Isolate Users (#431)

* WIP to isolate users * Resolved issue with SSH AsUser Updated Isolated User Script to use Server User for Team Access Updated Path creation script to simplify for running as the isolated user * Included the server user * PHPMyAdmin script updated Wordpress Script Updated Updated Execute Script to support executing as isolated users * Issue Resolution & Resolved Failing Unit Tests * Fix for isolated_username vs user * Run the deploy as the isolated user * queue updates for isolated user * Support isolated users in cronjobs * script tests for isolated users * Queue tests for isolated users * Cronjob tests for isolated user * Removed default queue command for laravel apps * add default user to factory * laravel pint fixes * ensure echos are consistent * removed unneeded parameter * update * fix queues for isolated users * revert addslashes --------- Co-authored-by: Saeed Vaziry <mr.saeedvaziry@gmail.com>
2025-07-02 14:36:17 +00:00 · 2025-01-18 00:17:48 +00:00
parent 5947ae80bb
commit c1ae58772c
50 changed files with 717 additions and 69 deletions
--- a/app/Actions/CronJob/CreateCronJob.php
+++ b/app/Actions/CronJob/CreateCronJob.php
@ -6,6 +6,7 @@
 use App\Models\CronJob;
 use App\Models\Server;
 use App\ValidationRules\CronRule;
+use Illuminate\Validation\Rule;

 class CreateCronJob
 {
@ -27,7 +28,7 @@ public function create(Server $server, array $input): CronJob
        return $cronJob;
    }

-    public static function rules(array $input): array
+    public static function rules(array $input, Server $server): array
    {
        $rules = [
            'command' => [
@ -35,7 +36,7 @@ public static function rules(array $input): array
            ],
            'user' => [
                'required',
-                'in:root,'.config('core.ssh_user'),
+                Rule::in($server->getSshUsers()),
            ],
            'frequency' => [
                'required',
--- a/app/Actions/Queue/CreateQueue.php
+++ b/app/Actions/Queue/CreateQueue.php
@ -46,7 +46,7 @@ public function create(mixed $queueable, array $input): void
        })->onConnection('ssh');
    }

-    public static function rules(Server $server): array
+    public static function rules(Site $site): array
    {
        return [
            'command' => [
@ -56,7 +56,7 @@ public static function rules(Server $server): array
                'required',
                Rule::in([
                    'root',
-                    $server->ssh_user,
+                    $site->user,
                ]),
            ],
            'numprocs' => [
--- a/app/Actions/Script/ExecuteScript.php
+++ b/app/Actions/Script/ExecuteScript.php
@ -41,9 +41,11 @@ public function execute(Script $script, array $input): ScriptExecution

    public static function rules(array $input): array
    {
+        $users = ['root'];
        if (isset($input['server'])) {
            /** @var ?Server $server */
            $server = Server::query()->find($input['server']);
+            $users = $server->getSshUsers();
        }

        return [
@ -53,10 +55,7 @@ public static function rules(array $input): array
            ],
            'user' => [
                'required',
-                Rule::in([
-                    'root',
-                    isset($server) ? $server?->ssh_user : null,
-                ]),
+                Rule::in($users),
            ],
            'variables' => 'array',
            'variables.*' => [
--- a/app/Actions/Site/CreateSite.php
+++ b/app/Actions/Site/CreateSite.php
@ -23,12 +23,14 @@ public function create(Server $server, array $input): Site
    {
        DB::beginTransaction();
        try {
+            $user = $input['user'] ?? $server->getSshUser();
            $site = new Site([
                'server_id' => $server->id,
                'type' => $input['type'],
                'domain' => $input['domain'],
                'aliases' => $input['aliases'] ?? [],
-                'path' => '/home/'.$server->getSshUser().'/'.$input['domain'],
+                'user' => $user,
+                'path' => '/home/'.$user.'/'.$input['domain'],
                'status' => SiteStatus::INSTALLING,
            ]);

@ -108,6 +110,13 @@ public static function rules(Server $server, array $input): array
            'aliases.*' => [
                new DomainRule,
            ],
+            'user' => [
+                'regex:/^[a-z_][a-z0-9_-]*[a-z0-9]$/',
+                'min:3',
+                'max:32',
+                'unique:sites,user',
+                Rule::notIn($server->getSshUsers()),
+            ],
        ];

        return array_merge($rules, self::typeRules($server, $input));
--- a/app/Actions/Site/DeleteSite.php
+++ b/app/Actions/Site/DeleteSite.php
@ -3,6 +3,7 @@
 namespace App\Actions\Site;

 use App\Models\Site;
+use App\SSH\Services\PHP\PHP;
 use App\SSH\Services\Webserver\Webserver;

 class DeleteSite
@ -12,6 +13,16 @@ public function delete(Site $site): void
        /** @var Webserver $webserverHandler */
        $webserverHandler = $site->server->webserver()->handler();
        $webserverHandler->deleteSite($site);
+
+        if ($site->isIsolated()) {
+            /** @var PHP $php */
+            $php = $site->server->php()->handler();
+            $php->removeFpmPool($site->user, $site->php_version, $site->id);
+
+            $os = $site->server->os();
+            $os->deleteIsolatedUser($site->user);
+        }
+
        $site->delete();
    }
 }
--- a/app/Actions/Site/Deploy.php
+++ b/app/Actions/Site/Deploy.php
@ -48,7 +48,8 @@ public function run(Site $site): Deployment
                path: $site->path,
                script: $site->deploymentScript->content,
                serverLog: $log,
-                variables: $site->environmentVariables($deployment)
+                user: $site->user,
+                variables: $site->environmentVariables($deployment),
            );
            $deployment->status = DeploymentStatus::FINISHED;
            $deployment->save();