alexei.dolgolyov/tiny-forge
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(volume-browser): absolute scope with allowlist security

Browse Source 
- Add 'absolute' volume scope for direct host paths (NFS, external mounts)
- Allowlist in settings: allowed_volume_paths (JSON array of prefixes)
- Validation: absolute source must be under an allowed prefix
- Empty allowlist = absolute scope disabled entirely
- Settings API exposes/validates allowed_volume_paths
- Frontend type updated with absolute scope
This commit is contained in:
Admin
2026-04-01 23:31:27 +03:00
parent 0491849f0f
commit 582e7e39e3
8 changed files with 165 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files
web/src/lib/types.ts
+2 -1
View File
@@ -107,6 +107,7 @@ export interface Settings {
base_volume_path: string;
ssl_certificate_id: number;
stale_threshold_days: number;
allowed_volume_paths: string;
updated_at: string;
}
@@ -162,7 +163,7 @@ export interface EntityPickerItem {
}
/** Volume scope determines the sharing level. */
export type VolumeScope = 'instance' | 'stage' | 'project' | 'project_named' | 'named' | 'ephemeral';
export type VolumeScope = 'instance' | 'stage' | 'project' | 'project_named' | 'named' | 'ephemeral' | 'absolute';
/** Volume mount configuration for a project. */
export interface Volume {