Isolate Users (#431)

* WIP to isolate users * Resolved issue with SSH AsUser Updated Isolated User Script to use Server User for Team Access Updated Path creation script to simplify for running as the isolated user * Included the server user * PHPMyAdmin script updated Wordpress Script Updated Updated Execute Script to support executing as isolated users * Issue Resolution & Resolved Failing Unit Tests * Fix for isolated_username vs user * Run the deploy as the isolated user * queue updates for isolated user * Support isolated users in cronjobs * script tests for isolated users * Queue tests for isolated users * Cronjob tests for isolated user * Removed default queue command for laravel apps * add default user to factory * laravel pint fixes * ensure echos are consistent * removed unneeded parameter * update * fix queues for isolated users * revert addslashes --------- Co-authored-by: Saeed Vaziry <mr.saeedvaziry@gmail.com>
2025-07-02 22:46:16 +00:00 · 2025-01-18 00:17:48 +00:00
parent 5947ae80bb
commit c1ae58772c
50 changed files with 717 additions and 69 deletions
--- a/app/Models/Site.php
+++ b/app/Models/Site.php
@ -7,6 +7,7 @@
 use App\Exceptions\SourceControlIsNotConnected;
 use App\Exceptions\SSHError;
 use App\SiteTypes\SiteType;
+use App\SSH\Services\PHP\PHP;
 use App\SSH\Services\Webserver\Webserver;
 use App\Traits\HasProjectThroughServer;
 use Illuminate\Database\Eloquent\Factories\HasFactory;
@ -33,6 +34,7 @@
 * @property string $status
 * @property int $port
 * @property int $progress
+ * @property string $user
 * @property Server $server
 * @property ServerLog[] $logs
 * @property Deployment[] $deployments
@ -68,6 +70,7 @@ class Site extends AbstractModel
        'status',
        'port',
        'progress',
+        'user',
    ];

    protected $casts = [
@ -200,6 +203,14 @@ public function changePHPVersion($version): void
        /** @var Webserver $handler */
        $handler = $this->server->webserver()->handler();
        $handler->changePHPVersion($this, $version);
+
+        if ($this->isIsolated()) {
+            /** @var PHP $php */
+            $php = $this->server->php()->handler();
+            $php->removeFpmPool($this->user, $this->php_version, $this->id);
+            $php->createFpmPool($this->user, $version, $this->id);
+        }
+
        $this->php_version = $version;
        $this->save();
    }
@ -307,4 +318,31 @@ public function environmentVariables(?Deployment $deployment = null): array
            'PHP_PATH' => '/usr/bin/php'.$this->php_version,
        ];
    }
+
+    public function isolate(): void
+    {
+        if (! $this->isIsolated()) {
+            return;
+        }
+
+        $this->server->os()->createIsolatedUser(
+            $this->user,
+            Str::random(15),
+            $this->id
+        );
+
+        // Generate the FPM pool
+        /** @var PHP $php */
+        $php = $this->php()->handler();
+        $php->createFpmPool(
+            $this->user,
+            $this->php_version,
+            $this->id
+        );
+    }
+
+    public function isIsolated(): bool
+    {
+        return $this->user != $this->server->getSshUser();
+    }
 }