Cleanups - work in progress
This commit is contained in:
parent
814ac68d49
commit
2760cf5993
|
@ -77,6 +77,11 @@ App::post('/v1/projects')
|
|||
'keys' => [],
|
||||
'tasks' => [],
|
||||
'domains' => [],
|
||||
'usersAuthEmailPassword' => true,
|
||||
'usersAuthAnonymous' => true,
|
||||
'usersAuthInvites' => true,
|
||||
'usersAuthJWT' => true,
|
||||
'usersAuthPhone' => true,
|
||||
]));
|
||||
|
||||
if (false === $project) {
|
||||
|
|
|
@ -449,9 +449,7 @@ App::delete('/v1/users/:userId/sessions')
|
|||
throw new Exception('User not found', 404);
|
||||
}
|
||||
|
||||
$sessions = $user->getAttribute('sessions', []);
|
||||
|
||||
$dbForInternal->updateDocument('users', $user->getId(), $user);
|
||||
$dbForInternal->updateDocument('users', $user->getId(), $user->getAttribute('sessions', []));
|
||||
|
||||
$events
|
||||
->setParam('eventData', $response->output2($user, Response::MODEL_USER))
|
||||
|
|
|
@ -10,14 +10,12 @@ use Utopia\Exception;
|
|||
use Utopia\Config\Config;
|
||||
use Utopia\Domains\Domain;
|
||||
use Appwrite\Auth\Auth;
|
||||
use Appwrite\Database\Database;
|
||||
use Appwrite\Database\Document;
|
||||
use Appwrite\Database\Validator\Authorization;
|
||||
use Appwrite\Network\Validator\Origin;
|
||||
use Appwrite\Utopia\Response\Filters\V06;
|
||||
use Appwrite\Utopia\Response\Filters\V07;
|
||||
use Utopia\CLI\Console;
|
||||
use Utopia\Database\Document as Document2;
|
||||
use Utopia\Database\Document;
|
||||
use Utopia\Database\Validator\Authorization as Authorization2;
|
||||
|
||||
Config::setParam('domainVerification', false);
|
||||
|
@ -28,7 +26,7 @@ App::init(function ($utopia, $request, $response, $console, $project, $consoleDB
|
|||
/** @var Utopia\Swoole\Request $request */
|
||||
/** @var Appwrite\Utopia\Response $response */
|
||||
/** @var Appwrite\Database\Database $consoleDB */
|
||||
/** @var Appwrite\Database\Document $console */
|
||||
/** @var Utopia\Database\Document $console */
|
||||
/** @var Utopia\Database\Document $project */
|
||||
/** @var Utopia\Database\Document $user */
|
||||
/** @var Utopia\Locale\Locale $locale */
|
||||
|
@ -226,7 +224,7 @@ App::init(function ($utopia, $request, $response, $console, $project, $consoleDB
|
|||
* Mock user to app and grant API key scopes in addition to default app scopes
|
||||
*/
|
||||
if ($key && $user->isEmpty()) {
|
||||
$user = new Document2([
|
||||
$user = new Document([
|
||||
'$id' => '',
|
||||
'status' => Auth::USER_STATUS_ACTIVATED,
|
||||
'email' => 'app.'.$project->getId().'@service.'.$request->getHostname(),
|
||||
|
@ -265,7 +263,7 @@ App::init(function ($utopia, $request, $response, $console, $project, $consoleDB
|
|||
// TDOO Check if user is root
|
||||
|
||||
if (!\in_array($scope, $scopes)) {
|
||||
if (empty($project->getId()) || Database::SYSTEM_COLLECTION_PROJECTS !== $project->getCollection()) { // Check if permission is denied because project is missing
|
||||
if ($project->isEmpty()) { // Check if permission is denied because project is missing
|
||||
throw new Exception('Project not found', 404);
|
||||
}
|
||||
|
||||
|
@ -386,7 +384,7 @@ App::error(function ($error, $utopia, $request, $response, $layout, $project) {
|
|||
$response->html($layout->render());
|
||||
}
|
||||
|
||||
$response->dynamic(new Document($output),
|
||||
$response->dynamic2(new Document($output),
|
||||
$utopia->isDevelopment() ? Response::MODEL_ERROR_DEV : Response::MODEL_ERROR);
|
||||
}, ['error', 'utopia', 'request', 'response', 'layout', 'project']);
|
||||
|
||||
|
|
|
@ -13,8 +13,8 @@ App::init(function ($utopia, $request, $response, $project, $user, $register, $e
|
|||
/** @var Utopia\App $utopia */
|
||||
/** @var Utopia\Swoole\Request $request */
|
||||
/** @var Appwrite\Utopia\Response $response */
|
||||
/** @var Appwrite\Database\Document $project */
|
||||
/** @var Appwrite\Database\Document $user */
|
||||
/** @var Utopia\Database\Document $project */
|
||||
/** @var Utopia\Database\Document $user */
|
||||
/** @var Utopia\Registry\Registry $register */
|
||||
/** @var Appwrite\Event\Event $events */
|
||||
/** @var Appwrite\Event\Event $audits */
|
||||
|
@ -31,45 +31,45 @@ App::init(function ($utopia, $request, $response, $project, $user, $register, $e
|
|||
throw new Exception('Missing or unknown project ID', 400);
|
||||
}
|
||||
|
||||
/*
|
||||
* Abuse Check
|
||||
*/
|
||||
$timeLimit = new TimeLimit($route->getLabel('abuse-key', 'url:{url},ip:{ip}'), $route->getLabel('abuse-limit', 0), $route->getLabel('abuse-time', 3600), function () use ($register) {
|
||||
return $register->get('db');
|
||||
});
|
||||
$timeLimit->setNamespace('app_'.$project->getId());
|
||||
$timeLimit
|
||||
->setParam('{userId}', $user->getId())
|
||||
->setParam('{userAgent}', $request->getUserAgent(''))
|
||||
->setParam('{ip}', $request->getIP())
|
||||
->setParam('{url}', $request->getHostname().$route->getURL())
|
||||
;
|
||||
// /*
|
||||
// * Abuse Check
|
||||
// */
|
||||
// $timeLimit = new TimeLimit($route->getLabel('abuse-key', 'url:{url},ip:{ip}'), $route->getLabel('abuse-limit', 0), $route->getLabel('abuse-time', 3600), function () use ($register) {
|
||||
// return $register->get('db');
|
||||
// });
|
||||
// $timeLimit->setNamespace('app_'.$project->getId());
|
||||
// $timeLimit
|
||||
// ->setParam('{userId}', $user->getId())
|
||||
// ->setParam('{userAgent}', $request->getUserAgent(''))
|
||||
// ->setParam('{ip}', $request->getIP())
|
||||
// ->setParam('{url}', $request->getHostname().$route->getURL())
|
||||
// ;
|
||||
|
||||
//TODO make sure we get array here
|
||||
// //TODO make sure we get array here
|
||||
|
||||
foreach ($request->getParams() as $key => $value) { // Set request params as potential abuse keys
|
||||
$timeLimit->setParam('{param-'.$key.'}', (\is_array($value)) ? \json_encode($value) : $value);
|
||||
}
|
||||
// foreach ($request->getParams() as $key => $value) { // Set request params as potential abuse keys
|
||||
// $timeLimit->setParam('{param-'.$key.'}', (\is_array($value)) ? \json_encode($value) : $value);
|
||||
// }
|
||||
|
||||
$abuse = new Abuse($timeLimit);
|
||||
// $abuse = new Abuse($timeLimit);
|
||||
|
||||
if ($timeLimit->limit()) {
|
||||
$response
|
||||
->addHeader('X-RateLimit-Limit', $timeLimit->limit())
|
||||
->addHeader('X-RateLimit-Remaining', $timeLimit->remaining())
|
||||
->addHeader('X-RateLimit-Reset', $timeLimit->time() + $route->getLabel('abuse-time', 3600))
|
||||
;
|
||||
}
|
||||
// if ($timeLimit->limit()) {
|
||||
// $response
|
||||
// ->addHeader('X-RateLimit-Limit', $timeLimit->limit())
|
||||
// ->addHeader('X-RateLimit-Remaining', $timeLimit->remaining())
|
||||
// ->addHeader('X-RateLimit-Reset', $timeLimit->time() + $route->getLabel('abuse-time', 3600))
|
||||
// ;
|
||||
// }
|
||||
|
||||
$isPrivilegedUser = Auth::isPrivilegedUser(Authorization::$roles);
|
||||
$isAppUser = Auth::isAppUser(Authorization::$roles);
|
||||
// $isPrivilegedUser = Auth::isPrivilegedUser(Authorization::$roles);
|
||||
// $isAppUser = Auth::isAppUser(Authorization::$roles);
|
||||
|
||||
if (($abuse->check() // Route is rate-limited
|
||||
&& App::getEnv('_APP_OPTIONS_ABUSE', 'enabled') !== 'disabled') // Abuse is not diabled
|
||||
&& (!$isAppUser && !$isPrivilegedUser)) // User is not an admin or API key
|
||||
{
|
||||
throw new Exception('Too many requests', 429);
|
||||
}
|
||||
// if (($abuse->check() // Route is rate-limited
|
||||
// && App::getEnv('_APP_OPTIONS_ABUSE', 'enabled') !== 'disabled') // Abuse is not diabled
|
||||
// && (!$isAppUser && !$isPrivilegedUser)) // User is not an admin or API key
|
||||
// {
|
||||
// throw new Exception('Too many requests', 429);
|
||||
// }
|
||||
|
||||
/*
|
||||
* Background Jobs
|
||||
|
|
67
app/init.php
67
app/init.php
|
@ -445,15 +445,11 @@ App::setResource('user', function($mode, $project, $console, $request, $response
|
|||
Auth::$unique = $session['id'] ?? '';
|
||||
Auth::$secret = $session['secret'] ?? '';
|
||||
|
||||
if (APP_MODE_ADMIN !== $mode) {
|
||||
if (APP_MODE_ADMIN !== $mode && $project->getId() !== 'console') {
|
||||
$user = $dbForInternal->getDocument('users', Auth::$unique);
|
||||
}
|
||||
else {
|
||||
$user = $dbForConsole->getDocument('users', Auth::$unique);
|
||||
|
||||
$user
|
||||
->setAttribute('$id', 'admin-'.$user->getAttribute('$id'))
|
||||
;
|
||||
}
|
||||
|
||||
if ($user->isEmpty() // Check a document has been found in the DB
|
||||
|
@ -496,25 +492,70 @@ App::setResource('user', function($mode, $project, $console, $request, $response
|
|||
return $user;
|
||||
}, ['mode', 'project', 'console', 'request', 'response', 'dbForInternal', 'dbForConsole']);
|
||||
|
||||
App::setResource('project', function($consoleDB, $request) {
|
||||
App::setResource('project', function($dbForConsole, $request, $console) {
|
||||
/** @var Utopia\Swoole\Request $request */
|
||||
/** @var Appwrite\Database\Database $consoleDB */
|
||||
/** @var Appwrite\Database\Database $dbForConsole */
|
||||
/** @var Appwrite\Database\Document $console */
|
||||
|
||||
$projectId = $request->getParam('project',
|
||||
$request->getHeader('x-appwrite-project', ''));
|
||||
|
||||
if(empty($projectId) || $projectId === 'console') {
|
||||
return $console;
|
||||
}
|
||||
|
||||
Authorization::disable();
|
||||
Authorization2::disable();
|
||||
|
||||
$project = $consoleDB->getDocument($request->getParam('project',
|
||||
$request->getHeader('x-appwrite-project', 'console')));
|
||||
$project = $dbForConsole->getDocument('projects', $projectId);
|
||||
|
||||
Authorization::reset();
|
||||
Authorization2::reset();
|
||||
|
||||
return $project;
|
||||
}, ['consoleDB', 'request']);
|
||||
}, ['dbForConsole', 'request', 'console']);
|
||||
|
||||
App::setResource('console', function($consoleDB) {
|
||||
return $consoleDB->getDocument('console');
|
||||
}, ['consoleDB']);
|
||||
App::setResource('console', function() {
|
||||
return new Document2([
|
||||
'$id' => 'console',
|
||||
'$collection' => 'projects',
|
||||
'name' => 'Appwrite',
|
||||
'description' => 'Appwrite core engine',
|
||||
'logo' => '',
|
||||
'teamId' => -1,
|
||||
'webhooks' => [],
|
||||
'keys' => [],
|
||||
'platforms' => [
|
||||
[
|
||||
'$collection' => Database::SYSTEM_COLLECTION_PLATFORMS,
|
||||
'name' => 'Production',
|
||||
'type' => 'web',
|
||||
'hostname' => 'appwrite.io',
|
||||
],
|
||||
[
|
||||
'$collection' => Database::SYSTEM_COLLECTION_PLATFORMS,
|
||||
'name' => 'Development',
|
||||
'type' => 'web',
|
||||
'hostname' => 'appwrite.test',
|
||||
],
|
||||
[
|
||||
'$collection' => Database::SYSTEM_COLLECTION_PLATFORMS,
|
||||
'name' => 'Localhost',
|
||||
'type' => 'web',
|
||||
'hostname' => 'localhost',
|
||||
], // Current host is added on app init
|
||||
],
|
||||
'legalName' => '',
|
||||
'legalCountry' => '',
|
||||
'legalState' => '',
|
||||
'legalCity' => '',
|
||||
'legalAddress' => '',
|
||||
'legalTaxId' => '',
|
||||
'authWhitelistEmails' => (!empty(App::getEnv('_APP_CONSOLE_WHITELIST_EMAILS', null))) ? \explode(',', App::getEnv('_APP_CONSOLE_WHITELIST_EMAILS', null)) : [],
|
||||
'authWhitelistIPs' => (!empty(App::getEnv('_APP_CONSOLE_WHITELIST_IPS', null))) ? \explode(',', App::getEnv('_APP_CONSOLE_WHITELIST_IPS', null)) : [],
|
||||
'usersAuthLimit' => (App::getEnv('_APP_CONSOLE_WHITELIST_ROOT', 'enabled') === 'enabled') ? 1 : 0, // limit signup to 1 user
|
||||
]);
|
||||
}, []);
|
||||
|
||||
App::setResource('consoleDB', function($register) {
|
||||
$consoleDB = new Database();
|
||||
|
|
Loading…
Reference in a new issue