Files
InvoiceShelf/app/Http/Requests/DiskEnvironmentRequest.php
Darko Gjorgjijoski ac2a8ca939 fix(security): gate AI tools by user ability and block admin-URL SSRF
The AI chat assistant scoped tool queries by company but ignored the
per-user Bouncer abilities the rest of the app enforces, so any `use ai`
holder could read customers, invoices, payments, and company financials
their role couldn't otherwise see. Each AiTool now declares a required
ability (entity-aligned); the registry hides unauthorized tools from the
model and refuses to execute them as a backstop.

Separately, admin/owner-supplied URLs were fetched server-side with no
guard against private/reserved targets (SSRF): the AI base URL, the
CurrencyConverter "DEDICATED" exchange-rate URL, and S3/Spaces file-disk
endpoints. A shared PrivateNetworkGuard now backs a PublicHttpUrl
validation rule (save-time) and runtime guards in each driver.

- AiTool::requiredAbility() + mapping across all 12 tools
- AiToolRegistry filters schemas() by ability and re-checks in execute()
- PrivateNetworkGuard / BlockedUrlException / PublicHttpUrl rule (new)
- Rule wired into AI config (service + 3 controllers), exchange-rate,
  and file-disk endpoints; runtime guards in OpenRouterDriver,
  CurrencyConverterDriver, and FileDiskService
- Tests for ability filtering, the guard, the rule, and 422 rejections
2026-06-05 00:01:09 +02:00

128 lines
3.4 KiB
PHP

<?php
namespace App\Http\Requests;
use App\Rules\PublicHttpUrl;
use Illuminate\Foundation\Http\FormRequest;
class DiskEnvironmentRequest extends FormRequest
{
/**
* Determine if the user is authorized to make this request.
*/
public function authorize(): bool
{
return true;
}
/**
* Get the validation rules that apply to the request.
*/
public function rules(): array
{
$rules = [];
switch ($this->get('driver')) {
case 's3':
$rules = [
'credentials.key' => [
'required',
'string',
],
'credentials.secret' => [
'required',
'string',
],
'credentials.region' => [
'required',
'string',
],
'credentials.bucket' => [
'required',
'string',
],
'credentials.endpoint' => [
'nullable',
'string',
'url',
new PublicHttpUrl,
],
'credentials.root' => [
'required',
'string',
],
];
break;
case 'doSpaces':
$rules = [
'credentials.key' => [
'required',
'string',
],
'credentials.secret' => [
'required',
'string',
],
'credentials.region' => [
'required',
'string',
],
'credentials.bucket' => [
'required',
'string',
],
'credentials.endpoint' => [
'required',
'string',
'url',
new PublicHttpUrl,
],
'credentials.root' => [
'required',
'string',
],
];
break;
case 'dropbox':
$rules = [
'credentials.token' => [
'required',
'string',
],
'credentials.key' => [
'required',
'string',
],
'credentials.secret' => [
'required',
'string',
],
'credentials.app' => [
'required',
'string',
],
'credentials.root' => [
'required',
'string',
],
];
break;
}
$defaultRules = [
'name' => [
'required',
],
'driver' => [
'required',
],
];
return array_merge($rules, $defaultRules);
}
}