upaas

Author	SHA1	Message	Date
clawbot	0f3e99f7cc	test: add IDOR tests for resource deletion ownership verification Tests demonstrate that env vars, labels, volumes, and ports can be deleted via another app's URL path without ownership checks. All 4 tests fail, confirming the vulnerability described in #19.	2026-02-15 20:52:19 -08:00
sneak	dc6500eac6	Fix repository cloning when running inside a container Use DataDir/builds instead of /tmp for clone directories so that bind mounts work correctly when upaas itself runs in a Docker container. The /tmp directory inside the upaas container isn't accessible to the Docker daemon on the host, causing bind mount failures. Also fix test setups to pass Config to deploy service and add delay to webhook test to avoid temp directory cleanup race with async deployment goroutine.	2025-12-29 17:02:01 +07:00
sneak	daaf00893c	Implement container logs handler - Add Docker client to handlers for container operations - Implement HandleAppLogs() to fetch and return container logs - Support ?tail=N query parameter (default 500 lines) - Handle missing container gracefully	2025-12-29 15:48:23 +07:00
sneak	3f9d83c436	Initial commit with server startup infrastructure Core infrastructure: - Uber fx dependency injection - Chi router with middleware stack - SQLite database with embedded migrations - Embedded templates and static assets - Structured logging with slog Features implemented: - Authentication (login, logout, session management, argon2id hashing) - App management (create, edit, delete, list) - Deployment pipeline (clone, build, deploy, health check) - Webhook processing for Gitea - Notifications (ntfy, Slack) - Environment variables, labels, volumes per app - SSH key generation for deploy keys Server startup: - Server.Run() starts HTTP server on configured port - Server.Shutdown() for graceful shutdown - SetupRoutes() wires all handlers with chi router	2025-12-29 15:46:03 +07:00

4 Commits