dokploy

mirror of https://github.com/dokploy/dokploy.git synced 2026-06-13 19:09:49 +00:00

Files

T

Mauricio Siu c968a2755e fix: strip credentials from service-level API responses (#4564 )

* fix: strip credentials from service-level API responses

Registry passwords and S3 destination credentials were being returned
in service `.one` tRPC endpoints to any user with service-level read
access. Reported by Nihon Kohden Corporation security team.

- Strip registry `password` from `findApplicationById` via Drizzle `columns: { password: false }`
- Strip destination `accessKey`/`secretAccessKey` from all DB service finders (postgres, mysql, mariadb, mongo, libsql, compose, backup, volume-backups)
- Add `findRegistryByIdWithCredentials` for internal use only
- Builders and upload utils now load registry credentials by ID at execution time
- `createRollback` enriches `fullContext` with registry credentials before persisting to DB so rollback execution has what it needs
- Remove `findApplicationByIdWithCredentials` and `ApplicationNestedWithCredentials` — no longer needed
- Backup execution utils load full destination via `findDestinationById` at runtime instead of reading from the joined relation

* [autofix.ci] apply automated fixes

---------

Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>

2026-06-06 17:45:24 -06:00

scripts

fix(server): update build paths

2024-10-26 15:48:30 -06:00

src

fix: strip credentials from service-level API responses (#4564 )

2026-06-06 17:45:24 -06:00

auth-schema2.ts

stlye: format and lint

2026-03-30 09:34:27 +11:00

auth-schema.ts

Refactor user schema and update database references: rename 'users_temp' to 'user' across the codebase, update related database queries, and enhance endpoint specifications for swarm settings in various database schemas.