fix(service): fix librechat healthcheck and upgrade meilisearch version#9357
Closed
GauthierPLM wants to merge 60 commits intocoollabsio:v4.xfrom
Closed
fix(service): fix librechat healthcheck and upgrade meilisearch version#9357GauthierPLM wants to merge 60 commits intocoollabsio:v4.xfrom
GauthierPLM wants to merge 60 commits intocoollabsio:v4.xfrom
Conversation
Adds syncFilesToGitHubRepo method to handle syncing install.sh, docker-compose, and env files to the coolify-cdn repository via a feature branch and PR. Supports both nightly and production environments.
- Bump coolify-realtime from 1.0.10 to 1.0.11 - Pin redis to 7-alpine across all compose files - Remove unnecessary quotes in extra_hosts entries
- Wrap notification calls in try-catch blocks to log failures instead - Prevent failed() method from overwriting successful backup status - Skip failure notifications if backup already completed successfully - Ensures post-backup errors (e.g. notification failures) never retroactively mark successful backups as failed Fixes coollabsio#9088
When preview environment variables are configured, fall back to production
variables for keys not overridden by preview values. This ensures variables
like DB_PASSWORD that exist only in production are available in the preview
.env file, enabling proper ${VAR} interpolation in docker-compose YAML.
Fallback only applies when preview variables are configured, preventing
unintended leakage of production values when previews aren't in use.
Also improves UI by hiding the Domains section when only database services
are present, and simplifies the logs view by removing status checks.
…e/buildtime flags (coollabsio#9164)
Add a new "Bug Fix Workflow (TDD)" section that establishes the strict test-driven development process for bug fixes. Clarify that every bug fix must follow TDD: write a failing test, fix the bug, verify the test passes without modification. Update the Key Conventions to reference this workflow.
…ivity lookups - Add team-scoped server validation to domains_by_server API endpoint - Filter applications and services to only those on the requested server - Scope ActivityMonitor activity lookups to the current team - Fix query param disambiguation (query vs route param) in domains endpoint - Fix undefined $ip variable in services domain collection Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add support for hiding sensitive command text while preserving output logs. When command_hidden is true, the command text is set to null in the main log entry but logged separately to the deployment queue with proper redaction. - Add command_hidden parameter to execute_remote_command and executeCommandWithProcess - When enabled, separates command visibility from output visibility - Fix operator precedence in type ternary expression
Add validateDatabasesBackupInput() helper that properly parses all database backup formats including MongoDB's "db:col1,col2|db2:col3" and validates each component individually. - Validate and escape collection names in DatabaseBackupJob - Replace comma-only split in BackupEdit with format-aware validation - Add input validation in API create_backup and update_backup endpoints - Add unit tests for collection name and multi-format validation Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…outes Apply the existing `can.access.terminal` middleware to `POST /terminal/auth` and `POST /terminal/auth/ips` routes, consistent with the `GET /terminal` route. Adds regression tests covering unauthenticated, member, admin, and owner roles. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…alidation - Add #[Locked] to server-set properties on Import component (resourceId, resourceType, serverId, resourceUuid, resourceDbType, container) to prevent client-side modification via Livewire wire protocol - Add container name validation in runImport() and restoreFromS3() using shared ValidationPatterns::isValidContainerName() - Scope server lookup to current team via ownedByCurrentTeam() - Consolidate duplicate container name regex from Import, ExecuteContainerCommand, and Terminal into shared ValidationPatterns::isValidContainerName() static helper - Add tests for container name validation, locked attributes, and team-scoped server lookup Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…ttern Previously, the SHELL_SAFE_COMMAND_PATTERN was overly restrictive and blocked legitimate characters needed for common Docker operations: - Allow & for command chaining with && in multi-step build commands - Allow " for build arguments with spaces (e.g., --build-arg KEY="value") Update validation messages to reflect the new allowed operators and refactor code to use imports instead of full class paths for better readability.
Add container name validation and shell argument escaping to startUnmanaged, stopUnmanaged, restartUnmanaged, and restartContainer methods, consistent with existing patterns used elsewhere in the codebase. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Ensure pre_deployment_command and post_deployment_command have consistent whitespace handling, matching the existing pattern used for health_check_command. Adds regression tests for the normalization behavior. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…mmands Apply proper shell escaping to all user-controlled values interpolated into backup shell commands (PostgreSQL username/password, MySQL/MariaDB root password, MongoDB URI). Also URL-encode MongoDB credentials before embedding in connection URI. Adds unit tests for escaping behavior. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Ensure all file volume paths are validated and properly escaped before use. Previously, only directory mount paths were validated at the input layer — file mount paths now receive the same treatment across Livewire components, API controllers, and the model layer. - Validate and escape fs_path at the top of saveStorageOnServer() before any commands are built - Add path validation to submitFileStorage() in Storage Livewire component - Add path validation to file mount creation in Applications, Services, and Databases API controllers - Add regression tests for path validation coverage Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Apply the same Docker volume name pattern validation to the API create and update storage endpoints for applications, databases, and services controllers. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Inline PrepareCoolifyTask and CoolifyTaskArgs into remote_process(), removing two single-consumer abstraction layers - Add #[Locked] attribute to ActivityMonitor $activityId property - Add team ownership verification in ActivityMonitor.hydrateActivity() with server_uuid fallback and fail-closed default - Store team_id in activity properties for proper scoping - Update CLAUDE.md to remove stale reference - Add comprehensive tests for activity monitor authorization Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add SafeExternalUrl validation rule that ensures URLs point to publicly-routable hosts. Apply to all GitHub source entry points (Livewire Create, Livewire Change, API create and update). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Refactor the invitation acceptance flow to use a landing page pattern: - GET shows invitation details (team name, role, confirmation button) - POST processes the acceptance with proper form submission - Remove unused revoke GET route (handled by Livewire component) - Add Blade view for the invitation landing page - Add feature tests for the new invitation flow Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Escape dynamic error messages with htmlspecialchars() before concatenating into HTML strings stored in validation_logs. Add a Purify-based mutator on Server model as defense-in-depth, with a dedicated HTMLPurifier config that allows only safe structural tags. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…et links - Fix circular cache dependency in TrustHosts where handle() checked cache before hosts() could populate it, causing host validation to never activate - Validate both Host and X-Forwarded-Host headers against trusted hosts list (X-Forwarded-Host is checked before TrustProxies applies it to the request) - Use base_url() instead of url() for password reset link generation so the URL is derived from server-side config (FQDN / public IP) instead of the request context - Strip port from X-Forwarded-Host before matching (e.g. host:443 → host) - Add tests for host validation, cache population, and reset URL generation Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…ell scripts Remove custom Artisan console commands (Horizon, Nightwatch, Scheduler) and refactor service startup logic directly into s6-overlay shell scripts. Check environment variables from .env instead of routing through Laravel config. Services now sleep when disabled instead of exiting immediately. Both development and production environments updated consistently.
- Add support for bracketed IPv6 addresses when FQDN is not configured - Harden password reset URL generation against X-Forwarded-Host header poisoning - Add test coverage for IPv6-only configurations with malicious headers - Update imports and clean up exception syntax in shared helpers
Extract and return the billing interval (month/year) from subscription pricing data in fetchPricePreview. Update the view to dynamically display the correct billing period based on the preview response instead of using static PHP logic.
Align log messages across all service startup scripts (horizon, nightwatch-agent, scheduler-worker) in both development and production environments to use a consistent " INFO " prefix format.
- Add INFO prefix to informational messages - Add ERROR prefix to error messages - Fix grammar and punctuation for consistency
…fallback
- Delegate host validation to parent class instead of custom implementation
- Update base_url() helper to use config('app.url') instead of url('/')
- Add test for APP_URL fallback when no FQDN or public IPs configured
- Remove dedicated TrustHostsMiddlewareTest (logic now tested via integration tests)
Add SafeWebhookUrl validation rule to notification webhook URL fields (Slack, Discord, custom webhook) to enforce safe URL patterns including scheme validation and hostname checks. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…tion Move the admin panel route into the existing auth middleware group and replace client-side redirects with server-side abort calls in the Livewire component. Extract shared authorization logic into reusable private methods. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Prevent server-side request forgery (SSRF) attacks by validating webhook URLs before sending requests. Blocks loopback addresses, cloud metadata endpoints, and localhost URLs. - Add SafeWebhookUrl rule validation in SendWebhookJob.handle() - Log warning when unsafe URLs are rejected - Add comprehensive unit tests covering valid and invalid URL scenarios
Replace mt_rand/rand with random_int for stronger randomness guarantees in verification code generation and Blade component keying. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Contributor
|
This PR did not pass quality checks so it will be closed. If you believe this is a mistake please let us know. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Changes
Issues
Category
Preview
AI Assistance
If AI was used:
Testing
Deploy the template as it ; the healthcheck now works.
Contributor Agreement
Important