appwrite/app/controllers/api/proxy.php

<?php

use Appwrite\Event\Certificate;
use Appwrite\Event\Delete;
use Appwrite\Event\Event;
use Appwrite\Extend\Exception;
use Appwrite\Network\Validator\CNAME;
use Appwrite\Utopia\Database\Validator\Queries\Rules;
use Appwrite\Utopia\Response;
use Utopia\App;
use Utopia\Database\Database;
use Utopia\Database\Document;
use Utopia\Database\Exception\Query as QueryException;
use Utopia\Database\Helpers\ID;
use Utopia\Database\Query;
use Utopia\Database\Validator\UID;
use Utopia\Domains\Domain;
use Utopia\Logger\Log;
use Utopia\System\System;
use Utopia\Validator\Domain as ValidatorDomain;
use Utopia\Validator\Text;
use Utopia\Validator\WhiteList;

App::post('/v1/proxy/rules')
    ->groups(['api', 'proxy'])
    ->desc('Create Rule')
    ->label('scope', 'rules.write')
    ->label('event', 'rules.[ruleId].create')
    ->label('audits.event', 'rule.create')
    ->label('audits.resource', 'rule/{response.$id}')
    ->label('sdk.auth', [APP_AUTH_TYPE_ADMIN])
    ->label('sdk.namespace', 'proxy')
    ->label('sdk.method', 'createRule')
    ->label('sdk.description', '/docs/references/proxy/create-rule.md')
    ->label('sdk.response.code', Response::STATUS_CODE_CREATED)
    ->label('sdk.response.type', Response::CONTENT_TYPE_JSON)
    ->label('sdk.response.model', Response::MODEL_PROXY_RULE)
    ->param('domain', null, new ValidatorDomain(), 'Domain name.')
    ->param('resourceType', null, new WhiteList(['api', 'function']), 'Action definition for the rule. Possible values are "api", "function"')
    ->param('resourceId', '', new UID(), 'ID of resource for the action type. If resourceType is "api", leave empty. If resourceType is "function", provide ID of the function.', true)
    ->inject('response')
    ->inject('project')
    ->inject('queueForCertificates')
    ->inject('queueForEvents')
    ->inject('dbForConsole')
    ->inject('dbForProject')
    ->action(function (string $domain, string $resourceType, string $resourceId, Response $response, Document $project, Certificate $queueForCertificates, Event $queueForEvents, Database $dbForConsole, Database $dbForProject) {
        $mainDomain = System::getEnv('_APP_DOMAIN', '');
        if ($domain === $mainDomain) {
            throw new Exception(Exception::GENERAL_ARGUMENT_INVALID, 'You cannot assign your main domain to specific resource. Please use subdomain or a different domain.');
        }
        if ($domain === 'localhost' || $domain === APP_HOSTNAME_INTERNAL) {
            throw new Exception(Exception::GENERAL_ARGUMENT_INVALID, 'This domain name is not allowed. Please pick another one.');
        }

        $document = $dbForConsole->findOne('rules', [
            Query::equal('domain', [$domain]),
        ]);

        if ($document && !$document->isEmpty()) {
            if ($document->getAttribute('projectId') === $project->getId()) {
                $resourceType = $document->getAttribute('resourceType');
                $resourceId = $document->getAttribute('resourceId');
                $message = "Domain already assigned to '{$resourceType}' service";
                if (!empty($resourceId)) {
                    $message .= " with ID '{$resourceId}'";
                }

                $message .= '.';
            } else {
                $message = 'Domain already assigned to different project.';
            }

            throw new Exception(Exception::RULE_ALREADY_EXISTS, $message);
        }

        $resourceInternalId = '';

        if ($resourceType == 'function') {
            if (empty($resourceId)) {
                throw new Exception(Exception::FUNCTION_NOT_FOUND);
            }

            $function = $dbForProject->getDocument('functions', $resourceId);

            if ($function->isEmpty()) {
                throw new Exception(Exception::RULE_RESOURCE_NOT_FOUND);
            }

            $resourceInternalId = $function->getInternalId();
        }

        try {
            $domain = new Domain($domain);
        } catch (\Throwable) {
            throw new Exception(Exception::GENERAL_ARGUMENT_INVALID, 'Domain may not start with http:// or https://.');
        }

        $ruleId = ID::unique();
        $rule = new Document([
            '$id' => $ruleId,
            'projectId' => $project->getId(),
            'projectInternalId' => $project->getInternalId(),
            'domain' => $domain->get(),
            'resourceType' => $resourceType,
            'resourceId' => $resourceId,
            'resourceInternalId' => $resourceInternalId,
            'certificateId' => '',
        ]);

        $status = 'created';
        $functionsDomain = System::getEnv('_APP_DOMAIN_FUNCTIONS');
        if (!empty($functionsDomain) && \str_ends_with($domain->get(), $functionsDomain)) {
            $status = 'verified';
        }

        if ($status === 'created') {
            $target = new Domain(System::getEnv('_APP_DOMAIN_TARGET', ''));
            $validator = new CNAME($target->get()); // Verify Domain with DNS records

            if ($validator->isValid($domain->get())) {
                $status = 'verifying';

                $queueForCertificates
                    ->setDomain(new Document([
                        'domain' => $rule->getAttribute('domain')
                    ]))
                    ->trigger();
            }
        }

        $rule->setAttribute('status', $status);
        $rule = $dbForConsole->createDocument('rules', $rule);

        $queueForEvents->setParam('ruleId', $rule->getId());

        $rule->setAttribute('logs', '');

        $response
            ->setStatusCode(Response::STATUS_CODE_CREATED)
            ->dynamic($rule, Response::MODEL_PROXY_RULE);
    });

App::get('/v1/proxy/rules')
    ->groups(['api', 'proxy'])
    ->desc('List Rules')
    ->label('scope', 'rules.read')
    ->label('sdk.auth', [APP_AUTH_TYPE_ADMIN])
    ->label('sdk.namespace', 'proxy')
    ->label('sdk.method', 'listRules')
    ->label('sdk.description', '/docs/references/proxy/list-rules.md')
    ->label('sdk.response.code', Response::STATUS_CODE_OK)
    ->label('sdk.response.type', Response::CONTENT_TYPE_JSON)
    ->label('sdk.response.model', Response::MODEL_PROXY_RULE_LIST)
    ->param('queries', [], new Rules(), 'Array of query strings generated using the Query class provided by the SDK. [Learn more about queries](https://appwrite.io/docs/databases#querying-documents). Maximum of ' . APP_LIMIT_ARRAY_PARAMS_SIZE . ' queries are allowed, each ' . APP_LIMIT_ARRAY_ELEMENT_SIZE . ' characters long. You may filter on the following attributes: ' . implode(', ', Rules::ALLOWED_ATTRIBUTES), true)
    ->param('search', '', new Text(256), 'Search term to filter your list results. Max length: 256 chars.', true)
    ->inject('response')
    ->inject('project')
    ->inject('dbForConsole')
    ->action(function (array $queries, string $search, Response $response, Document $project, Database $dbForConsole) {
        try {
            $queries = Query::parseQueries($queries);
        } catch (QueryException $e) {
            throw new Exception(Exception::GENERAL_QUERY_INVALID, $e->getMessage());
        }

        if (!empty($search)) {
            $queries[] = Query::search('search', $search);
        }

        $queries[] = Query::equal('projectInternalId', [$project->getInternalId()]);

        /**
         * Get cursor document if there was a cursor query, we use array_filter and reset for reference $cursor to $queries
         */
        $cursor = \array_filter($queries, function ($query) {
            return \in_array($query->getMethod(), [Query::TYPE_CURSOR_AFTER, Query::TYPE_CURSOR_BEFORE]);
        });
        $cursor = reset($cursor);
        if ($cursor) {
            /** @var Query $cursor */
            $ruleId = $cursor->getValue();
            $cursorDocument = $dbForConsole->getDocument('rules', $ruleId);

            if ($cursorDocument->isEmpty()) {
                throw new Exception(Exception::GENERAL_CURSOR_NOT_FOUND, "Rule '{$ruleId}' for the 'cursor' value not found.");
            }

            $cursor->setValue($cursorDocument);
        }

        $filterQueries = Query::groupByType($queries)['filters'];

        $rules = $dbForConsole->find('rules', $queries);
        foreach ($rules as $rule) {
            $certificate = $dbForConsole->getDocument('certificates', $rule->getAttribute('certificateId', ''));
            $rule->setAttribute('logs', $certificate->getAttribute('logs', ''));
            $rule->setAttribute('renewAt', $certificate->getAttribute('renewDate', ''));
        }

        $response->dynamic(new Document([
            'rules' => $rules,
            'total' => $dbForConsole->count('rules', $filterQueries, APP_LIMIT_COUNT),
        ]), Response::MODEL_PROXY_RULE_LIST);
    });

App::get('/v1/proxy/rules/:ruleId')
    ->groups(['api', 'proxy'])
    ->desc('Get Rule')
    ->label('scope', 'rules.read')
    ->label('sdk.auth', [APP_AUTH_TYPE_ADMIN])
    ->label('sdk.namespace', 'proxy')
    ->label('sdk.method', 'getRule')
    ->label('sdk.description', '/docs/references/proxy/get-rule.md')
    ->label('sdk.response.code', Response::STATUS_CODE_OK)
    ->label('sdk.response.type', Response::CONTENT_TYPE_JSON)
    ->label('sdk.response.model', Response::MODEL_PROXY_RULE)
    ->param('ruleId', '', new UID(), 'Rule ID.')
    ->inject('response')
    ->inject('project')
    ->inject('dbForConsole')
    ->action(function (string $ruleId, Response $response, Document $project, Database $dbForConsole) {
        $rule = $dbForConsole->getDocument('rules', $ruleId);

        if ($rule->isEmpty() || $rule->getAttribute('projectInternalId') !== $project->getInternalId()) {
            throw new Exception(Exception::RULE_NOT_FOUND);
        }

        $certificate = $dbForConsole->getDocument('certificates', $rule->getAttribute('certificateId', ''));
        $rule->setAttribute('logs', $certificate->getAttribute('logs', ''));
        $rule->setAttribute('renewAt', $certificate->getAttribute('renewDate', ''));

        $response->dynamic($rule, Response::MODEL_PROXY_RULE);
    });

App::delete('/v1/proxy/rules/:ruleId')
    ->groups(['api', 'proxy'])
    ->desc('Delete Rule')
    ->label('scope', 'rules.write')
    ->label('event', 'rules.[ruleId].delete')
    ->label('audits.event', 'rules.delete')
    ->label('audits.resource', 'rule/{request.ruleId}')
    ->label('sdk.auth', [APP_AUTH_TYPE_ADMIN])
    ->label('sdk.namespace', 'proxy')
    ->label('sdk.method', 'deleteRule')
    ->label('sdk.description', '/docs/references/proxy/delete-rule.md')
    ->label('sdk.response.code', Response::STATUS_CODE_NOCONTENT)
    ->label('sdk.response.model', Response::MODEL_NONE)
    ->param('ruleId', '', new UID(), 'Rule ID.')
    ->inject('response')
    ->inject('project')
    ->inject('dbForConsole')
    ->inject('queueForDeletes')
    ->inject('queueForEvents')
    ->action(function (string $ruleId, Response $response, Document $project, Database $dbForConsole, Delete $queueForDeletes, Event $queueForEvents) {
        $rule = $dbForConsole->getDocument('rules', $ruleId);

        if ($rule->isEmpty() || $rule->getAttribute('projectInternalId') !== $project->getInternalId()) {
            throw new Exception(Exception::RULE_NOT_FOUND);
        }

        $dbForConsole->deleteDocument('rules', $rule->getId());

        $queueForDeletes
            ->setType(DELETE_TYPE_DOCUMENT)
            ->setDocument($rule);

        $queueForEvents->setParam('ruleId', $rule->getId());

        $response->noContent();
    });

App::patch('/v1/proxy/rules/:ruleId/verification')
    ->desc('Update Rule Verification Status')
    ->groups(['api', 'proxy'])
    ->label('scope', 'rules.write')
    ->label('event', 'rules.[ruleId].update')
    ->label('audits.event', 'rule.update')
    ->label('audits.resource', 'rule/{response.$id}')
    ->label('sdk.auth', [APP_AUTH_TYPE_ADMIN])
    ->label('sdk.namespace', 'proxy')
    ->label('sdk.method', 'updateRuleVerification')
    ->label('sdk.response.code', Response::STATUS_CODE_OK)
    ->label('sdk.response.type', Response::CONTENT_TYPE_JSON)
    ->label('sdk.response.model', Response::MODEL_PROXY_RULE)
    ->param('ruleId', '', new UID(), 'Rule ID.')
    ->inject('response')
    ->inject('queueForCertificates')
    ->inject('queueForEvents')
    ->inject('project')
    ->inject('dbForConsole')
    ->inject('log')
    ->action(function (string $ruleId, Response $response, Certificate $queueForCertificates, Event $queueForEvents, Document $project, Database $dbForConsole, Log $log) {
        $rule = $dbForConsole->getDocument('rules', $ruleId);

        if ($rule->isEmpty() || $rule->getAttribute('projectInternalId') !== $project->getInternalId()) {
            throw new Exception(Exception::RULE_NOT_FOUND);
        }

        $target = new Domain(System::getEnv('_APP_DOMAIN_TARGET', ''));

        if (!$target->isKnown() || $target->isTest()) {
            throw new Exception(Exception::GENERAL_SERVER_ERROR, 'Domain target must be configured as environment variable.');
        }

        if ($rule->getAttribute('verification') === true) {
            return $response->dynamic($rule, Response::MODEL_PROXY_RULE);
        }

        $validator = new CNAME($target->get()); // Verify Domain with DNS records
        $domain = new Domain($rule->getAttribute('domain', ''));

        $validationStart = \microtime(true);
        if (!$validator->isValid($domain->get())) {
            $log->addExtra('dnsTiming', \strval(\microtime(true) - $validationStart));
            $log->addTag('dnsDomain', $domain->get());

            $error = $validator->getLogs();
            $log->addExtra('dnsResponse', \is_array($error) ? \json_encode($error) : \strval($error));

            throw new Exception(Exception::RULE_VERIFICATION_FAILED);
        }

        $dbForConsole->updateDocument('rules', $rule->getId(), $rule->setAttribute('status', 'verifying'));

        // Issue a TLS certificate when domain is verified
        $queueForCertificates
            ->setDomain(new Document([
                'domain' => $rule->getAttribute('domain')
            ]))
            ->trigger();

        $queueForEvents->setParam('ruleId', $rule->getId());

        $certificate = $dbForConsole->getDocument('certificates', $rule->getAttribute('certificateId', ''));
        $rule->setAttribute('logs', $certificate->getAttribute('logs', ''));

        $response->dynamic($rule, Response::MODEL_PROXY_RULE);
    });
Implement rules 2023-03-09 07:30:01 +13:00			`<?php`

			`use Appwrite\Event\Certificate;`
			`use Appwrite\Event\Delete;`
			`use Appwrite\Event\Event;`
			`use Appwrite\Extend\Exception;`
			`use Appwrite\Network\Validator\CNAME;`
			`use Appwrite\Utopia\Database\Validator\Queries\Rules;`
			`use Appwrite\Utopia\Response;`
			`use Utopia\App;`
			`use Utopia\Database\Database;`
			`use Utopia\Database\Document;`
parseQueries 2024-02-13 05:02:04 +13:00			`use Utopia\Database\Exception\Query as QueryException;`
QA after merge with 1.4 2023-08-06 20:51:53 +12:00			`use Utopia\Database\Helpers\ID;`
Implement rules 2023-03-09 07:30:01 +13:00			`use Utopia\Database\Query;`
			`use Utopia\Database\Validator\UID;`
			`use Utopia\Domains\Domain;`
Merge main 2024-02-12 14:18:19 +13:00			`use Utopia\Logger\Log;`
Fix format 2024-04-02 00:08:46 +13:00			`use Utopia\System\System;`
QA after merge with 1.4 2023-08-06 20:51:53 +12:00			`use Utopia\Validator\Domain as ValidatorDomain;`
Implement rules 2023-03-09 07:30:01 +13:00			`use Utopia\Validator\Text;`
			`use Utopia\Validator\WhiteList;`

			`App::post('/v1/proxy/rules')`
			`->groups(['api', 'proxy'])`
			`->desc('Create Rule')`
			`->label('scope', 'rules.write')`
			`->label('event', 'rules.[ruleId].create')`
			`->label('audits.event', 'rule.create')`
			`->label('audits.resource', 'rule/{response.$id}')`
fix: hide services from server/client sdks 2023-08-30 23:28:43 +12:00			`->label('sdk.auth', [APP_AUTH_TYPE_ADMIN])`
Implement rules 2023-03-09 07:30:01 +13:00			`->label('sdk.namespace', 'proxy')`
			`->label('sdk.method', 'createRule')`
			`->label('sdk.description', '/docs/references/proxy/create-rule.md')`
			`->label('sdk.response.code', Response::STATUS_CODE_CREATED)`
			`->label('sdk.response.type', Response::CONTENT_TYPE_JSON)`
			`->label('sdk.response.model', Response::MODEL_PROXY_RULE)`
QA after merge with 1.4 2023-08-06 20:51:53 +12:00			`->param('domain', null, new ValidatorDomain(), 'Domain name.')`
PR review changes, fix node test 2023-08-20 06:26:47 +12:00			`->param('resourceType', null, new WhiteList(['api', 'function']), 'Action definition for the rule. Possible values are "api", "function"')`
			`->param('resourceId', '', new UID(), 'ID of resource for the action type. If resourceType is "api", leave empty. If resourceType is "function", provide ID of the function.', true)`
Implement rules 2023-03-09 07:30:01 +13:00			`->inject('response')`
			`->inject('project')`
queues fixes 2023-10-20 04:28:01 +13:00			`->inject('queueForCertificates')`
			`->inject('queueForEvents')`
Implement rules 2023-03-09 07:30:01 +13:00			`->inject('dbForConsole')`
			`->inject('dbForProject')`
queues fixes 2023-10-20 04:28:01 +13:00			`->action(function (string $domain, string $resourceType, string $resourceId, Response $response, Document $project, Certificate $queueForCertificates, Event $queueForEvents, Database $dbForConsole, Database $dbForProject) {`
Updated getEnv to use system lib 2024-04-02 00:02:47 +13:00			`$mainDomain = System::getEnv('_APP_DOMAIN', '');`
Fix exception condition 2023-08-23 06:14:20 +12:00			`if ($domain === $mainDomain) {`
			`throw new Exception(Exception::GENERAL_ARGUMENT_INVALID, 'You cannot assign your main domain to specific resource. Please use subdomain or a different domain.');`
			`}`
			`if ($domain === 'localhost' \|\| $domain === APP_HOSTNAME_INTERNAL) {`
Improve commands quality 2023-08-22 20:16:17 +12:00			`throw new Exception(Exception::GENERAL_ARGUMENT_INVALID, 'This domain name is not allowed. Please pick another one.');`
Fix id null schedule bug 2023-08-22 05:43:03 +12:00			`}`
Linter 2023-08-23 01:18:07 +12:00
Implement rules 2023-03-09 07:30:01 +13:00			`$document = $dbForConsole->findOne('rules', [`
			`Query::equal('domain', [$domain]),`
			`]);`

			`if ($document && !$document->isEmpty()) {`
Code formatting 2023-03-15 08:31:23 +13:00			`if ($document->getAttribute('projectId') === $project->getId()) {`
Improve 409 rule error; update console 2023-03-11 02:36:31 +13:00			`$resourceType = $document->getAttribute('resourceType');`
			`$resourceId = $document->getAttribute('resourceId');`
			`$message = "Domain already assigned to '{$resourceType}' service";`
Code formatting 2023-03-15 08:31:23 +13:00			`if (!empty($resourceId)) {`
Improve 409 rule error; update console 2023-03-11 02:36:31 +13:00			`$message .= " with ID '{$resourceId}'";`
			`}`

			`$message .= '.';`
			`} else {`
Addressed PR comments 2023-08-18 18:55:44 +12:00			`$message = 'Domain already assigned to different project.';`
Improve 409 rule error; update console 2023-03-11 02:36:31 +13:00			`}`
Code formatting 2023-03-15 08:31:23 +13:00
Improve 409 rule error; update console 2023-03-11 02:36:31 +13:00			`throw new Exception(Exception::RULE_ALREADY_EXISTS, $message);`
Implement rules 2023-03-09 07:30:01 +13:00			`}`

			`$resourceInternalId = '';`

Code formatting 2023-03-15 08:31:23 +13:00			`if ($resourceType == 'function') {`
			`if (empty($resourceId)) {`
More PR review changes 2023-07-28 20:27:16 +12:00			`throw new Exception(Exception::FUNCTION_NOT_FOUND);`
Implement rules 2023-03-09 07:30:01 +13:00			`}`

			`$function = $dbForProject->getDocument('functions', $resourceId);`

			`if ($function->isEmpty()) {`
Address PR reviews 2023-07-28 19:56:07 +12:00			`throw new Exception(Exception::RULE_RESOURCE_NOT_FOUND);`
Implement rules 2023-03-09 07:30:01 +13:00			`}`

			`$resourceInternalId = $function->getInternalId();`
			`}`

fix: proxy create rule 500 2023-11-07 03:44:00 +13:00			`try {`
			`$domain = new Domain($domain);`
Replace catching \Exception with \Throwable \Exception doesn't work as a catch-all because not everything extends \Exception. For example, there was a problem where the messaging worker didn't catch an exception here: } catch (\Exception $e) { $deliveryErrors[] = 'Failed sending to targets ' . $batchIndex + 1 . '-' . \count($batch) . ' with error: ' . $e->getMessage(); } finally { As such, $deliveryErrors stayed as an empty array. In this case, the $adapter->send() threw a TypeError which extends Error which implements Throwable. Updating the catch to catch \Throwable ensures the error is caught and $deliveryErrors gets updated. 2024-02-08 14:17:54 +13:00			`} catch (\Throwable) {`
chore: better error msg 2023-11-07 03:49:33 +13:00			`throw new Exception(Exception::GENERAL_ARGUMENT_INVALID, 'Domain may not start with http:// or https://.');`
fix: proxy create rule 500 2023-11-07 03:44:00 +13:00			`}`
chore: fmt 2023-11-07 03:48:54 +13:00
Implement rules 2023-03-09 07:30:01 +13:00			`$ruleId = ID::unique();`
Add auto-verify logic to createRule 2023-07-12 22:55:33 +12:00			`$rule = new Document([`
Implement rules 2023-03-09 07:30:01 +13:00			`'$id' => $ruleId,`
			`'projectId' => $project->getId(),`
			`'projectInternalId' => $project->getInternalId(),`
			`'domain' => $domain->get(),`
			`'resourceType' => $resourceType,`
			`'resourceId' => $resourceId,`
			`'resourceInternalId' => $resourceInternalId,`
			`'certificateId' => '',`
Add auto-verify logic to createRule 2023-07-12 22:55:33 +12:00			`]);`

			`$status = 'created';`
Updated getEnv to use system lib 2024-04-02 00:02:47 +13:00			`$functionsDomain = System::getEnv('_APP_DOMAIN_FUNCTIONS');`
PR review changes 2023-07-25 01:12:36 +12:00			`if (!empty($functionsDomain) && \str_ends_with($domain->get(), $functionsDomain)) {`
Add auto-verify logic to createRule 2023-07-12 22:55:33 +12:00			`$status = 'verified';`
			`}`

			`if ($status === 'created') {`
Updated getEnv to use system lib 2024-04-02 00:02:47 +13:00			`$target = new Domain(System::getEnv('_APP_DOMAIN_TARGET', ''));`
Add auto-verify logic to createRule 2023-07-12 22:55:33 +12:00			`$validator = new CNAME($target->get()); // Verify Domain with DNS records`

			`if ($validator->isValid($domain->get())) {`
			`$status = 'verifying';`

queues fixes 2023-10-20 04:28:01 +13:00			`$queueForCertificates`
Add auto-verify logic to createRule 2023-07-12 22:55:33 +12:00			`->setDomain(new Document([`
			`'domain' => $rule->getAttribute('domain')`
			`]))`
			`->trigger();`
			`}`
			`}`

			`$rule->setAttribute('status', $status);`
			`$rule = $dbForConsole->createDocument('rules', $rule);`
Implement rules 2023-03-09 07:30:01 +13:00
queues fixes 2023-10-20 04:28:01 +13:00			`$queueForEvents->setParam('ruleId', $rule->getId());`
Implement rules 2023-03-09 07:30:01 +13:00
Add logs to rules 2023-03-14 02:35:34 +13:00			`$rule->setAttribute('logs', '');`

Implement rules 2023-03-09 07:30:01 +13:00			`$response`
			`->setStatusCode(Response::STATUS_CODE_CREATED)`
Bug fixes for proxy rule service 2023-03-10 20:42:52 +13:00			`->dynamic($rule, Response::MODEL_PROXY_RULE);`
Implement rules 2023-03-09 07:30:01 +13:00			`});`

			`App::get('/v1/proxy/rules')`
			`->groups(['api', 'proxy'])`
			`->desc('List Rules')`
			`->label('scope', 'rules.read')`
fix: hide services from server/client sdks 2023-08-30 23:28:43 +12:00			`->label('sdk.auth', [APP_AUTH_TYPE_ADMIN])`
Implement rules 2023-03-09 07:30:01 +13:00			`->label('sdk.namespace', 'proxy')`
			`->label('sdk.method', 'listRules')`
			`->label('sdk.description', '/docs/references/proxy/list-rules.md')`
			`->label('sdk.response.code', Response::STATUS_CODE_OK)`
			`->label('sdk.response.type', Response::CONTENT_TYPE_JSON)`
			`->label('sdk.response.model', Response::MODEL_PROXY_RULE_LIST)`
			`->param('queries', [], new Rules(), 'Array of query strings generated using the Query class provided by the SDK. [Learn more about queries](https://appwrite.io/docs/databases#querying-documents). Maximum of ' . APP_LIMIT_ARRAY_PARAMS_SIZE . ' queries are allowed, each ' . APP_LIMIT_ARRAY_ELEMENT_SIZE . ' characters long. You may filter on the following attributes: ' . implode(', ', Rules::ALLOWED_ATTRIBUTES), true)`
			`->param('search', '', new Text(256), 'Search term to filter your list results. Max length: 256 chars.', true)`
			`->inject('response')`
			`->inject('project')`
			`->inject('dbForConsole')`
			`->action(function (array $queries, string $search, Response $response, Document $project, Database $dbForConsole) {`
parseQueries 2024-02-13 05:02:04 +13:00			`try {`
			`$queries = Query::parseQueries($queries);`
			`} catch (QueryException $e) {`
			`throw new Exception(Exception::GENERAL_QUERY_INVALID, $e->getMessage());`
			`}`
Implement rules 2023-03-09 07:30:01 +13:00
			`if (!empty($search)) {`
			`$queries[] = Query::search('search', $search);`
			`}`

			`$queries[] = Query::equal('projectInternalId', [$project->getInternalId()]);`

fix Indexes 2024-02-12 22:55:45 +13:00			`/**`
typo 2024-02-12 23:03:31 +13:00			`* Get cursor document if there was a cursor query, we use array_filter and reset for reference $cursor to $queries`
fix Indexes 2024-02-12 22:55:45 +13:00			`*/`
			`$cursor = \array_filter($queries, function ($query) {`
			`return \in_array($query->getMethod(), [Query::TYPE_CURSOR_AFTER, Query::TYPE_CURSOR_BEFORE]);`
			`});`
Implement rules 2023-03-09 07:30:01 +13:00			`$cursor = reset($cursor);`
			`if ($cursor) {`
			`/** @var Query $cursor */`
			`$ruleId = $cursor->getValue();`
			`$cursorDocument = $dbForConsole->getDocument('rules', $ruleId);`

			`if ($cursorDocument->isEmpty()) {`
			`throw new Exception(Exception::GENERAL_CURSOR_NOT_FOUND, "Rule '{$ruleId}' for the 'cursor' value not found.");`
			`}`

			`$cursor->setValue($cursorDocument);`
			`}`

			`$filterQueries = Query::groupByType($queries)['filters'];`

Add logs to rules 2023-03-14 02:35:34 +13:00			`$rules = $dbForConsole->find('rules', $queries);`
			`foreach ($rules as $rule) {`
			`$certificate = $dbForConsole->getDocument('certificates', $rule->getAttribute('certificateId', ''));`
			`$rule->setAttribute('logs', $certificate->getAttribute('logs', ''));`
Update installation, certificate & repository response models 2023-06-09 03:24:27 +12:00			`$rule->setAttribute('renewAt', $certificate->getAttribute('renewDate', ''));`
Add logs to rules 2023-03-14 02:35:34 +13:00			`}`

Implement rules 2023-03-09 07:30:01 +13:00			`$response->dynamic(new Document([`
Add logs to rules 2023-03-14 02:35:34 +13:00			`'rules' => $rules,`
Implement rules 2023-03-09 07:30:01 +13:00			`'total' => $dbForConsole->count('rules', $filterQueries, APP_LIMIT_COUNT),`
			`]), Response::MODEL_PROXY_RULE_LIST);`
			`});`

			`App::get('/v1/proxy/rules/:ruleId')`
			`->groups(['api', 'proxy'])`
			`->desc('Get Rule')`
			`->label('scope', 'rules.read')`
fix: hide services from server/client sdks 2023-08-30 23:28:43 +12:00			`->label('sdk.auth', [APP_AUTH_TYPE_ADMIN])`
Implement rules 2023-03-09 07:30:01 +13:00			`->label('sdk.namespace', 'proxy')`
			`->label('sdk.method', 'getRule')`
			`->label('sdk.description', '/docs/references/proxy/get-rule.md')`
			`->label('sdk.response.code', Response::STATUS_CODE_OK)`
			`->label('sdk.response.type', Response::CONTENT_TYPE_JSON)`
			`->label('sdk.response.model', Response::MODEL_PROXY_RULE)`
			`->param('ruleId', '', new UID(), 'Rule ID.')`
			`->inject('response')`
			`->inject('project')`
			`->inject('dbForConsole')`
			`->action(function (string $ruleId, Response $response, Document $project, Database $dbForConsole) {`
Bug fixes for proxy rule service 2023-03-10 20:42:52 +13:00			`$rule = $dbForConsole->getDocument('rules', $ruleId);`
Implement rules 2023-03-09 07:30:01 +13:00
			`if ($rule->isEmpty() \|\| $rule->getAttribute('projectInternalId') !== $project->getInternalId()) {`
			`throw new Exception(Exception::RULE_NOT_FOUND);`
			`}`

Add logs to rules 2023-03-14 02:35:34 +13:00			`$certificate = $dbForConsole->getDocument('certificates', $rule->getAttribute('certificateId', ''));`
			`$rule->setAttribute('logs', $certificate->getAttribute('logs', ''));`
Update installation, certificate & repository response models 2023-06-09 03:24:27 +12:00			`$rule->setAttribute('renewAt', $certificate->getAttribute('renewDate', ''));`
Add logs to rules 2023-03-14 02:35:34 +13:00
Implement rules 2023-03-09 07:30:01 +13:00			`$response->dynamic($rule, Response::MODEL_PROXY_RULE);`
			`});`

			`App::delete('/v1/proxy/rules/:ruleId')`
			`->groups(['api', 'proxy'])`
			`->desc('Delete Rule')`
			`->label('scope', 'rules.write')`
			`->label('event', 'rules.[ruleId].delete')`
Update console version, fix docs. 2023-07-13 23:42:04 +12:00			`->label('audits.event', 'rules.delete')`
Implement rules 2023-03-09 07:30:01 +13:00			`->label('audits.resource', 'rule/{request.ruleId}')`
fix: hide services from server/client sdks 2023-08-30 23:28:43 +12:00			`->label('sdk.auth', [APP_AUTH_TYPE_ADMIN])`
Implement rules 2023-03-09 07:30:01 +13:00			`->label('sdk.namespace', 'proxy')`
			`->label('sdk.method', 'deleteRule')`
			`->label('sdk.description', '/docs/references/proxy/delete-rule.md')`
			`->label('sdk.response.code', Response::STATUS_CODE_NOCONTENT)`
			`->label('sdk.response.model', Response::MODEL_NONE)`
			`->param('ruleId', '', new UID(), 'Rule ID.')`
			`->inject('response')`
			`->inject('project')`
			`->inject('dbForConsole')`
queues fixes 2023-10-20 04:28:01 +13:00			`->inject('queueForDeletes')`
			`->inject('queueForEvents')`
			`->action(function (string $ruleId, Response $response, Document $project, Database $dbForConsole, Delete $queueForDeletes, Event $queueForEvents) {`
Implement rules 2023-03-09 07:30:01 +13:00			`$rule = $dbForConsole->getDocument('rules', $ruleId);`

			`if ($rule->isEmpty() \|\| $rule->getAttribute('projectInternalId') !== $project->getInternalId()) {`
			`throw new Exception(Exception::RULE_NOT_FOUND);`
			`}`

More PR review changes 2023-07-28 20:27:16 +12:00			`$dbForConsole->deleteDocument('rules', $rule->getId());`
Implement rules 2023-03-09 07:30:01 +13:00
queues fixes 2023-10-20 04:28:01 +13:00			`$queueForDeletes`
Implement rules 2023-03-09 07:30:01 +13:00			`->setType(DELETE_TYPE_DOCUMENT)`
			`->setDocument($rule);`

queues fixes 2023-10-20 04:28:01 +13:00			`$queueForEvents->setParam('ruleId', $rule->getId());`
Implement rules 2023-03-09 07:30:01 +13:00
			`$response->noContent();`
			`});`

			`App::patch('/v1/proxy/rules/:ruleId/verification')`
			`->desc('Update Rule Verification Status')`
			`->groups(['api', 'proxy'])`
			`->label('scope', 'rules.write')`
Bug fixes after proxy QA 2023-03-11 01:20:24 +13:00			`->label('event', 'rules.[ruleId].update')`
			`->label('audits.event', 'rule.update')`
			`->label('audits.resource', 'rule/{response.$id}')`
fix: hide services from server/client sdks 2023-08-30 23:28:43 +12:00			`->label('sdk.auth', [APP_AUTH_TYPE_ADMIN])`
Implement rules 2023-03-09 07:30:01 +13:00			`->label('sdk.namespace', 'proxy')`
			`->label('sdk.method', 'updateRuleVerification')`
			`->label('sdk.response.code', Response::STATUS_CODE_OK)`
			`->label('sdk.response.type', Response::CONTENT_TYPE_JSON)`
			`->label('sdk.response.model', Response::MODEL_PROXY_RULE)`
			`->param('ruleId', '', new UID(), 'Rule ID.')`
			`->inject('response')`
queues fixes 2023-10-20 04:28:01 +13:00			`->inject('queueForCertificates')`
			`->inject('queueForEvents')`
Implement rules 2023-03-09 07:30:01 +13:00			`->inject('project')`
			`->inject('dbForConsole')`
Merge main 2024-02-12 14:18:19 +13:00			`->inject('log')`
			`->action(function (string $ruleId, Response $response, Certificate $queueForCertificates, Event $queueForEvents, Document $project, Database $dbForConsole, Log $log) {`
Implement rules 2023-03-09 07:30:01 +13:00			`$rule = $dbForConsole->getDocument('rules', $ruleId);`

			`if ($rule->isEmpty() \|\| $rule->getAttribute('projectInternalId') !== $project->getInternalId()) {`
			`throw new Exception(Exception::RULE_NOT_FOUND);`
			`}`

Updated getEnv to use system lib 2024-04-02 00:02:47 +13:00			`$target = new Domain(System::getEnv('_APP_DOMAIN_TARGET', ''));`
Implement rules 2023-03-09 07:30:01 +13:00
			`if (!$target->isKnown() \|\| $target->isTest()) {`
More PR review changes 2023-07-28 20:27:16 +12:00			`throw new Exception(Exception::GENERAL_SERVER_ERROR, 'Domain target must be configured as environment variable.');`
Implement rules 2023-03-09 07:30:01 +13:00			`}`

			`if ($rule->getAttribute('verification') === true) {`
			`return $response->dynamic($rule, Response::MODEL_PROXY_RULE);`
			`}`

			`$validator = new CNAME($target->get()); // Verify Domain with DNS records`
Bug fixes for proxy rule service 2023-03-10 20:42:52 +13:00			`$domain = new Domain($rule->getAttribute('domain', ''));`
Implement rules 2023-03-09 07:30:01 +13:00
Merge main 2024-02-12 14:18:19 +13:00			`$validationStart = \microtime(true);`
Bug fixes for proxy rule service 2023-03-10 20:42:52 +13:00			`if (!$validator->isValid($domain->get())) {`
Merge main 2024-02-12 14:18:19 +13:00			`$log->addExtra('dnsTiming', \strval(\microtime(true) - $validationStart));`
			`$log->addTag('dnsDomain', $domain->get());`

			`$error = $validator->getLogs();`
			`$log->addExtra('dnsResponse', \is_array($error) ? \json_encode($error) : \strval($error));`

Implement rules 2023-03-09 07:30:01 +13:00			`throw new Exception(Exception::RULE_VERIFICATION_FAILED);`
			`}`

Improve error logs 2023-03-09 08:50:51 +13:00			`$dbForConsole->updateDocument('rules', $rule->getId(), $rule->setAttribute('status', 'verifying'));`
Implement rules 2023-03-09 07:30:01 +13:00
			`// Issue a TLS certificate when domain is verified`
queues fixes 2023-10-20 04:28:01 +13:00			`$queueForCertificates`
Implement rules 2023-03-09 07:30:01 +13:00			`->setDomain(new Document([`
			`'domain' => $rule->getAttribute('domain')`
			`]))`
			`->trigger();`

queues fixes 2023-10-20 04:28:01 +13:00			`$queueForEvents->setParam('ruleId', $rule->getId());`
Bug fixes after proxy QA 2023-03-11 01:20:24 +13:00
Add logs to rules 2023-03-14 02:35:34 +13:00			`$certificate = $dbForConsole->getDocument('certificates', $rule->getAttribute('certificateId', ''));`
			`$rule->setAttribute('logs', $certificate->getAttribute('logs', ''));`

Implement rules 2023-03-09 07:30:01 +13:00			`$response->dynamic($rule, Response::MODEL_PROXY_RULE);`
Code formatting 2023-03-15 08:31:23 +13:00			`});`