Cleanups - work in progress
This commit is contained in:
parent
814ac68d49
commit
2760cf5993
|
@ -77,6 +77,11 @@ App::post('/v1/projects')
|
||||||
'keys' => [],
|
'keys' => [],
|
||||||
'tasks' => [],
|
'tasks' => [],
|
||||||
'domains' => [],
|
'domains' => [],
|
||||||
|
'usersAuthEmailPassword' => true,
|
||||||
|
'usersAuthAnonymous' => true,
|
||||||
|
'usersAuthInvites' => true,
|
||||||
|
'usersAuthJWT' => true,
|
||||||
|
'usersAuthPhone' => true,
|
||||||
]));
|
]));
|
||||||
|
|
||||||
if (false === $project) {
|
if (false === $project) {
|
||||||
|
|
|
@ -449,9 +449,7 @@ App::delete('/v1/users/:userId/sessions')
|
||||||
throw new Exception('User not found', 404);
|
throw new Exception('User not found', 404);
|
||||||
}
|
}
|
||||||
|
|
||||||
$sessions = $user->getAttribute('sessions', []);
|
$dbForInternal->updateDocument('users', $user->getId(), $user->getAttribute('sessions', []));
|
||||||
|
|
||||||
$dbForInternal->updateDocument('users', $user->getId(), $user);
|
|
||||||
|
|
||||||
$events
|
$events
|
||||||
->setParam('eventData', $response->output2($user, Response::MODEL_USER))
|
->setParam('eventData', $response->output2($user, Response::MODEL_USER))
|
||||||
|
|
|
@ -10,14 +10,12 @@ use Utopia\Exception;
|
||||||
use Utopia\Config\Config;
|
use Utopia\Config\Config;
|
||||||
use Utopia\Domains\Domain;
|
use Utopia\Domains\Domain;
|
||||||
use Appwrite\Auth\Auth;
|
use Appwrite\Auth\Auth;
|
||||||
use Appwrite\Database\Database;
|
|
||||||
use Appwrite\Database\Document;
|
|
||||||
use Appwrite\Database\Validator\Authorization;
|
use Appwrite\Database\Validator\Authorization;
|
||||||
use Appwrite\Network\Validator\Origin;
|
use Appwrite\Network\Validator\Origin;
|
||||||
use Appwrite\Utopia\Response\Filters\V06;
|
use Appwrite\Utopia\Response\Filters\V06;
|
||||||
use Appwrite\Utopia\Response\Filters\V07;
|
use Appwrite\Utopia\Response\Filters\V07;
|
||||||
use Utopia\CLI\Console;
|
use Utopia\CLI\Console;
|
||||||
use Utopia\Database\Document as Document2;
|
use Utopia\Database\Document;
|
||||||
use Utopia\Database\Validator\Authorization as Authorization2;
|
use Utopia\Database\Validator\Authorization as Authorization2;
|
||||||
|
|
||||||
Config::setParam('domainVerification', false);
|
Config::setParam('domainVerification', false);
|
||||||
|
@ -28,7 +26,7 @@ App::init(function ($utopia, $request, $response, $console, $project, $consoleDB
|
||||||
/** @var Utopia\Swoole\Request $request */
|
/** @var Utopia\Swoole\Request $request */
|
||||||
/** @var Appwrite\Utopia\Response $response */
|
/** @var Appwrite\Utopia\Response $response */
|
||||||
/** @var Appwrite\Database\Database $consoleDB */
|
/** @var Appwrite\Database\Database $consoleDB */
|
||||||
/** @var Appwrite\Database\Document $console */
|
/** @var Utopia\Database\Document $console */
|
||||||
/** @var Utopia\Database\Document $project */
|
/** @var Utopia\Database\Document $project */
|
||||||
/** @var Utopia\Database\Document $user */
|
/** @var Utopia\Database\Document $user */
|
||||||
/** @var Utopia\Locale\Locale $locale */
|
/** @var Utopia\Locale\Locale $locale */
|
||||||
|
@ -226,7 +224,7 @@ App::init(function ($utopia, $request, $response, $console, $project, $consoleDB
|
||||||
* Mock user to app and grant API key scopes in addition to default app scopes
|
* Mock user to app and grant API key scopes in addition to default app scopes
|
||||||
*/
|
*/
|
||||||
if ($key && $user->isEmpty()) {
|
if ($key && $user->isEmpty()) {
|
||||||
$user = new Document2([
|
$user = new Document([
|
||||||
'$id' => '',
|
'$id' => '',
|
||||||
'status' => Auth::USER_STATUS_ACTIVATED,
|
'status' => Auth::USER_STATUS_ACTIVATED,
|
||||||
'email' => 'app.'.$project->getId().'@service.'.$request->getHostname(),
|
'email' => 'app.'.$project->getId().'@service.'.$request->getHostname(),
|
||||||
|
@ -265,7 +263,7 @@ App::init(function ($utopia, $request, $response, $console, $project, $consoleDB
|
||||||
// TDOO Check if user is root
|
// TDOO Check if user is root
|
||||||
|
|
||||||
if (!\in_array($scope, $scopes)) {
|
if (!\in_array($scope, $scopes)) {
|
||||||
if (empty($project->getId()) || Database::SYSTEM_COLLECTION_PROJECTS !== $project->getCollection()) { // Check if permission is denied because project is missing
|
if ($project->isEmpty()) { // Check if permission is denied because project is missing
|
||||||
throw new Exception('Project not found', 404);
|
throw new Exception('Project not found', 404);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -386,7 +384,7 @@ App::error(function ($error, $utopia, $request, $response, $layout, $project) {
|
||||||
$response->html($layout->render());
|
$response->html($layout->render());
|
||||||
}
|
}
|
||||||
|
|
||||||
$response->dynamic(new Document($output),
|
$response->dynamic2(new Document($output),
|
||||||
$utopia->isDevelopment() ? Response::MODEL_ERROR_DEV : Response::MODEL_ERROR);
|
$utopia->isDevelopment() ? Response::MODEL_ERROR_DEV : Response::MODEL_ERROR);
|
||||||
}, ['error', 'utopia', 'request', 'response', 'layout', 'project']);
|
}, ['error', 'utopia', 'request', 'response', 'layout', 'project']);
|
||||||
|
|
||||||
|
|
|
@ -13,8 +13,8 @@ App::init(function ($utopia, $request, $response, $project, $user, $register, $e
|
||||||
/** @var Utopia\App $utopia */
|
/** @var Utopia\App $utopia */
|
||||||
/** @var Utopia\Swoole\Request $request */
|
/** @var Utopia\Swoole\Request $request */
|
||||||
/** @var Appwrite\Utopia\Response $response */
|
/** @var Appwrite\Utopia\Response $response */
|
||||||
/** @var Appwrite\Database\Document $project */
|
/** @var Utopia\Database\Document $project */
|
||||||
/** @var Appwrite\Database\Document $user */
|
/** @var Utopia\Database\Document $user */
|
||||||
/** @var Utopia\Registry\Registry $register */
|
/** @var Utopia\Registry\Registry $register */
|
||||||
/** @var Appwrite\Event\Event $events */
|
/** @var Appwrite\Event\Event $events */
|
||||||
/** @var Appwrite\Event\Event $audits */
|
/** @var Appwrite\Event\Event $audits */
|
||||||
|
@ -31,45 +31,45 @@ App::init(function ($utopia, $request, $response, $project, $user, $register, $e
|
||||||
throw new Exception('Missing or unknown project ID', 400);
|
throw new Exception('Missing or unknown project ID', 400);
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
// /*
|
||||||
* Abuse Check
|
// * Abuse Check
|
||||||
*/
|
// */
|
||||||
$timeLimit = new TimeLimit($route->getLabel('abuse-key', 'url:{url},ip:{ip}'), $route->getLabel('abuse-limit', 0), $route->getLabel('abuse-time', 3600), function () use ($register) {
|
// $timeLimit = new TimeLimit($route->getLabel('abuse-key', 'url:{url},ip:{ip}'), $route->getLabel('abuse-limit', 0), $route->getLabel('abuse-time', 3600), function () use ($register) {
|
||||||
return $register->get('db');
|
// return $register->get('db');
|
||||||
});
|
// });
|
||||||
$timeLimit->setNamespace('app_'.$project->getId());
|
// $timeLimit->setNamespace('app_'.$project->getId());
|
||||||
$timeLimit
|
// $timeLimit
|
||||||
->setParam('{userId}', $user->getId())
|
// ->setParam('{userId}', $user->getId())
|
||||||
->setParam('{userAgent}', $request->getUserAgent(''))
|
// ->setParam('{userAgent}', $request->getUserAgent(''))
|
||||||
->setParam('{ip}', $request->getIP())
|
// ->setParam('{ip}', $request->getIP())
|
||||||
->setParam('{url}', $request->getHostname().$route->getURL())
|
// ->setParam('{url}', $request->getHostname().$route->getURL())
|
||||||
;
|
// ;
|
||||||
|
|
||||||
//TODO make sure we get array here
|
// //TODO make sure we get array here
|
||||||
|
|
||||||
foreach ($request->getParams() as $key => $value) { // Set request params as potential abuse keys
|
// foreach ($request->getParams() as $key => $value) { // Set request params as potential abuse keys
|
||||||
$timeLimit->setParam('{param-'.$key.'}', (\is_array($value)) ? \json_encode($value) : $value);
|
// $timeLimit->setParam('{param-'.$key.'}', (\is_array($value)) ? \json_encode($value) : $value);
|
||||||
}
|
// }
|
||||||
|
|
||||||
$abuse = new Abuse($timeLimit);
|
// $abuse = new Abuse($timeLimit);
|
||||||
|
|
||||||
if ($timeLimit->limit()) {
|
// if ($timeLimit->limit()) {
|
||||||
$response
|
// $response
|
||||||
->addHeader('X-RateLimit-Limit', $timeLimit->limit())
|
// ->addHeader('X-RateLimit-Limit', $timeLimit->limit())
|
||||||
->addHeader('X-RateLimit-Remaining', $timeLimit->remaining())
|
// ->addHeader('X-RateLimit-Remaining', $timeLimit->remaining())
|
||||||
->addHeader('X-RateLimit-Reset', $timeLimit->time() + $route->getLabel('abuse-time', 3600))
|
// ->addHeader('X-RateLimit-Reset', $timeLimit->time() + $route->getLabel('abuse-time', 3600))
|
||||||
;
|
// ;
|
||||||
}
|
// }
|
||||||
|
|
||||||
$isPrivilegedUser = Auth::isPrivilegedUser(Authorization::$roles);
|
// $isPrivilegedUser = Auth::isPrivilegedUser(Authorization::$roles);
|
||||||
$isAppUser = Auth::isAppUser(Authorization::$roles);
|
// $isAppUser = Auth::isAppUser(Authorization::$roles);
|
||||||
|
|
||||||
if (($abuse->check() // Route is rate-limited
|
// if (($abuse->check() // Route is rate-limited
|
||||||
&& App::getEnv('_APP_OPTIONS_ABUSE', 'enabled') !== 'disabled') // Abuse is not diabled
|
// && App::getEnv('_APP_OPTIONS_ABUSE', 'enabled') !== 'disabled') // Abuse is not diabled
|
||||||
&& (!$isAppUser && !$isPrivilegedUser)) // User is not an admin or API key
|
// && (!$isAppUser && !$isPrivilegedUser)) // User is not an admin or API key
|
||||||
{
|
// {
|
||||||
throw new Exception('Too many requests', 429);
|
// throw new Exception('Too many requests', 429);
|
||||||
}
|
// }
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Background Jobs
|
* Background Jobs
|
||||||
|
|
67
app/init.php
67
app/init.php
|
@ -445,15 +445,11 @@ App::setResource('user', function($mode, $project, $console, $request, $response
|
||||||
Auth::$unique = $session['id'] ?? '';
|
Auth::$unique = $session['id'] ?? '';
|
||||||
Auth::$secret = $session['secret'] ?? '';
|
Auth::$secret = $session['secret'] ?? '';
|
||||||
|
|
||||||
if (APP_MODE_ADMIN !== $mode) {
|
if (APP_MODE_ADMIN !== $mode && $project->getId() !== 'console') {
|
||||||
$user = $dbForInternal->getDocument('users', Auth::$unique);
|
$user = $dbForInternal->getDocument('users', Auth::$unique);
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
$user = $dbForConsole->getDocument('users', Auth::$unique);
|
$user = $dbForConsole->getDocument('users', Auth::$unique);
|
||||||
|
|
||||||
$user
|
|
||||||
->setAttribute('$id', 'admin-'.$user->getAttribute('$id'))
|
|
||||||
;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($user->isEmpty() // Check a document has been found in the DB
|
if ($user->isEmpty() // Check a document has been found in the DB
|
||||||
|
@ -496,25 +492,70 @@ App::setResource('user', function($mode, $project, $console, $request, $response
|
||||||
return $user;
|
return $user;
|
||||||
}, ['mode', 'project', 'console', 'request', 'response', 'dbForInternal', 'dbForConsole']);
|
}, ['mode', 'project', 'console', 'request', 'response', 'dbForInternal', 'dbForConsole']);
|
||||||
|
|
||||||
App::setResource('project', function($consoleDB, $request) {
|
App::setResource('project', function($dbForConsole, $request, $console) {
|
||||||
/** @var Utopia\Swoole\Request $request */
|
/** @var Utopia\Swoole\Request $request */
|
||||||
/** @var Appwrite\Database\Database $consoleDB */
|
/** @var Appwrite\Database\Database $dbForConsole */
|
||||||
|
/** @var Appwrite\Database\Document $console */
|
||||||
|
|
||||||
|
$projectId = $request->getParam('project',
|
||||||
|
$request->getHeader('x-appwrite-project', ''));
|
||||||
|
|
||||||
|
if(empty($projectId) || $projectId === 'console') {
|
||||||
|
return $console;
|
||||||
|
}
|
||||||
|
|
||||||
Authorization::disable();
|
Authorization::disable();
|
||||||
Authorization2::disable();
|
Authorization2::disable();
|
||||||
|
|
||||||
$project = $consoleDB->getDocument($request->getParam('project',
|
$project = $dbForConsole->getDocument('projects', $projectId);
|
||||||
$request->getHeader('x-appwrite-project', 'console')));
|
|
||||||
|
|
||||||
Authorization::reset();
|
Authorization::reset();
|
||||||
Authorization2::reset();
|
Authorization2::reset();
|
||||||
|
|
||||||
return $project;
|
return $project;
|
||||||
}, ['consoleDB', 'request']);
|
}, ['dbForConsole', 'request', 'console']);
|
||||||
|
|
||||||
App::setResource('console', function($consoleDB) {
|
App::setResource('console', function() {
|
||||||
return $consoleDB->getDocument('console');
|
return new Document2([
|
||||||
}, ['consoleDB']);
|
'$id' => 'console',
|
||||||
|
'$collection' => 'projects',
|
||||||
|
'name' => 'Appwrite',
|
||||||
|
'description' => 'Appwrite core engine',
|
||||||
|
'logo' => '',
|
||||||
|
'teamId' => -1,
|
||||||
|
'webhooks' => [],
|
||||||
|
'keys' => [],
|
||||||
|
'platforms' => [
|
||||||
|
[
|
||||||
|
'$collection' => Database::SYSTEM_COLLECTION_PLATFORMS,
|
||||||
|
'name' => 'Production',
|
||||||
|
'type' => 'web',
|
||||||
|
'hostname' => 'appwrite.io',
|
||||||
|
],
|
||||||
|
[
|
||||||
|
'$collection' => Database::SYSTEM_COLLECTION_PLATFORMS,
|
||||||
|
'name' => 'Development',
|
||||||
|
'type' => 'web',
|
||||||
|
'hostname' => 'appwrite.test',
|
||||||
|
],
|
||||||
|
[
|
||||||
|
'$collection' => Database::SYSTEM_COLLECTION_PLATFORMS,
|
||||||
|
'name' => 'Localhost',
|
||||||
|
'type' => 'web',
|
||||||
|
'hostname' => 'localhost',
|
||||||
|
], // Current host is added on app init
|
||||||
|
],
|
||||||
|
'legalName' => '',
|
||||||
|
'legalCountry' => '',
|
||||||
|
'legalState' => '',
|
||||||
|
'legalCity' => '',
|
||||||
|
'legalAddress' => '',
|
||||||
|
'legalTaxId' => '',
|
||||||
|
'authWhitelistEmails' => (!empty(App::getEnv('_APP_CONSOLE_WHITELIST_EMAILS', null))) ? \explode(',', App::getEnv('_APP_CONSOLE_WHITELIST_EMAILS', null)) : [],
|
||||||
|
'authWhitelistIPs' => (!empty(App::getEnv('_APP_CONSOLE_WHITELIST_IPS', null))) ? \explode(',', App::getEnv('_APP_CONSOLE_WHITELIST_IPS', null)) : [],
|
||||||
|
'usersAuthLimit' => (App::getEnv('_APP_CONSOLE_WHITELIST_ROOT', 'enabled') === 'enabled') ? 1 : 0, // limit signup to 1 user
|
||||||
|
]);
|
||||||
|
}, []);
|
||||||
|
|
||||||
App::setResource('consoleDB', function($register) {
|
App::setResource('consoleDB', function($register) {
|
||||||
$consoleDB = new Database();
|
$consoleDB = new Database();
|
||||||
|
|
Loading…
Reference in a new issue