diff --git a/app/app.php b/app/app.php index 186ffd8ccc..c6cca2690c 100644 --- a/app/app.php +++ b/app/app.php @@ -130,7 +130,7 @@ App::init(function ($utopia, $request, $response, $console, $project, $user, $lo * Adding Appwrite API domains to allow XDOMAIN communication * Skip this check for non-web platforms which are not requiredto send an origin header */ - $origin = $request->getServer('HTTP_ORIGIN', $request->getServer('HTTP_REFERER', '')); + $origin = $request->getOrigin($request->getReferer('')); $originValidator = new Origin(\array_merge($project->getAttribute('platforms', []), $console->getAttribute('platforms', []))); if(!$originValidator->isValid($origin) @@ -235,7 +235,7 @@ App::init(function ($utopia, $request, $response, $console, $project, $user, $lo ->setParam('userId', $user->getId()) ->setParam('event', '') ->setParam('resource', '') - ->setParam('userAgent', $request->getServer('HTTP_USER_AGENT', '')) + ->setParam('userAgent', $request->getUserAgent('')) ->setParam('ip', $request->getIP()) ->setParam('data', []) ; @@ -280,7 +280,10 @@ App::shutdown(function ($utopia, $response, $request, $webhook, $audit, $usage, }, ['utopia', 'response', 'request', 'webhook', 'audit', 'usage', 'deletes', 'mode', 'project']); App::options(function ($request, $response) { - $origin = $request->getServer('HTTP_ORIGIN'); + /** @var Appwrite\Utopia\Request $request */ + /** @var Appwrite\Utopia\Response $response */ + + $origin = $request->getOrigin(''); $response ->addHeader('Access-Control-Allow-Methods', 'GET, POST, PUT, PATCH, DELETE') diff --git a/app/controllers/api/account.php b/app/controllers/api/account.php index 272656cf25..5fd43a7471 100644 --- a/app/controllers/api/account.php +++ b/app/controllers/api/account.php @@ -193,7 +193,7 @@ App::post('/v1/account/sessions') 'type' => Auth::TOKEN_TYPE_LOGIN, 'secret' => Auth::hash($secret), // On way hash encryption to protect DB leak 'expire' => $expiry, - 'userAgent' => $request->getServer('HTTP_USER_AGENT', 'UNKNOWN'), + 'userAgent' => $request->getUserAgent('UNKNOWN'), 'ip' => $request->getIP(), ]); @@ -490,7 +490,7 @@ App::get('/v1/account/sessions/oauth2/:provider/redirect') 'type' => Auth::TOKEN_TYPE_LOGIN, 'secret' => Auth::hash($secret), // On way hash encryption to protect DB leak 'expire' => $expiry, - 'userAgent' => $request->getServer('HTTP_USER_AGENT', 'UNKNOWN'), + 'userAgent' => $request->getUserAgent('UNKNOWN'), 'ip' => $request->getIP(), ]); @@ -1143,7 +1143,7 @@ App::post('/v1/account/recovery') 'type' => Auth::TOKEN_TYPE_RECOVERY, 'secret' => Auth::hash($secret), // On way hash encryption to protect DB leak 'expire' => \time() + Auth::TOKEN_EXPIRATION_RECOVERY, - 'userAgent' => $request->getServer('HTTP_USER_AGENT', 'UNKNOWN'), + 'userAgent' => $request->getUserAgent('UNKNOWN'), 'ip' => $request->getIP(), ]); @@ -1309,7 +1309,7 @@ App::post('/v1/account/verification') 'type' => Auth::TOKEN_TYPE_VERIFICATION, 'secret' => Auth::hash($verificationSecret), // On way hash encryption to protect DB leak 'expire' => \time() + Auth::TOKEN_EXPIRATION_CONFIRM, - 'userAgent' => $request->getServer('HTTP_USER_AGENT', 'UNKNOWN'), + 'userAgent' => $request->getUserAgent('UNKNOWN'), 'ip' => $request->getIP(), ]); diff --git a/app/controllers/api/storage.php b/app/controllers/api/storage.php index 2081ddfa9e..6dac016d52 100644 --- a/app/controllers/api/storage.php +++ b/app/controllers/api/storage.php @@ -258,7 +258,7 @@ App::get('/v1/storage/files/:fileId/preview') throw new Exception('No such storage device', 400); } - if ((\strpos($request->getHeader('accept'), 'image/webp') === false) && ('webp' == $output)) { // Fallback webp to jpeg when no browser support + if ((\strpos($request->getAccept(), 'image/webp') === false) && ('webp' == $output)) { // Fallback webp to jpeg when no browser support $output = 'jpg'; } diff --git a/app/controllers/api/teams.php b/app/controllers/api/teams.php index 9a42a6a70a..b1563aff81 100644 --- a/app/controllers/api/teams.php +++ b/app/controllers/api/teams.php @@ -533,7 +533,7 @@ App::patch('/v1/teams/:teamId/memberships/:inviteId/status') 'type' => Auth::TOKEN_TYPE_LOGIN, 'secret' => Auth::hash($secret), // On way hash encryption to protect DB leak 'expire' => $expiry, - 'userAgent' => $request->getServer('HTTP_USER_AGENT', 'UNKNOWN'), + 'userAgent' => $request->getUserAgent('UNKNOWN'), 'ip' => $request->getIP(), ]), Document::SET_TYPE_APPEND); diff --git a/app/controllers/shared/api.php b/app/controllers/shared/api.php index 742f58cfed..3fdca7cf17 100644 --- a/app/controllers/shared/api.php +++ b/app/controllers/shared/api.php @@ -28,7 +28,7 @@ App::init(function ($utopia, $request, $response, $project, $user, $register) { $timeLimit->setNamespace('app_'.$project->getId()); $timeLimit ->setParam('{userId}', $user->getId()) - ->setParam('{userAgent}', $request->getServer('HTTP_USER_AGENT', '')) + ->setParam('{userAgent}', $request->getUserAgent('')) ->setParam('{ip}', $request->getIP()) ->setParam('{url}', $request->getHostname().$route->getURL()) ; diff --git a/src/Appwrite/Utopia/Request.php b/src/Appwrite/Utopia/Request.php index 2f12377fcc..696cccc9e3 100644 --- a/src/Appwrite/Utopia/Request.php +++ b/src/Appwrite/Utopia/Request.php @@ -213,6 +213,31 @@ class Request extends UtopiaRequest return $this->getHeader('origin', $default); } + /** + * Get User Agent + * + * Return HTTP user agent header + * + * @return string + */ + public function getUserAgent(string $default = ''): string + { + var_dump('ua:', $this->getHeader('user-agent', '$default')); + return $this->getHeader('user-agent', $default); + } + + /** + * Get Accept + * + * Return HTTP accept header + * + * @return string + */ + public function getAccept(string $default = ''): string + { + return $this->getHeader('accept', $default); + } + /** * Get files *