add more logic
This commit is contained in:
Torsten Dittmann
parent
a059ec11e7
commit
4822e326f2
3 changed files with 290 additions and 26 deletions
|
|
@ -434,7 +434,7 @@ Database::addFilter(
|
||||||
}
|
}
|
||||||
$value = json_decode($value, true);
|
$value = json_decode($value, true);
|
||||||
$key = App::getEnv('_APP_OPENSSL_KEY_V' . $value['version']);
|
$key = App::getEnv('_APP_OPENSSL_KEY_V' . $value['version']);
|
||||||
var_dump(OpenSSL::decrypt($value['data'], $value['method'], $key, 0, hex2bin($value['iv']), hex2bin($value['tag'])));
|
|
||||||
return OpenSSL::decrypt($value['data'], $value['method'], $key, 0, hex2bin($value['iv']), hex2bin($value['tag']));
|
return OpenSSL::decrypt($value['data'], $value['method'], $key, 0, hex2bin($value['iv']), hex2bin($value['tag']));
|
||||||
}
|
}
|
||||||
);
|
);
|
||||||
|
|
|
||||||
|
|
@ -147,9 +147,11 @@ abstract class Migration
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @param string $collectionId
|
* Provides an iterator for all documents on a collection.
|
||||||
|
*
|
||||||
|
* @param string $collectionId
|
||||||
* @return iterable<Document>
|
* @return iterable<Document>
|
||||||
* @throws \Exception
|
* @throws \Exception
|
||||||
*/
|
*/
|
||||||
public function documentsIterator(string $collectionId): iterable
|
public function documentsIterator(string $collectionId): iterable
|
||||||
{
|
{
|
||||||
|
|
@ -299,7 +301,7 @@ abstract class Migration
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Creates index from collections.php
|
* Creates index from collections.php
|
||||||
*
|
*
|
||||||
* @param \Utopia\Database\Database $database
|
* @param \Utopia\Database\Database $database
|
||||||
* @param string $collectionId
|
* @param string $collectionId
|
||||||
* @param string $indexId
|
* @param string $indexId
|
||||||
|
|
|
||||||
|
|
@ -26,13 +26,17 @@ class V15 extends Migration
|
||||||
$this->pdo = $register->get('db');
|
$this->pdo = $register->get('db');
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Disable SubQueries for Speed.
|
* Disable SubQueries for Performance.
|
||||||
*/
|
*/
|
||||||
foreach (['subQueryAttributes', 'subQueryIndexes', 'subQueryPlatforms', 'subQueryDomains', 'subQueryKeys', 'subQueryWebhooks', 'subQuerySessions', 'subQueryTokens', 'subQueryMemberships', 'subqueryVariables'] as $name) {
|
foreach (['subQueryAttributes', 'subQueryIndexes', 'subQueryPlatforms', 'subQueryDomains', 'subQueryKeys', 'subQueryWebhooks', 'subQuerySessions', 'subQueryTokens', 'subQueryMemberships', 'subqueryVariables'] as $name) {
|
||||||
Database::addFilter($name, fn () => null, fn () => []);
|
Database::addFilter(
|
||||||
|
$name,
|
||||||
|
fn () => null,
|
||||||
|
fn () => []
|
||||||
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
Console::log('Migrating project: ' . $this->project->getAttribute('name') . ' (' . $this->project->getId() . ')');
|
Console::log('Migrating Project: ' . $this->project->getAttribute('name') . ' (' . $this->project->getId() . ')');
|
||||||
Console::info('Migrating Collections');
|
Console::info('Migrating Collections');
|
||||||
$this->migrateCollections();
|
$this->migrateCollections();
|
||||||
Console::info('Migrating Databases');
|
Console::info('Migrating Databases');
|
||||||
|
|
@ -49,6 +53,13 @@ class V15 extends Migration
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Migrating all Bucket tables.
|
||||||
|
*
|
||||||
|
* @return void
|
||||||
|
* @throws \Exception
|
||||||
|
* @throws \PDOException
|
||||||
|
*/
|
||||||
protected function migrateBuckets(): void
|
protected function migrateBuckets(): void
|
||||||
{
|
{
|
||||||
foreach ($this->documentsIterator('buckets') as $bucket) {
|
foreach ($this->documentsIterator('buckets') as $bucket) {
|
||||||
|
|
@ -92,6 +103,13 @@ class V15 extends Migration
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Migrating all Database and Collection tables.
|
||||||
|
*
|
||||||
|
* @return void
|
||||||
|
* @throws \Exception
|
||||||
|
* @throws \PDOException
|
||||||
|
*/
|
||||||
protected function migrateDatabases(): void
|
protected function migrateDatabases(): void
|
||||||
{
|
{
|
||||||
foreach ($this->documentsIterator('databases') as $database) {
|
foreach ($this->documentsIterator('databases') as $database) {
|
||||||
|
|
@ -154,9 +172,10 @@ class V15 extends Migration
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
*
|
* Removes all 'write' permissions from a table.
|
||||||
* @param string $table
|
*
|
||||||
* @return void
|
* @param string $table
|
||||||
|
* @return void
|
||||||
*/
|
*/
|
||||||
protected function removeWritePermissions(string $table): void
|
protected function removeWritePermissions(string $table): void
|
||||||
{
|
{
|
||||||
|
|
@ -169,6 +188,7 @@ class V15 extends Migration
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Returns all columns from the Table.
|
* Returns all columns from the Table.
|
||||||
|
*
|
||||||
* @param string $table
|
* @param string $table
|
||||||
* @return array
|
* @return array
|
||||||
* @throws \Exception
|
* @throws \Exception
|
||||||
|
|
@ -187,7 +207,8 @@ class V15 extends Migration
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Migrates all Integer colums for timestamps to DateTime
|
* Migrates all Integer colums for timestamps to DateTime.
|
||||||
|
*
|
||||||
* @return void
|
* @return void
|
||||||
* @throws \Exception
|
* @throws \Exception
|
||||||
*/
|
*/
|
||||||
|
|
@ -239,6 +260,14 @@ class V15 extends Migration
|
||||||
$this->projectDB->deleteCachedCollection($table);
|
$this->projectDB->deleteCachedCollection($table);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Create the '_permissions' column to a table.
|
||||||
|
*
|
||||||
|
* @param string $table
|
||||||
|
* @return void
|
||||||
|
* @throws \Exception
|
||||||
|
* @throws \PDOException
|
||||||
|
*/
|
||||||
protected function createPermissionsColumn(string $table): void
|
protected function createPermissionsColumn(string $table): void
|
||||||
{
|
{
|
||||||
$columns = $this->getSQLColumnTypes($table);
|
$columns = $this->getSQLColumnTypes($table);
|
||||||
|
|
@ -252,6 +281,16 @@ class V15 extends Migration
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Populate '$permissions' from '$read' and '$write'.
|
||||||
|
*
|
||||||
|
* @param \Utopia\Database\Document $document
|
||||||
|
* @param null|string $table
|
||||||
|
* @param bool $addCreatePermission
|
||||||
|
* @return void
|
||||||
|
* @throws \Exception
|
||||||
|
* @throws \PDOException
|
||||||
|
*/
|
||||||
protected function populatePermissionsAttribute(Document &$document, ?string $table = null, bool $addCreatePermission = true): void
|
protected function populatePermissionsAttribute(Document &$document, ?string $table = null, bool $addCreatePermission = true): void
|
||||||
{
|
{
|
||||||
$table ??= $document->getCollection();
|
$table ??= $document->getCollection();
|
||||||
|
|
@ -263,7 +302,7 @@ class V15 extends Migration
|
||||||
|
|
||||||
foreach ($results as $result) {
|
foreach ($results as $result) {
|
||||||
$type = $result['_type'];
|
$type = $result['_type'];
|
||||||
$permission = $result['_permission'];
|
$permission = $this->migratePermission($result['_permission']);
|
||||||
|
|
||||||
if ($type === 'write') {
|
if ($type === 'write') {
|
||||||
$permissions[] = "update(\"{$permission}\")";
|
$permissions[] = "update(\"{$permission}\")";
|
||||||
|
|
@ -279,6 +318,21 @@ class V15 extends Migration
|
||||||
$document->setAttribute('$permissions', $permissions);
|
$document->setAttribute('$permissions', $permissions);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Migrates a permission string
|
||||||
|
*
|
||||||
|
* @param string $permission
|
||||||
|
* @return string
|
||||||
|
*/
|
||||||
|
protected function migratePermission(string $permission): string
|
||||||
|
{
|
||||||
|
return match ($permission) {
|
||||||
|
'role:all' => 'any',
|
||||||
|
'role:guest' => 'guests',
|
||||||
|
default => $permission
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Migrate all Collections.
|
* Migrate all Collections.
|
||||||
*
|
*
|
||||||
|
|
@ -289,7 +343,7 @@ class V15 extends Migration
|
||||||
foreach ($this->collections as $collection) {
|
foreach ($this->collections as $collection) {
|
||||||
$id = $collection['$id'];
|
$id = $collection['$id'];
|
||||||
|
|
||||||
Console::log("- {$id}");
|
Console::log("Migrating Collection \"{$id}\"");
|
||||||
|
|
||||||
$this->projectDB->setNamespace("_{$this->project->getInternalId()}");
|
$this->projectDB->setNamespace("_{$this->project->getInternalId()}");
|
||||||
|
|
||||||
|
|
@ -298,9 +352,9 @@ class V15 extends Migration
|
||||||
$this->createPermissionsColumn($id);
|
$this->createPermissionsColumn($id);
|
||||||
$this->migrateDateTimeAttribute($id, '_createdAt');
|
$this->migrateDateTimeAttribute($id, '_createdAt');
|
||||||
$this->migrateDateTimeAttribute($id, '_updatedAt');
|
$this->migrateDateTimeAttribute($id, '_updatedAt');
|
||||||
Console::log(' - create "cache" collection');
|
Console::log('Created new Collection "cache" collection');
|
||||||
$this->createCollection('cache');
|
$this->createCollection('cache');
|
||||||
Console::log(' - create "variables" collection');
|
Console::log('Created new Collection "variables" collection');
|
||||||
$this->createCollection('variables');
|
$this->createCollection('variables');
|
||||||
$this->projectDB->deleteCachedCollection($id);
|
$this->projectDB->deleteCachedCollection($id);
|
||||||
break;
|
break;
|
||||||
|
|
@ -536,11 +590,15 @@ class V15 extends Migration
|
||||||
$this->migrateDateTimeAttribute($id, 'schedulePrevious');
|
$this->migrateDateTimeAttribute($id, 'schedulePrevious');
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Migrate function variables.
|
* Migrate function variables into a new table.
|
||||||
*/
|
*/
|
||||||
Console::info("Migrating Variables");
|
Console::log("Migrating Collection \"{$id}\" Variables");
|
||||||
|
|
||||||
foreach ($this->documentsIterator('functions') as $function) {
|
foreach ($this->documentsIterator('functions') as $function) {
|
||||||
foreach ($function->getAttribute('vars', []) as $key => $value) {
|
foreach ($function->getAttribute('vars', []) as $key => $value) {
|
||||||
|
if ($value instanceof Document) {
|
||||||
|
continue;
|
||||||
|
}
|
||||||
$variableId = ID::unique();
|
$variableId = ID::unique();
|
||||||
$variable = new Document([
|
$variable = new Document([
|
||||||
'$id' => $variableId,
|
'$id' => $variableId,
|
||||||
|
|
@ -647,6 +705,14 @@ class V15 extends Migration
|
||||||
$this->migrateDateTimeAttribute($id, '_updatedAt');
|
$this->migrateDateTimeAttribute($id, '_updatedAt');
|
||||||
$this->migrateDateTimeAttribute($id, 'expire');
|
$this->migrateDateTimeAttribute($id, 'expire');
|
||||||
|
|
||||||
|
try {
|
||||||
|
/**
|
||||||
|
* Update 'expire' default value
|
||||||
|
*/
|
||||||
|
$this->projectDB->updateAttributeDefault('keys', 'expire', null);
|
||||||
|
} catch (\Throwable $th) {
|
||||||
|
Console::warning("'expire' from {$id}: {$th->getMessage()}");
|
||||||
|
}
|
||||||
try {
|
try {
|
||||||
/**
|
/**
|
||||||
* Create 'accessedAt' attribute
|
* Create 'accessedAt' attribute
|
||||||
|
|
@ -859,7 +925,8 @@ class V15 extends Migration
|
||||||
/**
|
/**
|
||||||
* Update user password before adding encrypt filter.
|
* Update user password before adding encrypt filter.
|
||||||
*/
|
*/
|
||||||
Console::info("Migrating Passwords");
|
Console::log("Migrating Collection \"{$id}\" Passwords");
|
||||||
|
|
||||||
foreach ($this->documentsIterator('users') as $user) {
|
foreach ($this->documentsIterator('users') as $user) {
|
||||||
/**
|
/**
|
||||||
* Skip when no password.
|
* Skip when no password.
|
||||||
|
|
@ -890,6 +957,11 @@ class V15 extends Migration
|
||||||
*/
|
*/
|
||||||
$user->setAttribute('password', $this->encryptFilter($user->getAttribute('password')));
|
$user->setAttribute('password', $this->encryptFilter($user->getAttribute('password')));
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Migrate permissions.
|
||||||
|
*/
|
||||||
|
$this->populatePermissionsAttribute($user, addCreatePermission: false);
|
||||||
|
|
||||||
$this->projectDB->updateDocument('users', $user->getId(), $user);
|
$this->projectDB->updateDocument('users', $user->getId(), $user);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -983,7 +1055,151 @@ class V15 extends Migration
|
||||||
switch ($document->getCollection()) {
|
switch ($document->getCollection()) {
|
||||||
case 'cache':
|
case 'cache':
|
||||||
case 'variables':
|
case 'variables':
|
||||||
|
case 'users':
|
||||||
|
/**
|
||||||
|
* skipping migration for 'cache' and 'variables'.
|
||||||
|
* 'users' already migrated.
|
||||||
|
*/
|
||||||
return null;
|
return null;
|
||||||
|
|
||||||
|
case '_metadata':
|
||||||
|
/**
|
||||||
|
* Populate permissions attribute.
|
||||||
|
*/
|
||||||
|
$this->populatePermissionsAttribute($document, addCreatePermission: false);
|
||||||
|
|
||||||
|
break;
|
||||||
|
|
||||||
|
case 'abuse':
|
||||||
|
/**
|
||||||
|
* Populate permissions attribute.
|
||||||
|
*/
|
||||||
|
$this->populatePermissionsAttribute($document, addCreatePermission: false);
|
||||||
|
|
||||||
|
break;
|
||||||
|
|
||||||
|
case 'attributes':
|
||||||
|
/**
|
||||||
|
* Populate permissions attribute.
|
||||||
|
*/
|
||||||
|
$this->populatePermissionsAttribute($document, addCreatePermission: false);
|
||||||
|
|
||||||
|
break;
|
||||||
|
|
||||||
|
case 'audit':
|
||||||
|
/**
|
||||||
|
* Populate permissions attribute.
|
||||||
|
*/
|
||||||
|
$this->populatePermissionsAttribute($document, addCreatePermission: false);
|
||||||
|
|
||||||
|
break;
|
||||||
|
|
||||||
|
case 'buckets':
|
||||||
|
/**
|
||||||
|
* Populate permissions attribute.
|
||||||
|
*
|
||||||
|
* Note: Buckets need to migrate 'create' permissions.
|
||||||
|
*/
|
||||||
|
$this->populatePermissionsAttribute($document, addCreatePermission: false);
|
||||||
|
|
||||||
|
break;
|
||||||
|
|
||||||
|
case 'builds':
|
||||||
|
/**
|
||||||
|
* Populate permissions attribute.
|
||||||
|
*/
|
||||||
|
$this->populatePermissionsAttribute($document, addCreatePermission: false);
|
||||||
|
|
||||||
|
break;
|
||||||
|
|
||||||
|
case 'certificates':
|
||||||
|
/**
|
||||||
|
* Populate permissions attribute.
|
||||||
|
*/
|
||||||
|
$this->populatePermissionsAttribute($document, addCreatePermission: false);
|
||||||
|
|
||||||
|
break;
|
||||||
|
|
||||||
|
case 'databases':
|
||||||
|
/**
|
||||||
|
* Populate permissions attribute.
|
||||||
|
*/
|
||||||
|
$this->populatePermissionsAttribute($document, addCreatePermission: false);
|
||||||
|
|
||||||
|
break;
|
||||||
|
|
||||||
|
case 'deployments':
|
||||||
|
/**
|
||||||
|
* Populate permissions attribute.
|
||||||
|
*/
|
||||||
|
$this->populatePermissionsAttribute($document, addCreatePermission: false);
|
||||||
|
|
||||||
|
break;
|
||||||
|
|
||||||
|
case 'domains':
|
||||||
|
/**
|
||||||
|
* Populate permissions attribute.
|
||||||
|
*/
|
||||||
|
$this->populatePermissionsAttribute($document, addCreatePermission: false);
|
||||||
|
|
||||||
|
break;
|
||||||
|
|
||||||
|
case 'executions':
|
||||||
|
/**
|
||||||
|
* Populate permissions attribute.
|
||||||
|
*/
|
||||||
|
$this->populatePermissionsAttribute($document, addCreatePermission: false);
|
||||||
|
|
||||||
|
break;
|
||||||
|
|
||||||
|
case 'functions':
|
||||||
|
/**
|
||||||
|
* Populate permissions attribute.
|
||||||
|
*/
|
||||||
|
$this->populatePermissionsAttribute($document, addCreatePermission: false);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Migrate execute permissions.
|
||||||
|
*/
|
||||||
|
$document->setAttribute('execute', array_map(
|
||||||
|
fn ($p) => $this->migratePermission($p),
|
||||||
|
$document->getAttribute('execute', [])
|
||||||
|
));
|
||||||
|
|
||||||
|
break;
|
||||||
|
|
||||||
|
case 'indexes':
|
||||||
|
/**
|
||||||
|
* Populate permissions attribute.
|
||||||
|
*/
|
||||||
|
$this->populatePermissionsAttribute($document, addCreatePermission: false);
|
||||||
|
|
||||||
|
break;
|
||||||
|
|
||||||
|
case 'keys':
|
||||||
|
/**
|
||||||
|
* Populate permissions attribute.
|
||||||
|
*/
|
||||||
|
$this->populatePermissionsAttribute($document, addCreatePermission: false);
|
||||||
|
|
||||||
|
break;
|
||||||
|
|
||||||
|
case 'memberships':
|
||||||
|
/**
|
||||||
|
* Populate permissions attribute.
|
||||||
|
*/
|
||||||
|
$this->populatePermissionsAttribute($document, addCreatePermission: false);
|
||||||
|
|
||||||
|
break;
|
||||||
|
|
||||||
|
case 'platforms':
|
||||||
|
/**
|
||||||
|
* Populate permissions attribute.
|
||||||
|
*/
|
||||||
|
$this->populatePermissionsAttribute($document, addCreatePermission: false);
|
||||||
|
|
||||||
|
break;
|
||||||
|
|
||||||
case 'projects':
|
case 'projects':
|
||||||
/**
|
/**
|
||||||
* Populate permissions attribute.
|
* Populate permissions attribute.
|
||||||
|
|
@ -995,27 +1211,73 @@ class V15 extends Migration
|
||||||
$document->setAttribute('version', '1.0.0-RC1');
|
$document->setAttribute('version', '1.0.0-RC1');
|
||||||
break;
|
break;
|
||||||
|
|
||||||
|
case 'realtime':
|
||||||
|
/**
|
||||||
|
* Populate permissions attribute.
|
||||||
|
*/
|
||||||
|
$this->populatePermissionsAttribute($document, addCreatePermission: false);
|
||||||
|
|
||||||
|
break;
|
||||||
|
|
||||||
|
case 'sessions':
|
||||||
|
/**
|
||||||
|
* Populate permissions attribute.
|
||||||
|
*/
|
||||||
|
$this->populatePermissionsAttribute($document, addCreatePermission: false);
|
||||||
|
|
||||||
|
break;
|
||||||
|
|
||||||
|
case 'stats':
|
||||||
|
/**
|
||||||
|
* Populate permissions attribute.
|
||||||
|
*/
|
||||||
|
$this->populatePermissionsAttribute($document, addCreatePermission: false);
|
||||||
|
|
||||||
|
break;
|
||||||
|
|
||||||
|
case 'teams':
|
||||||
|
/**
|
||||||
|
* Populate permissions attribute.
|
||||||
|
*/
|
||||||
|
$this->populatePermissionsAttribute($document, addCreatePermission: false);
|
||||||
|
|
||||||
|
break;
|
||||||
|
|
||||||
|
case 'tokens':
|
||||||
|
/**
|
||||||
|
* Populate permissions attribute.
|
||||||
|
*/
|
||||||
|
$this->populatePermissionsAttribute($document, addCreatePermission: false);
|
||||||
|
|
||||||
|
break;
|
||||||
|
|
||||||
case 'users':
|
case 'users':
|
||||||
/**
|
/**
|
||||||
* Populate permissions attribute.
|
* Populate permissions attribute.
|
||||||
*/
|
*/
|
||||||
$this->populatePermissionsAttribute($document, addCreatePermission: false);
|
$this->populatePermissionsAttribute($document, addCreatePermission: false);
|
||||||
$document->setAttribute('$permissions', Permission::read(Role::any()), Document::SET_TYPE_APPEND);
|
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 'sessions':
|
case 'webhooks':
|
||||||
$userId = $document->getAttribute('userId');
|
/**
|
||||||
$document
|
* Populate permissions attribute.
|
||||||
->setAttribute('$permissions', Permission::read(Role::user($userId)), Document::SET_TYPE_APPEND)
|
*/
|
||||||
->setAttribute('$permissions', Permission::update(Role::user($userId)), Document::SET_TYPE_APPEND)
|
$this->populatePermissionsAttribute($document, addCreatePermission: false);
|
||||||
->setAttribute('$permissions', Permission::delete(Role::user($userId)), Document::SET_TYPE_APPEND);
|
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
return $document;
|
return $document;
|
||||||
}
|
}
|
||||||
|
|
||||||
protected function encryptFilter(string $value)
|
/**
|
||||||
|
* Filter from the 'encrypt' filter.
|
||||||
|
*
|
||||||
|
* @param string $value
|
||||||
|
* @return string|false
|
||||||
|
*/
|
||||||
|
protected function encryptFilter(string $value): string
|
||||||
{
|
{
|
||||||
$key = App::getEnv('_APP_OPENSSL_KEY_V1');
|
$key = App::getEnv('_APP_OPENSSL_KEY_V1');
|
||||||
$iv = OpenSSL::randomPseudoBytes(OpenSSL::cipherIVLength(OpenSSL::CIPHER_AES_128_GCM));
|
$iv = OpenSSL::randomPseudoBytes(OpenSSL::cipherIVLength(OpenSSL::CIPHER_AES_128_GCM));
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue