResponse();
|
|
}
|
|
if ($teamId !== '0') {
|
|
return response()->json(['message' => 'You are not allowed to enable the API.'], 403);
|
|
}
|
|
$settings = instanceSettings();
|
|
$settings->update(['is_api_enabled' => true]);
|
|
|
|
return response()->json(['message' => 'API enabled.'], 200);
|
|
}
|
|
|
|
#[OA\Get(
|
|
summary: 'Disable API',
|
|
description: 'Disable API (only with root permissions).',
|
|
path: '/disable',
|
|
operationId: 'disable-api',
|
|
security: [
|
|
['bearerAuth' => []],
|
|
],
|
|
responses: [
|
|
new OA\Response(
|
|
response: 200,
|
|
description: 'Disable API.',
|
|
content: new OA\JsonContent(
|
|
type: 'object',
|
|
properties: [
|
|
new OA\Property(property: 'message', type: 'string', example: 'API disabled.'),
|
|
]
|
|
)),
|
|
new OA\Response(
|
|
response: 403,
|
|
description: 'You are not allowed to disable the API.',
|
|
content: new OA\JsonContent(
|
|
type: 'object',
|
|
properties: [
|
|
new OA\Property(property: 'message', type: 'string', example: 'You are not allowed to disable the API.'),
|
|
]
|
|
)),
|
|
new OA\Response(
|
|
response: 401,
|
|
ref: '#/components/responses/401',
|
|
),
|
|
new OA\Response(
|
|
response: 400,
|
|
ref: '#/components/responses/400',
|
|
),
|
|
]
|
|
)]
|
|
public function disable_api(Request $request)
|
|
{
|
|
$teamId = getTeamIdFromToken();
|
|
if (is_null($teamId)) {
|
|
return invalidTokenResponse();
|
|
}
|
|
if ($teamId !== '0') {
|
|
return response()->json(['message' => 'You are not allowed to disable the API.'], 403);
|
|
}
|
|
$settings = instanceSettings();
|
|
$settings->update(['is_api_enabled' => false]);
|
|
|
|
return response()->json(['message' => 'API disabled.'], 200);
|
|
}
|
|
|
|
public function feedback(Request $request)
|
|
{
|
|
$data = $request->validate([
|
|
'content' => ['required', 'string', 'min:10', 'max:2000'],
|
|
]);
|
|
|
|
$webhook_url = config('constants.webhooks.feedback_discord_webhook');
|
|
if ($webhook_url) {
|
|
Http::timeout(5)->post($webhook_url, [
|
|
'content' => $data['content'],
|
|
'allowed_mentions' => ['parse' => []],
|
|
]);
|
|
}
|
|
|
|
return response()->json(['message' => 'Feedback sent.'], 200);
|
|
}
|
|
|
|
#[OA\Get(
|
|
summary: 'Healthcheck',
|
|
description: 'Healthcheck endpoint.',
|
|
path: '/health',
|
|
operationId: 'healthcheck',
|
|
responses: [
|
|
new OA\Response(
|
|
response: 200,
|
|
description: 'Healthcheck endpoint.',
|
|
content: new OA\MediaType(
|
|
mediaType: 'text/html',
|
|
schema: new OA\Schema(type: 'string'),
|
|
example: 'OK',
|
|
)),
|
|
new OA\Response(
|
|
response: 401,
|
|
ref: '#/components/responses/401',
|
|
),
|
|
new OA\Response(
|
|
response: 400,
|
|
ref: '#/components/responses/400',
|
|
),
|
|
]
|
|
)]
|
|
public function healthcheck(Request $request)
|
|
{
|
|
return 'OK';
|
|
}
|
|
}
|