feat(bitbucket): add bitbucketEmail field to Bitbucket provider settings and update related API and database schema

apps/dokploy/components/dashboard/settings/git/bitbucket/add-bitbucket-provider.tsx

@@ -1,7 +1,6 @@
 import { zodResolver } from "@hookform/resolvers/zod";
 import { ExternalLink } from "lucide-react";
 import Link from "next/link";
-import { useRouter } from "next/router";
 import { useEffect, useState } from "react";
 import { useForm } from "react-hook-form";
 import { toast } from "sonner";
@@ -27,11 +26,11 @@ import {
 } from "@/components/ui/form";
 import { Input } from "@/components/ui/input";
 import { api } from "@/utils/api";
-import { useUrl } from "@/utils/hooks/use-url";
 
 const Schema = z.object({
 	name: z.string().min(1, { message: "Name is required" }),
 	username: z.string().min(1, { message: "Username is required" }),
+	email: z.string().email().optional(),
 	apiToken: z.string().min(1, { message: "API Token is required" }),
 	workspaceName: z.string().optional(),
 });
@@ -55,6 +54,7 @@ export const AddBitbucketProvider = () => {
 	useEffect(() => {
 		form.reset({
 			username: "",
+			email: "",
 			apiToken: "",
 			workspaceName: "",
 		});
@@ -67,6 +67,7 @@ export const AddBitbucketProvider = () => {
 			bitbucketWorkspaceName: data.workspaceName || "",
 			authId: auth?.id || "",
 			name: data.name || "",
+			bitbucketEmail: data.email || "",
 		})
 			.then(async () => {
 				await utils.gitProvider.getAll.invalidate();
@@ -128,12 +129,11 @@ export const AddBitbucketProvider = () => {
 									permissions:
 								</p>
 								<ul className="list-disc list-inside ml-4 text-sm text-muted-foreground">
-									<li>Account: Read</li>
+									<li>read:repository:bitbucket</li>
-									<li>Workspace membership: Read</li>
+									<li>read:pullrequest:bitbucket</li>
-									<li>Projects: Read</li>
+									<li>read:webhook:bitbucket</li>
-									<li>Repositories: Read</li>
+									<li>read:workspace:bitbucket</li>
-									<li>Pull requests: Read</li>
+									<li>write:webhook:bitbucket</li>
-									<li>Webhooks: Read and write</li>
 								</ul>
 
 								<FormField
@@ -169,6 +169,20 @@ export const AddBitbucketProvider = () => {
 									)}
 								/>
 
+								<FormField
+									control={form.control}
+									name="email"
+									render={({ field }) => (
+										<FormItem>
+											<FormLabel>Bitbucket Email</FormLabel>
+											<FormControl>
+												<Input placeholder="Your Bitbucket email" {...field} />
+											</FormControl>
+											<FormMessage />
+										</FormItem>
+									)}
+								/>
+
 								<FormField
 									control={form.control}
 									name="apiToken"

apps/dokploy/components/dashboard/settings/git/bitbucket/edit-bitbucket-provider.tsx

@@ -33,7 +33,10 @@ const Schema = z.object({
 	username: z.string().min(1, {
 		message: "Username is required",
 	}),
+	email: z.string().email().optional(),
 	workspaceName: z.string().optional(),
+	apiToken: z.string().optional(),
+	appPassword: z.string().optional(),
 });
 
 type Schema = z.infer<typeof Schema>;
@@ -60,19 +63,28 @@ export const EditBitbucketProvider = ({ bitbucketId }: Props) => {
 	const form = useForm<Schema>({
 		defaultValues: {
 			username: "",
+			email: "",
 			workspaceName: "",
+			apiToken: "",
+			appPassword: "",
 		},
 		resolver: zodResolver(Schema),
 	});
 
 	const username = form.watch("username");
+	const email = form.watch("email");
 	const workspaceName = form.watch("workspaceName");
+	const apiToken = form.watch("apiToken");
+	const appPassword = form.watch("appPassword");
 
 	useEffect(() => {
 		form.reset({
 			username: bitbucket?.bitbucketUsername || "",
+			email: bitbucket?.bitbucketEmail || "",
 			workspaceName: bitbucket?.bitbucketWorkspaceName || "",
 			name: bitbucket?.gitProvider.name || "",
+			apiToken: bitbucket?.apiToken || "",
+			appPassword: bitbucket?.appPassword || "",
 		});
 	}, [form, isOpen, bitbucket]);
 
@@ -81,8 +93,11 @@ export const EditBitbucketProvider = ({ bitbucketId }: Props) => {
 			bitbucketId,
 			gitProviderId: bitbucket?.gitProviderId || "",
 			bitbucketUsername: data.username,
+			bitbucketEmail: data.email || "",
 			bitbucketWorkspaceName: data.workspaceName || "",
 			name: data.name || "",
+			apiToken: data.apiToken || "",
+			appPassword: data.appPassword || "",
 		})
 			.then(async () => {
 				await utils.gitProvider.getAll.invalidate();
@@ -122,8 +137,9 @@ export const EditBitbucketProvider = ({ bitbucketId }: Props) => {
 						<CardContent className="p-0">
 							<div className="flex flex-col gap-4">
 								<p className="text-muted-foreground text-sm">
-									For security, credentials (API Token/App Password) can’t be
+									Update your Bitbucket authentication. Use API Token for
-									edited. To change them, create a new Bitbucket provider.
+									enhanced security (recommended) or App Password for legacy
+									support.
 								</p>
 
 								<FormField
@@ -159,6 +175,24 @@ export const EditBitbucketProvider = ({ bitbucketId }: Props) => {
 									)}
 								/>
 
+								<FormField
+									control={form.control}
+									name="email"
+									render={({ field }) => (
+										<FormItem>
+											<FormLabel>Email (Required for API Tokens)</FormLabel>
+											<FormControl>
+												<Input
+													type="email"
+													placeholder="Your Bitbucket email address"
+													{...field}
+												/>
+											</FormControl>
+											<FormMessage />
+										</FormItem>
+									)}
+								/>
+
 								<FormField
 									control={form.control}
 									name="workspaceName"
@@ -176,6 +210,49 @@ export const EditBitbucketProvider = ({ bitbucketId }: Props) => {
 									)}
 								/>
 
+								<div className="flex flex-col gap-2 border-t pt-4">
+									<h3 className="text-sm font-medium mb-2">
+										Authentication (Update to use API Token)
+									</h3>
+									<FormField
+										control={form.control}
+										name="apiToken"
+										render={({ field }) => (
+											<FormItem>
+												<FormLabel>API Token (Recommended)</FormLabel>
+												<FormControl>
+													<Input
+														type="password"
+														placeholder="Enter your Bitbucket API Token"
+														{...field}
+													/>
+												</FormControl>
+												<FormMessage />
+											</FormItem>
+										)}
+									/>
+
+									<FormField
+										control={form.control}
+										name="appPassword"
+										render={({ field }) => (
+											<FormItem>
+												<FormLabel>
+													App Password (Legacy - will be deprecated June 2026)
+												</FormLabel>
+												<FormControl>
+													<Input
+														type="password"
+														placeholder="Enter your Bitbucket App Password"
+														{...field}
+													/>
+												</FormControl>
+												<FormMessage />
+											</FormItem>
+										)}
+									/>
+								</div>
+
 								<div className="flex w-full justify-between gap-4 mt-4">
 									<Button
 										type="button"
@@ -185,7 +262,10 @@ export const EditBitbucketProvider = ({ bitbucketId }: Props) => {
 											await testConnection({
 												bitbucketId,
 												bitbucketUsername: username,
+												bitbucketEmail: email,
 												workspaceName: workspaceName,
+												apiToken: apiToken,
+												appPassword: appPassword,
 											})
 												.then(async (message) => {
 													toast.info(`Message: ${message}`);

apps/dokploy/drizzle/0112_freezing_skrulls.sql

@@ -0,0 +1 @@
+ALTER TABLE "bitbucket" ADD COLUMN "bitbucketEmail" text;

apps/dokploy/drizzle/meta/_journal.json

@@ -785,6 +785,13 @@
       "when": 1758445844561,
       "tag": "0111_mushy_wolfsbane",
       "breakpoints": true
+    },
+    {
+      "idx": 112,
+      "version": "7",
+      "when": 1758483520214,
+      "tag": "0112_freezing_skrulls",
+      "breakpoints": true
     }
   ]
 }

packages/server/src/db/schema/bitbucket.ts

@@ -11,6 +11,7 @@ export const bitbucket = pgTable("bitbucket", {
 		.primaryKey()
 		.$defaultFn(() => nanoid()),
 	bitbucketUsername: text("bitbucketUsername"),
+	bitbucketEmail: text("bitbucketEmail"),
 	appPassword: text("appPassword"),
 	apiToken: text("apiToken"),
 	bitbucketWorkspaceName: text("bitbucketWorkspaceName"),
@@ -30,6 +31,7 @@ const createSchema = createInsertSchema(bitbucket);
 
 export const apiCreateBitbucket = createSchema.extend({
 	bitbucketUsername: z.string().optional(),
+	bitbucketEmail: z.string().email().optional(),
 	appPassword: z.string().optional(),
 	apiToken: z.string().optional(),
 	bitbucketWorkspaceName: z.string().optional(),
@@ -48,9 +50,19 @@ export const apiBitbucketTestConnection = createSchema
 	.extend({
 		bitbucketId: z.string().min(1),
 		bitbucketUsername: z.string().optional(),
+		bitbucketEmail: z.string().email().optional(),
 		workspaceName: z.string().optional(),
+		apiToken: z.string().optional(),
+		appPassword: z.string().optional(),
 	})
-	.pick({ bitbucketId: true, bitbucketUsername: true, workspaceName: true });
+	.pick({
+		bitbucketId: true,
+		bitbucketUsername: true,
+		bitbucketEmail: true,
+		workspaceName: true,
+		apiToken: true,
+		appPassword: true,
+	});
 
 export const apiFindBitbucketBranches = z.object({
 	owner: z.string(),
@@ -62,6 +74,9 @@ export const apiUpdateBitbucket = createSchema.extend({
 	bitbucketId: z.string().min(1),
 	name: z.string().min(1),
 	bitbucketUsername: z.string().optional(),
+	bitbucketEmail: z.string().email().optional(),
+	appPassword: z.string().optional(),
+	apiToken: z.string().optional(),
 	bitbucketWorkspaceName: z.string().optional(),
 	organizationId: z.string().optional(),
 });

packages/server/src/services/bitbucket.ts

@@ -68,17 +68,26 @@ export const updateBitbucket = async (
 	input: typeof apiUpdateBitbucket._type,
 ) => {
 	return await db.transaction(async (tx) => {
-		// Explicitly omit credentials from updates for safety/back-compat
+		// First get the current bitbucket provider to get gitProviderId
-		const {
+		const currentProvider = await tx.query.bitbucket.findFirst({
-			apiToken: _ignoredApiToken,
+			where: eq(bitbucket.bitbucketId, bitbucketId),
-			appPassword: _ignoredAppPassword,
+		});
-			...safeInput
+
-		} = input as any;
+		if (!currentProvider) {
+			throw new TRPCError({
+				code: "NOT_FOUND",
+				message: "Bitbucket provider not found",
+			});
+		}
 
 		const result = await tx
 			.update(bitbucket)
 			.set({
-				...safeInput,
+				bitbucketUsername: input.bitbucketUsername,
+				bitbucketEmail: input.bitbucketEmail,
+				appPassword: input.appPassword,
+				apiToken: input.apiToken,
+				bitbucketWorkspaceName: input.bitbucketWorkspaceName,
 			})
 			.where(eq(bitbucket.bitbucketId, bitbucketId))
 			.returning();
@@ -90,7 +99,7 @@ export const updateBitbucket = async (
 					name: input.name,
 					organizationId: input.organizationId,
 				})
-				.where(eq(gitProvider.gitProviderId, input.gitProviderId))
+				.where(eq(gitProvider.gitProviderId, currentProvider.gitProviderId))
 				.returning();
 		}
 

packages/server/src/utils/providers/bitbucket.ts

@@ -5,7 +5,10 @@ import type {
 	apiBitbucketTestConnection,
 	apiFindBitbucketBranches,
 } from "@dokploy/server/db/schema";
-import { findBitbucketById } from "@dokploy/server/services/bitbucket";
+import {
+	type Bitbucket,
+	findBitbucketById,
+} from "@dokploy/server/services/bitbucket";
 import type { Compose } from "@dokploy/server/services/compose";
 import type { InferResultType } from "@dokploy/server/types/with";
 import { TRPCError } from "@trpc/server";
@@ -39,16 +42,21 @@ export const getBitbucketCloneUrl = (
 		: `https://${bitbucketProvider.bitbucketUsername}:${bitbucketProvider.appPassword}@${repoClone}`;
 };
 
-export const getBitbucketHeaders = (bitbucketProvider: {
+export const getBitbucketHeaders = (bitbucketProvider: Bitbucket) => {
-	apiToken?: string | null;
+	if (bitbucketProvider.apiToken) {
-	bitbucketUsername?: string | null;
+		// For API tokens, use HTTP Basic auth with email and token
-	appPassword?: string | null;
+		// According to Bitbucket docs: email:token for API calls
-}) => {
+		const email =
-	return bitbucketProvider.apiToken
+			bitbucketProvider.bitbucketEmail || bitbucketProvider.bitbucketUsername;
-		? { Authorization: `Bearer ${bitbucketProvider.apiToken}` }
+		return {
-		: {
+			Authorization: `Basic ${Buffer.from(`${email}:${bitbucketProvider.apiToken}`).toString("base64")}`,
-				Authorization: `Basic ${Buffer.from(`${bitbucketProvider.bitbucketUsername}:${bitbucketProvider.appPassword}`).toString("base64")}`,
+		};
-			};
+	}
+
+	// For app passwords, use HTTP Basic auth with username and app password
+	return {
+		Authorization: `Basic ${Buffer.from(`${bitbucketProvider.bitbucketUsername}:${bitbucketProvider.appPassword}`).toString("base64")}`,
+	};
 };
 
 export const cloneBitbucketRepository = async (
@@ -305,33 +313,43 @@ export const getBitbucketBranches = async (
 	}
 	const bitbucketProvider = await findBitbucketById(input.bitbucketId);
 	const { owner, repo } = input;
-	const url = `https://api.bitbucket.org/2.0/repositories/${owner}/${repo}/refs/branches?pagelen=100`;
+	let url = `https://api.bitbucket.org/2.0/repositories/${owner}/${repo}/refs/branches?pagelen=1`;
+	let allBranches: {
+		name: string;
+		commit: {
+			sha: string;
+		};
+	}[] = [];
 
 	try {
-		const response = await fetch(url, {
+		while (url) {
-			method: "GET",
+			const response = await fetch(url, {
-			headers: getBitbucketHeaders(bitbucketProvider),
+				method: "GET",
-		});
+				headers: getBitbucketHeaders(bitbucketProvider),
-
-		if (!response.ok) {
-			throw new TRPCError({
-				code: "BAD_REQUEST",
-				message: `HTTP error! status: ${response.status}`,
 			});
+
+			if (!response.ok) {
+				throw new TRPCError({
+					code: "BAD_REQUEST",
+					message: `HTTP error! status: ${response.status}`,
+				});
+			}
+
+			const data = await response.json();
+
+			const mappedData = data.values.map((branch: any) => {
+				return {
+					name: branch.name,
+					commit: {
+						sha: branch.target.hash,
+					},
+				};
+			});
+			allBranches = allBranches.concat(mappedData);
+			url = data.next || null;
 		}
 
-		const data = await response.json();
+		return allBranches as {
-
-		const mappedData = data.values.map((branch: any) => {
-			return {
-				name: branch.name,
-				commit: {
-					sha: branch.target.hash,
-				},
-			};
-		});
-
-		return mappedData as {
 			name: string;
 			commit: {
 				sha: string;