CodeMirror/appwrite
1
0
Fork 0
mirror of synced 2024-07-01 12:40:34 +12:00
Code Issues Projects Releases Wiki Activity

Cleanups - work in progress

Browse source
This commit is contained in:
Eldad Fux 2021-05-16 12:18:34 +03:00
parent 814ac68d49
commit 2760cf5993
5 changed files with 100 additions and 58 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
app/controllers/api/projects.php
View file

@ -77,6 +77,11 @@ App::post('/v1/projects')
'keys' => [], 'keys' => [],
'tasks' => [], 'tasks' => [],
'domains' => [], 'domains' => [],
'usersAuthEmailPassword' => true,
'usersAuthAnonymous' => true,
'usersAuthInvites' => true,
'usersAuthJWT' => true,
'usersAuthPhone' => true,
])); ]));
if (false === $project) { if (false === $project) {

4
app/controllers/api/users.php
View file

@ -449,9 +449,7 @@ App::delete('/v1/users/:userId/sessions')
throw new Exception('User not found', 404); throw new Exception('User not found', 404);
} }
$sessions = $user->getAttribute('sessions', []); $dbForInternal->updateDocument('users', $user->getId(), $user->getAttribute('sessions', []));
$dbForInternal->updateDocument('users', $user->getId(), $user);
$events $events
->setParam('eventData', $response->output2($user, Response::MODEL_USER)) ->setParam('eventData', $response->output2($user, Response::MODEL_USER))

12
app/controllers/general.php
View file

@ -10,14 +10,12 @@ use Utopia\Exception;
use Utopia\Config\Config; use Utopia\Config\Config;
use Utopia\Domains\Domain; use Utopia\Domains\Domain;
use Appwrite\Auth\Auth; use Appwrite\Auth\Auth;
use Appwrite\Database\Database;
use Appwrite\Database\Document;
use Appwrite\Database\Validator\Authorization; use Appwrite\Database\Validator\Authorization;
use Appwrite\Network\Validator\Origin; use Appwrite\Network\Validator\Origin;
use Appwrite\Utopia\Response\Filters\V06; use Appwrite\Utopia\Response\Filters\V06;
use Appwrite\Utopia\Response\Filters\V07; use Appwrite\Utopia\Response\Filters\V07;
use Utopia\CLI\Console; use Utopia\CLI\Console;
use Utopia\Database\Document as Document2; use Utopia\Database\Document;
use Utopia\Database\Validator\Authorization as Authorization2; use Utopia\Database\Validator\Authorization as Authorization2;
Config::setParam('domainVerification', false); Config::setParam('domainVerification', false);
@ -28,7 +26,7 @@ App::init(function ($utopia, $request, $response, $console, $project, $consoleDB
/** @var Utopia\Swoole\Request $request */ /** @var Utopia\Swoole\Request $request */
/** @var Appwrite\Utopia\Response $response */ /** @var Appwrite\Utopia\Response $response */
/** @var Appwrite\Database\Database $consoleDB */ /** @var Appwrite\Database\Database $consoleDB */
/** @var Appwrite\Database\Document $console */ /** @var Utopia\Database\Document $console */
/** @var Utopia\Database\Document $project */ /** @var Utopia\Database\Document $project */
/** @var Utopia\Database\Document $user */ /** @var Utopia\Database\Document $user */
/** @var Utopia\Locale\Locale $locale */ /** @var Utopia\Locale\Locale $locale */
@ -226,7 +224,7 @@ App::init(function ($utopia, $request, $response, $console, $project, $consoleDB
* Mock user to app and grant API key scopes in addition to default app scopes * Mock user to app and grant API key scopes in addition to default app scopes
*/ */
if ($key && $user->isEmpty()) { if ($key && $user->isEmpty()) {
$user = new Document2([ $user = new Document([
'$id' => '', '$id' => '',
'status' => Auth::USER_STATUS_ACTIVATED, 'status' => Auth::USER_STATUS_ACTIVATED,
'email' => 'app.'.$project->getId().'@service.'.$request->getHostname(), 'email' => 'app.'.$project->getId().'@service.'.$request->getHostname(),
@ -265,7 +263,7 @@ App::init(function ($utopia, $request, $response, $console, $project, $consoleDB
// TDOO Check if user is root // TDOO Check if user is root
if (!\in_array($scope, $scopes)) { if (!\in_array($scope, $scopes)) {
if (empty($project->getId()) || Database::SYSTEM_COLLECTION_PROJECTS !== $project->getCollection()) { // Check if permission is denied because project is missing if ($project->isEmpty()) { // Check if permission is denied because project is missing
throw new Exception('Project not found', 404); throw new Exception('Project not found', 404);
} }
@ -386,7 +384,7 @@ App::error(function ($error, $utopia, $request, $response, $layout, $project) {
$response->html($layout->render()); $response->html($layout->render());
} }
$response->dynamic(new Document($output), $response->dynamic2(new Document($output),
$utopia->isDevelopment() ? Response::MODEL_ERROR_DEV : Response::MODEL_ERROR); $utopia->isDevelopment() ? Response::MODEL_ERROR_DEV : Response::MODEL_ERROR);
}, ['error', 'utopia', 'request', 'response', 'layout', 'project']); }, ['error', 'utopia', 'request', 'response', 'layout', 'project']);

70
app/controllers/shared/api.php
View file

@ -13,8 +13,8 @@ App::init(function ($utopia, $request, $response, $project, $user, $register, $e
/** @var Utopia\App $utopia */ /** @var Utopia\App $utopia */
/** @var Utopia\Swoole\Request $request */ /** @var Utopia\Swoole\Request $request */
/** @var Appwrite\Utopia\Response $response */ /** @var Appwrite\Utopia\Response $response */
/** @var Appwrite\Database\Document $project */ /** @var Utopia\Database\Document $project */
/** @var Appwrite\Database\Document $user */ /** @var Utopia\Database\Document $user */
/** @var Utopia\Registry\Registry $register */ /** @var Utopia\Registry\Registry $register */
/** @var Appwrite\Event\Event $events */ /** @var Appwrite\Event\Event $events */
/** @var Appwrite\Event\Event $audits */ /** @var Appwrite\Event\Event $audits */
@ -31,45 +31,45 @@ App::init(function ($utopia, $request, $response, $project, $user, $register, $e
throw new Exception('Missing or unknown project ID', 400); throw new Exception('Missing or unknown project ID', 400);
} }
/* // /*
* Abuse Check // * Abuse Check
*/ // */
$timeLimit = new TimeLimit($route->getLabel('abuse-key', 'url:{url},ip:{ip}'), $route->getLabel('abuse-limit', 0), $route->getLabel('abuse-time', 3600), function () use ($register) { // $timeLimit = new TimeLimit($route->getLabel('abuse-key', 'url:{url},ip:{ip}'), $route->getLabel('abuse-limit', 0), $route->getLabel('abuse-time', 3600), function () use ($register) {
return $register->get('db'); // return $register->get('db');
}); // });
$timeLimit->setNamespace('app_'.$project->getId()); // $timeLimit->setNamespace('app_'.$project->getId());
$timeLimit // $timeLimit
->setParam('{userId}', $user->getId()) // ->setParam('{userId}', $user->getId())
->setParam('{userAgent}', $request->getUserAgent('')) // ->setParam('{userAgent}', $request->getUserAgent(''))
->setParam('{ip}', $request->getIP()) // ->setParam('{ip}', $request->getIP())
->setParam('{url}', $request->getHostname().$route->getURL()) // ->setParam('{url}', $request->getHostname().$route->getURL())
; // ;
//TODO make sure we get array here // //TODO make sure we get array here
foreach ($request->getParams() as $key => $value) { // Set request params as potential abuse keys // foreach ($request->getParams() as $key => $value) { // Set request params as potential abuse keys
$timeLimit->setParam('{param-'.$key.'}', (\is_array($value)) ? \json_encode($value) : $value); // $timeLimit->setParam('{param-'.$key.'}', (\is_array($value)) ? \json_encode($value) : $value);
} // }
$abuse = new Abuse($timeLimit); // $abuse = new Abuse($timeLimit);
if ($timeLimit->limit()) { // if ($timeLimit->limit()) {
$response // $response
->addHeader('X-RateLimit-Limit', $timeLimit->limit()) // ->addHeader('X-RateLimit-Limit', $timeLimit->limit())
->addHeader('X-RateLimit-Remaining', $timeLimit->remaining()) // ->addHeader('X-RateLimit-Remaining', $timeLimit->remaining())
->addHeader('X-RateLimit-Reset', $timeLimit->time() + $route->getLabel('abuse-time', 3600)) // ->addHeader('X-RateLimit-Reset', $timeLimit->time() + $route->getLabel('abuse-time', 3600))
; // ;
} // }
$isPrivilegedUser = Auth::isPrivilegedUser(Authorization::$roles); // $isPrivilegedUser = Auth::isPrivilegedUser(Authorization::$roles);
$isAppUser = Auth::isAppUser(Authorization::$roles); // $isAppUser = Auth::isAppUser(Authorization::$roles);
if (($abuse->check() // Route is rate-limited // if (($abuse->check() // Route is rate-limited
&& App::getEnv('_APP_OPTIONS_ABUSE', 'enabled') !== 'disabled') // Abuse is not diabled // && App::getEnv('_APP_OPTIONS_ABUSE', 'enabled') !== 'disabled') // Abuse is not diabled
&& (!$isAppUser && !$isPrivilegedUser)) // User is not an admin or API key // && (!$isAppUser && !$isPrivilegedUser)) // User is not an admin or API key
{ // {
throw new Exception('Too many requests', 429); // throw new Exception('Too many requests', 429);
} // }
/* /*
* Background Jobs * Background Jobs

67
app/init.php
View file

@ -445,15 +445,11 @@ App::setResource('user', function($mode, $project, $console, $request, $response
Auth::$unique = $session['id'] ?? ''; Auth::$unique = $session['id'] ?? '';
Auth::$secret = $session['secret'] ?? ''; Auth::$secret = $session['secret'] ?? '';
if (APP_MODE_ADMIN !== $mode) { if (APP_MODE_ADMIN !== $mode && $project->getId() !== 'console') {
$user = $dbForInternal->getDocument('users', Auth::$unique); $user = $dbForInternal->getDocument('users', Auth::$unique);
} }
else { else {
$user = $dbForConsole->getDocument('users', Auth::$unique); $user = $dbForConsole->getDocument('users', Auth::$unique);
$user
->setAttribute('$id', 'admin-'.$user->getAttribute('$id'))
;
} }
if ($user->isEmpty() // Check a document has been found in the DB if ($user->isEmpty() // Check a document has been found in the DB
@ -496,25 +492,70 @@ App::setResource('user', function($mode, $project, $console, $request, $response
return $user; return $user;
}, ['mode', 'project', 'console', 'request', 'response', 'dbForInternal', 'dbForConsole']); }, ['mode', 'project', 'console', 'request', 'response', 'dbForInternal', 'dbForConsole']);
App::setResource('project', function($consoleDB, $request) { App::setResource('project', function($dbForConsole, $request, $console) {
/** @var Utopia\Swoole\Request $request */ /** @var Utopia\Swoole\Request $request */
/** @var Appwrite\Database\Database $consoleDB */ /** @var Appwrite\Database\Database $dbForConsole */
/** @var Appwrite\Database\Document $console */
$projectId = $request->getParam('project',
$request->getHeader('x-appwrite-project', ''));
if(empty($projectId) || $projectId === 'console') {
return $console;
}
Authorization::disable(); Authorization::disable();
Authorization2::disable(); Authorization2::disable();
$project = $consoleDB->getDocument($request->getParam('project', $project = $dbForConsole->getDocument('projects', $projectId);
$request->getHeader('x-appwrite-project', 'console')));
Authorization::reset(); Authorization::reset();
Authorization2::reset(); Authorization2::reset();
return $project; return $project;
}, ['consoleDB', 'request']); }, ['dbForConsole', 'request', 'console']);
App::setResource('console', function($consoleDB) { App::setResource('console', function() {
return $consoleDB->getDocument('console'); return new Document2([
}, ['consoleDB']); '$id' => 'console',
'$collection' => 'projects',
'name' => 'Appwrite',
'description' => 'Appwrite core engine',
'logo' => '',
'teamId' => -1,
'webhooks' => [],
'keys' => [],
'platforms' => [
[
'$collection' => Database::SYSTEM_COLLECTION_PLATFORMS,
'name' => 'Production',
'type' => 'web',
'hostname' => 'appwrite.io',
],
[
'$collection' => Database::SYSTEM_COLLECTION_PLATFORMS,
'name' => 'Development',
'type' => 'web',
'hostname' => 'appwrite.test',
],
[
'$collection' => Database::SYSTEM_COLLECTION_PLATFORMS,
'name' => 'Localhost',
'type' => 'web',
'hostname' => 'localhost',
], // Current host is added on app init
],
'legalName' => '',
'legalCountry' => '',
'legalState' => '',
'legalCity' => '',
'legalAddress' => '',
'legalTaxId' => '',
'authWhitelistEmails' => (!empty(App::getEnv('_APP_CONSOLE_WHITELIST_EMAILS', null))) ? \explode(',', App::getEnv('_APP_CONSOLE_WHITELIST_EMAILS', null)) : [],
'authWhitelistIPs' => (!empty(App::getEnv('_APP_CONSOLE_WHITELIST_IPS', null))) ? \explode(',', App::getEnv('_APP_CONSOLE_WHITELIST_IPS', null)) : [],
'usersAuthLimit' => (App::getEnv('_APP_CONSOLE_WHITELIST_ROOT', 'enabled') === 'enabled') ? 1 : 0, // limit signup to 1 user
]);
}, []);
App::setResource('consoleDB', function($register) { App::setResource('consoleDB', function($register) {
$consoleDB = new Database(); $consoleDB = new Database();