diff --git a/.env b/.env index f77083a035..9b549a6b69 100644 --- a/.env +++ b/.env @@ -4,12 +4,13 @@ _APP_WORKER_PER_CORE=6 _APP_CONSOLE_WHITELIST_ROOT=disabled _APP_CONSOLE_WHITELIST_EMAILS= _APP_CONSOLE_WHITELIST_IPS= +_APP_CONSOLE_HOSTNAMES=localhost,appwrite.io,*.appwrite.io _APP_SYSTEM_EMAIL_NAME=Appwrite _APP_SYSTEM_EMAIL_ADDRESS=team@appwrite.io _APP_SYSTEM_SECURITY_EMAIL_ADDRESS=security@appwrite.io _APP_SYSTEM_RESPONSE_FORMAT= _APP_OPTIONS_ABUSE=disabled -_APP_OPTIONS_ROUTER_PROTECTION=disbled +_APP_OPTIONS_ROUTER_PROTECTION=disabled _APP_OPTIONS_FORCE_HTTPS=disabled _APP_OPTIONS_FUNCTIONS_FORCE_HTTPS=disabled _APP_OPENSSL_KEY_V1=your-secret-key diff --git a/app/config/variables.php b/app/config/variables.php index c9329f6d55..c554743964 100644 --- a/app/config/variables.php +++ b/app/config/variables.php @@ -115,14 +115,6 @@ return [ 'question' => '', 'filter' => '' ], - // [ - // 'name' => '_APP_CONSOLE_WHITELIST_DOMAINS', - // 'description' => 'This option allows you to limit creation of users to Appwrite console for users sharing the same email domains. This option is very useful for team working with company emails domain.\n\nTo enable this option, pass a list of allowed email domains separated by a comma.', - // 'introduction' => '', - // 'default' => '', - // 'required' => false, - // 'question' => '', - // ], [ 'name' => '_APP_CONSOLE_WHITELIST_IPS', 'description' => "This last option allows you to limit creation of users in Appwrite console for users sharing the same set of IP addresses. This option is very useful for team working with a VPN service or a company IP.\n\nTo enable/activate this option, pass a list of allowed IP addresses separated by a comma.", @@ -132,6 +124,15 @@ return [ 'question' => '', 'filter' => '' ], + [ + 'name' => '_APP_CONSOLE_HOSTNAMES', + 'description' => 'This option allows you to add additional hostnames to your Appwrite console. This option is very useful for allowing access to the console project from additional domains. To enable it, pass a list of allowed hostnames separated by a comma.', + 'introduction' => '1.5.0', + 'default' => '', + 'required' => false, + 'question' => '', + 'filter' => '' + ], [ 'name' => '_APP_SYSTEM_EMAIL_NAME', 'description' => 'This is the sender name value that will appear on email messages sent to developers from the Appwrite console. The default value is: \'Appwrite\'. You can use url encoded strings for spaces and special chars.', diff --git a/app/init.php b/app/init.php index 44bd3ac33c..3777028015 100644 --- a/app/init.php +++ b/app/init.php @@ -74,6 +74,7 @@ use Utopia\Queue\Connection; use Utopia\Storage\Storage; use Utopia\VCS\Adapter\Git\GitHub as VcsGitHub; use Utopia\Validator\Range; +use Utopia\Validator\Hostname; use Utopia\Validator\IP; use Utopia\Validator\URL; use Utopia\Validator\WhiteList; @@ -1044,6 +1045,21 @@ App::setResource('clients', function ($request, $console, $project) { 'hostname' => $request->getHostname(), ], Document::SET_TYPE_APPEND); + $hostnames = explode(',', App::getEnv('_APP_CONSOLE_HOSTNAMES', '')); + $validator = new Hostname(); + foreach ($hostnames as $hostname) { + $hostname = trim($hostname); + if (!$validator->isValid($hostname)) { + continue; + } + $console->setAttribute('platforms', [ + '$collection' => ID::custom('platforms'), + 'type' => Origin::CLIENT_TYPE_WEB, + 'name' => $hostname, + 'hostname' => $hostname, + ], Document::SET_TYPE_APPEND); + } + /** * Get All verified client URLs for both console and current projects * + Filter for duplicated entries diff --git a/app/views/install/compose.phtml b/app/views/install/compose.phtml index c692ac22fb..7f64236b94 100644 --- a/app/views/install/compose.phtml +++ b/app/views/install/compose.phtml @@ -79,6 +79,7 @@ services: - _APP_CONSOLE_WHITELIST_ROOT - _APP_CONSOLE_WHITELIST_EMAILS - _APP_CONSOLE_WHITELIST_IPS + - _APP_CONSOLE_HOSTNAMES - _APP_SYSTEM_EMAIL_NAME - _APP_SYSTEM_EMAIL_ADDRESS - _APP_SYSTEM_SECURITY_EMAIL_ADDRESS @@ -273,7 +274,7 @@ services: depends_on: - redis - mariadb - volumes: + volumes: - appwrite-uploads:/storage/uploads:rw - appwrite-cache:/storage/cache:rw - appwrite-functions:/storage/functions:rw @@ -420,7 +421,7 @@ services: depends_on: - redis - mariadb - volumes: + volumes: - appwrite-config:/storage/config:rw - appwrite-certificates:/storage/certificates:rw environment: @@ -683,7 +684,7 @@ services: - _APP_DB_PASS appwrite-assistant: - image: appwrite/assistant:0.2.2 + image: appwrite/assistant:0.3.0 container_name: appwrite-assistant <<: *x-logging restart: unless-stopped diff --git a/docker-compose.yml b/docker-compose.yml index 66d9091157..e20ae1b8fb 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -53,7 +53,7 @@ services: DEBUG: false TESTING: true VERSION: dev - ports: + ports: - 9501:80 networks: - appwrite @@ -88,7 +88,7 @@ services: - mariadb - redis # - clamav - entrypoint: + entrypoint: - php - -e - app/http.php @@ -100,6 +100,7 @@ services: - _APP_CONSOLE_WHITELIST_ROOT - _APP_CONSOLE_WHITELIST_EMAILS - _APP_CONSOLE_WHITELIST_IPS + - _APP_CONSOLE_HOSTNAMES - _APP_SYSTEM_EMAIL_NAME - _APP_SYSTEM_EMAIL_ADDRESS - _APP_SYSTEM_SECURITY_EMAIL_ADDRESS @@ -197,7 +198,7 @@ services: container_name: appwrite-realtime image: appwrite-dev restart: unless-stopped - ports: + ports: - 9505:80 labels: - "traefik.enable=true" @@ -305,7 +306,7 @@ services: depends_on: - redis - mariadb - volumes: + volumes: - appwrite-uploads:/storage/uploads:rw - appwrite-cache:/storage/cache:rw - appwrite-functions:/storage/functions:rw @@ -359,7 +360,7 @@ services: image: appwrite-dev networks: - appwrite - volumes: + volumes: - ./app:/usr/src/code/app - ./src:/usr/src/code/src depends_on: @@ -458,7 +459,7 @@ services: depends_on: - redis - mariadb - volumes: + volumes: - appwrite-config:/storage/config:rw - appwrite-certificates:/storage/certificates:rw - ./app:/usr/src/code/app @@ -746,7 +747,7 @@ services: appwrite-assistant: container_name: appwrite-assistant - image: appwrite/assistant:0.2.2 + image: appwrite/assistant:0.3.0 networks: - appwrite environment: @@ -779,7 +780,7 @@ services: - _APP_REDIS_USER - _APP_REDIS_PASS - _APP_MIXPANEL_TOKEN - + appwrite-hamster-scheduler: entrypoint: hamster <<: *x-logging @@ -1030,7 +1031,7 @@ services: # - './debug:/tmp' # ports: # - '3001:80' - + graphql-explorer: container_name: appwrite-graphql-explorer image: appwrite/altair:0.3.0 diff --git a/tests/e2e/General/HTTPTest.php b/tests/e2e/General/HTTPTest.php index f83f28c26d..bf8f6de279 100644 --- a/tests/e2e/General/HTTPTest.php +++ b/tests/e2e/General/HTTPTest.php @@ -171,4 +171,50 @@ class HTTPTest extends Scope $this->assertEquals(200, $response['headers']['status-code']); } + + public function testCors() + { + /** + * Test for SUCCESS + */ + + $endpoint = '/v1/projects'; // Can be any non-404 route + + $response = $this->client->call(Client::METHOD_GET, $endpoint); + + $this->assertEquals('http://localhost', $response['headers']['access-control-allow-origin']); + + $response = $this->client->call(Client::METHOD_GET, $endpoint, [ + 'origin' => 'http://localhost', + ]); + + $this->assertEquals('http://localhost', $response['headers']['access-control-allow-origin']); + + $response = $this->client->call(Client::METHOD_GET, $endpoint, [ + 'origin' => 'http://appwrite.io', + ]); + + $this->assertEquals('http://appwrite.io', $response['headers']['access-control-allow-origin']); + + $response = $this->client->call(Client::METHOD_GET, $endpoint, [ + 'origin' => 'https://appwrite.io', + ]); + + $this->assertEquals('https://appwrite.io', $response['headers']['access-control-allow-origin']); + + $response = $this->client->call(Client::METHOD_GET, $endpoint, [ + 'origin' => 'http://cloud.appwrite.io', + ]); + + $this->assertEquals('http://cloud.appwrite.io', $response['headers']['access-control-allow-origin']); + + /** + * Test for FAILURE + */ + $response = $this->client->call(Client::METHOD_GET, $endpoint, [ + 'origin' => 'http://google.com', + ]); + + $this->assertEquals('http://localhost', $response['headers']['access-control-allow-origin']); + } }