fix(validation): add input validation for server advanced settings page (#9242)

Author: andrasbacsai

app/Http/Controllers/Api/ServersController.php

@@ -598,6 +598,11 @@ public function create_server(Request $request)
                         'is_build_server' => ['type' => 'boolean', 'description' => 'Is build server.'],
                         'instant_validate' => ['type' => 'boolean', 'description' => 'Instant validate.'],
                         'proxy_type' => ['type' => 'string', 'enum' => ['traefik', 'caddy', 'none'], 'description' => 'The proxy type.'],
+                        'concurrent_builds' => ['type' => 'integer', 'description' => 'Number of concurrent builds.'],
+                        'dynamic_timeout' => ['type' => 'integer', 'description' => 'Deployment timeout in seconds.'],
+                        'deployment_queue_limit' => ['type' => 'integer', 'description' => 'Maximum number of queued deployments.'],
+                        'server_disk_usage_notification_threshold' => ['type' => 'integer', 'description' => 'Server disk usage notification threshold (%).'],
+                        'server_disk_usage_check_frequency' => ['type' => 'string', 'description' => 'Cron expression for disk usage check frequency.'],
                     ],
                 ),
             ),
@@ -634,7 +639,7 @@ public function create_server(Request $request)
     )]
     public function update_server(Request $request)
     {
-        $allowedFields = ['name', 'description', 'ip', 'port', 'user', 'private_key_uuid', 'is_build_server', 'instant_validate', 'proxy_type'];
+        $allowedFields = ['name', 'description', 'ip', 'port', 'user', 'private_key_uuid', 'is_build_server', 'instant_validate', 'proxy_type', 'concurrent_builds', 'dynamic_timeout', 'deployment_queue_limit', 'server_disk_usage_notification_threshold', 'server_disk_usage_check_frequency'];
 
         $teamId = getTeamIdFromToken();
         if (is_null($teamId)) {
@@ -655,6 +660,11 @@ public function update_server(Request $request)
             'is_build_server' => 'boolean|nullable',
             'instant_validate' => 'boolean|nullable',
             'proxy_type' => 'string|nullable',
+            'concurrent_builds' => 'integer|min:1',
+            'dynamic_timeout' => 'integer|min:1',
+            'deployment_queue_limit' => 'integer|min:1',
+            'server_disk_usage_notification_threshold' => 'integer|min:1|max:100',
+            'server_disk_usage_check_frequency' => 'string',
         ]);
 
         $extraFields = array_diff(array_keys($request->all()), $allowedFields);
@@ -691,6 +701,19 @@ public function update_server(Request $request)
                 'is_build_server' => $request->is_build_server,
             ]);
         }
+
+        if ($request->has('server_disk_usage_check_frequency') && ! validate_cron_expression($request->server_disk_usage_check_frequency)) {
+            return response()->json([
+                'message' => 'Validation failed.',
+                'errors' => ['server_disk_usage_check_frequency' => ['Invalid Cron / Human expression for Disk Usage Check Frequency.']],
+            ], 422);
+        }
+
+        $advancedSettings = $request->only(['concurrent_builds', 'dynamic_timeout', 'deployment_queue_limit', 'server_disk_usage_notification_threshold', 'server_disk_usage_check_frequency']);
+        if (! empty($advancedSettings)) {
+            $server->settings()->update(array_filter($advancedSettings, fn ($value) => ! is_null($value)));
+        }
+
         if ($request->instant_validate) {
             ValidateServer::dispatch($server);
         }

app/Livewire/Server/Advanced.php

@@ -15,17 +15,17 @@ class Advanced extends Component
     #[Validate(['string'])]
     public string $serverDiskUsageCheckFrequency = '0 23 * * *';
 
-    #[Validate(['integer', 'min:1', 'max:99'])]
-    public int $serverDiskUsageNotificationThreshold = 50;
+    #[Validate(['required', 'integer', 'min:1', 'max:99'])]
+    public int|string $serverDiskUsageNotificationThreshold = 50;
 
-    #[Validate(['integer', 'min:1'])]
-    public int $concurrentBuilds = 1;
+    #[Validate(['required', 'integer', 'min:1'])]
+    public int|string $concurrentBuilds = 1;
 
-    #[Validate(['integer', 'min:1'])]
-    public int $dynamicTimeout = 1;
+    #[Validate(['required', 'integer', 'min:1'])]
+    public int|string $dynamicTimeout = 1;
 
-    #[Validate(['integer', 'min:1'])]
-    public int $deploymentQueueLimit = 25;
+    #[Validate(['required', 'integer', 'min:1'])]
+    public int|string $deploymentQueueLimit = 25;
 
     public function mount(string $server_uuid)
     {

resources/views/livewire/server/advanced.blade.php

@@ -22,6 +22,7 @@
                             id="serverDiskUsageCheckFrequency" label="Disk usage check frequency" required
                             helper="Cron expression for disk usage check frequency.<br>You can use every_minute, hourly, daily, weekly, monthly, yearly.<br><br>Default is every night at 11:00 PM." />
                         <x-forms.input canGate="update" :canResource="$server" id="serverDiskUsageNotificationThreshold"
+                            type="number" min="1" max="99"
                             label="Server disk usage notification threshold (%)" required
                             helper="If the server disk usage exceeds this threshold, Coolify will send a notification to the team members." />
                     </div>
@@ -31,12 +32,15 @@
                     <h3>Builds</h3>
                     <div class="flex flex-wrap gap-2 sm:flex-nowrap pt-4">
                         <x-forms.input canGate="update" :canResource="$server" id="concurrentBuilds"
+                            type="number" min="1"
                             label="Number of concurrent builds" required
                             helper="You can specify the number of simultaneous build processes/deployments that should run concurrently." />
                         <x-forms.input canGate="update" :canResource="$server" id="dynamicTimeout"
+                            type="number" min="1"
                             label="Deployment timeout (seconds)" required
                             helper="You can define the maximum duration for a deployment to run before timing it out." />
                         <x-forms.input canGate="update" :canResource="$server" id="deploymentQueueLimit"
+                            type="number" min="1"
                             label="Deployment queue limit" required
                             helper="Maximum number of queued deployments allowed. New deployments will be rejected with a 429 status when the limit is reached." />
                     </div>