2022-11-24 20:53:52 +13:00
< ? php
use Appwrite\Auth\Auth ;
2024-03-07 06:34:21 +13:00
use Appwrite\Extend\Exception ;
2022-11-24 20:53:52 +13:00
use Appwrite\Utopia\Request ;
2024-03-07 06:34:21 +13:00
use MaxMind\Db\Reader ;
2022-11-24 20:53:52 +13:00
use Utopia\App ;
2024-03-07 06:34:21 +13:00
use Utopia\Database\DateTime ;
2022-11-24 20:53:52 +13:00
use Utopia\Database\Document ;
use Utopia\Database\Validator\Authorization ;
2024-04-02 00:02:47 +13:00
use Utopia\System\System ;
2024-03-04 03:18:09 +13:00
App :: init ()
-> groups ([ 'mfaProtected' ])
-> inject ( 'session' )
-> action ( function ( Document $session ) {
2024-03-04 21:50:50 +13:00
$isSessionFresh = false ;
2024-03-04 03:18:09 +13:00
$lastUpdate = $session -> getAttribute ( 'mfaUpdatedAt' );
if ( ! empty ( $lastUpdate )) {
$now = DateTime :: now ();
2024-04-10 23:42:20 +12:00
$maxAllowedDate = DateTime :: addSeconds ( new \DateTime ( $lastUpdate ), Auth :: MFA_RECENT_DURATION ); // Maximum date until session is considered safe before asking for another challenge
2024-03-04 03:18:09 +13:00
2024-03-04 21:50:50 +13:00
$isSessionFresh = DateTime :: formatTz ( $maxAllowedDate ) >= DateTime :: formatTz ( $now );
2024-03-04 03:18:09 +13:00
}
2024-03-04 21:50:50 +13:00
if ( ! $isSessionFresh ) {
2024-03-04 03:18:09 +13:00
throw new Exception ( Exception :: USER_CHALLENGE_REQUIRED );
}
});
2022-11-24 20:53:52 +13:00
App :: init ()
-> groups ([ 'auth' ])
-> inject ( 'utopia' )
-> inject ( 'request' )
-> inject ( 'project' )
2024-02-02 01:10:41 +13:00
-> inject ( 'geodb' )
-> action ( function ( App $utopia , Request $request , Document $project , Reader $geodb ) {
2024-04-02 00:02:47 +13:00
$denylist = System :: getEnv ( '_APP_CONSOLE_COUNTRIES_DENYLIST' , '' );
2024-02-03 03:31:54 +13:00
if ( ! empty ( $denylist && $project -> getId () === 'console' )) {
2024-02-02 01:10:41 +13:00
$countries = explode ( ',' , $denylist );
$record = $geodb -> get ( $request -> getIP ()) ? ? [];
$country = $record [ 'country' ][ 'iso_code' ] ? ? '' ;
if ( in_array ( $country , $countries )) {
throw new Exception ( Exception :: GENERAL_REGION_ACCESS_DENIED );
}
}
2022-11-24 20:53:52 +13:00
$route = $utopia -> match ( $request );
$isPrivilegedUser = Auth :: isPrivilegedUser ( Authorization :: getRoles ());
$isAppUser = Auth :: isAppUser ( Authorization :: getRoles ());
if ( $isAppUser || $isPrivilegedUser ) { // Skip limits for app and console devs
return ;
}
$auths = $project -> getAttribute ( 'auths' , []);
switch ( $route -> getLabel ( 'auth.type' , '' )) {
case 'emailPassword' :
if (( $auths [ 'emailPassword' ] ? ? true ) === false ) {
throw new Exception ( Exception :: USER_AUTH_METHOD_UNSUPPORTED , 'Email / Password authentication is disabled for this project' );
}
break ;
case 'magic-url' :
2024-02-12 14:18:19 +13:00
if (( $auths [ 'usersAuthMagicURL' ] ? ? true ) === false ) {
2022-11-24 20:53:52 +13:00
throw new Exception ( Exception :: USER_AUTH_METHOD_UNSUPPORTED , 'Magic URL authentication is disabled for this project' );
}
break ;
case 'anonymous' :
if (( $auths [ 'anonymous' ] ? ? true ) === false ) {
throw new Exception ( Exception :: USER_AUTH_METHOD_UNSUPPORTED , 'Anonymous authentication is disabled for this project' );
}
break ;
2024-02-12 14:18:19 +13:00
case 'phone' :
if (( $auths [ 'phone' ] ? ? true ) === false ) {
throw new Exception ( Exception :: USER_AUTH_METHOD_UNSUPPORTED , 'Phone authentication is disabled for this project' );
}
break ;
2022-11-24 20:53:52 +13:00
case 'invites' :
if (( $auths [ 'invites' ] ? ? true ) === false ) {
throw new Exception ( Exception :: USER_AUTH_METHOD_UNSUPPORTED , 'Invites authentication is disabled for this project' );
}
break ;
case 'jwt' :
if (( $auths [ 'JWT' ] ? ? true ) === false ) {
throw new Exception ( Exception :: USER_AUTH_METHOD_UNSUPPORTED , 'JWT authentication is disabled for this project' );
}
break ;
2024-02-02 21:33:20 +13:00
case 'email-otp' :
if (( $auths [ 'emailOTP' ] ? ? true ) === false ) {
throw new Exception ( Exception :: USER_AUTH_METHOD_UNSUPPORTED , 'Email OTP authentication is disabled for this project' );
}
break ;
2022-11-24 20:53:52 +13:00
default :
throw new Exception ( Exception :: USER_AUTH_METHOD_UNSUPPORTED , 'Unsupported authentication route' );
}
2022-12-19 21:25:49 +13:00
});