Files
InvoiceShelf/app/Services/Storage/FileDiskService.php
Darko Gjorgjijoski ac2a8ca939 fix(security): gate AI tools by user ability and block admin-URL SSRF
The AI chat assistant scoped tool queries by company but ignored the
per-user Bouncer abilities the rest of the app enforces, so any `use ai`
holder could read customers, invoices, payments, and company financials
their role couldn't otherwise see. Each AiTool now declares a required
ability (entity-aligned); the registry hides unauthorized tools from the
model and refuses to execute them as a backstop.

Separately, admin/owner-supplied URLs were fetched server-side with no
guard against private/reserved targets (SSRF): the AI base URL, the
CurrencyConverter "DEDICATED" exchange-rate URL, and S3/Spaces file-disk
endpoints. A shared PrivateNetworkGuard now backs a PublicHttpUrl
validation rule (save-time) and runtime guards in each driver.

- AiTool::requiredAbility() + mapping across all 12 tools
- AiToolRegistry filters schemas() by ability and re-checks in execute()
- PrivateNetworkGuard / BlockedUrlException / PublicHttpUrl rule (new)
- Rule wired into AI config (service + 3 controllers), exchange-rate,
  and file-disk endpoints; runtime guards in OpenRouterDriver,
  CurrencyConverterDriver, and FileDiskService
- Tests for ability filtering, the guard, the rule, and 422 rejections
2026-06-05 00:01:09 +02:00

179 lines
5.2 KiB
PHP

<?php
namespace App\Services\Storage;
use App\Models\FileDisk;
use App\Support\Net\PrivateNetworkGuard;
use Illuminate\Http\Request;
class FileDiskService
{
public function create(Request $request): FileDisk
{
if ($request->set_as_default) {
$this->clearDefaults();
}
$credentials = $this->normalizeCredentials($request->credentials, $request->driver);
return FileDisk::create([
'credentials' => $credentials,
'name' => $request->name,
'driver' => $request->driver,
'set_as_default' => $request->set_as_default,
'company_id' => $request->header('company'),
]);
}
public function update(FileDisk $disk, Request $request): FileDisk
{
$credentials = $this->normalizeCredentials($request->credentials, $request->driver);
$data = [
'credentials' => $credentials,
'name' => $request->name,
'driver' => $request->driver,
];
if (! $disk->set_as_default) {
if ($request->set_as_default) {
$this->clearDefaults();
}
$data['set_as_default'] = $request->set_as_default;
}
$disk->update($data);
return $disk;
}
public function setAsDefault(FileDisk $disk): FileDisk
{
$this->clearDefaults();
$disk->set_as_default = true;
$disk->save();
return $disk;
}
/**
* Get the unique Laravel filesystem disk name for a FileDisk.
*/
public function getDiskName(FileDisk $disk): string
{
if ($disk->isSystem()) {
return $disk->name === 'public' ? 'public' : 'local';
}
return 'disk_'.$disk->id;
}
/**
* Register a FileDisk in the runtime filesystem configuration.
* Returns the Laravel disk name. Does NOT change filesystems.default.
*/
public function registerDisk(FileDisk $disk): string
{
$diskName = $this->getDiskName($disk);
// System disks are already in config/filesystems.php
if ($disk->isSystem()) {
return $diskName;
}
$credentials = $disk->getDecodedCredentials();
$baseConfig = config('filesystems.disks.'.$disk->driver, []);
foreach ($baseConfig as $key => $value) {
if ($credentials->has($key)) {
$baseConfig[$key] = $credentials[$key];
}
}
// Resolve relative local roots to storage/app/{path}
if ($disk->driver === 'local' && isset($baseConfig['root']) && ! str_starts_with($baseConfig['root'], '/')) {
$baseConfig['root'] = storage_path('app/'.$baseConfig['root']);
}
config(['filesystems.disks.'.$diskName => $baseConfig]);
return $diskName;
}
public function validateCredentials(array $credentials, string $driver): bool
{
// SSRF guard: reject S3/Spaces (or any) endpoints that resolve to a
// private or reserved host before we make a live request to them.
if (isset($credentials['endpoint'])
&& is_string($credentials['endpoint'])
&& $credentials['endpoint'] !== ''
&& PrivateNetworkGuard::blockedReason($credentials['endpoint']) !== null) {
return false;
}
// Create a temporary disk config for validation
$baseConfig = config('filesystems.disks.'.$driver, []);
foreach ($baseConfig as $key => $value) {
if (isset($credentials[$key])) {
$baseConfig[$key] = $credentials[$key];
}
}
if ($driver === 'local' && isset($baseConfig['root']) && ! str_starts_with($baseConfig['root'], '/')) {
$baseConfig['root'] = storage_path('app/'.$baseConfig['root']);
}
$tempDiskName = 'validation_temp';
config(['filesystems.disks.'.$tempDiskName => $baseConfig]);
try {
$root = '';
if ($driver == 'dropbox') {
$root = $credentials['root'].'/';
}
\Storage::disk($tempDiskName)->put($root.'invoiceshelf_temp.text', 'Check Credentials');
if (\Storage::disk($tempDiskName)->exists($root.'invoiceshelf_temp.text')) {
\Storage::disk($tempDiskName)->delete($root.'invoiceshelf_temp.text');
return true;
}
} catch (\Exception $e) {
return false;
}
return false;
}
/**
* For local disks, strip any absolute prefix and store the root
* as a path relative to storage/app. At runtime the path is
* resolved to an absolute path via storage_path().
*/
private function normalizeCredentials(array $credentials, string $driver): array
{
if ($driver === 'local' && isset($credentials['root'])) {
$root = $credentials['root'];
$storageApp = storage_path('app').'/';
if (str_starts_with($root, $storageApp)) {
$root = substr($root, strlen($storageApp));
}
$root = ltrim($root, '/');
$credentials['root'] = $root;
}
return $credentials;
}
private function clearDefaults(): void
{
FileDisk::query()->update(['set_as_default' => false]);
}
}