The registry password is visible when calling the api project.all - Githubissues

Dokploy / dokploy

Open Source Alternative to Vercel, Netlify and Heroku.

https://dokploy.com/

Other

9.32k stars 459 forks source link

The registry password is visible when calling the api project.all #635

Open jmischler72 opened 3 weeks ago

jmischler72 commented 3 weeks ago

To Reproduce

When calling the api with

curl -X 'GET' \
  'https://your-domain/api/project.all' \
  -H 'accept: application/json'
  -H 'Authorization: Bearer <token>'

Current vs. Expected behavior

The response provides the column password with the password of the docker registry, it shouldnt be sent

Provide environment information

Dokploy Version: v0.10.7

Which area(s) are affected? (Select all that apply)

Application

Additional context

It seems that in the server/src/services/application.ts, the findApplicationById is configured with:

{
    project: true,
    domains: true,
    deployments: true,
    mounts: true,
    redirects: true,
    security: true,
    ports: true,
    registry: true,
    gitlab: true,
    github: true,
    bitbucket: true,
    server: true,
},

I think the registry part should hide the column password