From 82e6db903ad7a9d5ecb990e4aefa500504687f68 Mon Sep 17 00:00:00 2001 From: Damodar Lohani Date: Mon, 8 Apr 2024 03:29:35 +0000 Subject: [PATCH 1/4] prevent functions domain and subdomain to be added as custom domain --- app/controllers/api/proxy.php | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/app/controllers/api/proxy.php b/app/controllers/api/proxy.php index 71125d2c87..c3a9fbe3ee 100644 --- a/app/controllers/api/proxy.php +++ b/app/controllers/api/proxy.php @@ -47,6 +47,12 @@ App::post('/v1/proxy/rules') if ($domain === $mainDomain) { throw new Exception(Exception::GENERAL_ARGUMENT_INVALID, 'You cannot assign your main domain to specific resource. Please use subdomain or a different domain.'); } + + $functionsDomain = App::getEnv('_APP_DOMAIN_FUNCTIONS', ''); + if (str_ends_with($functionsDomain, $domain)) { + throw new Exception(Exception::GENERAL_ARGUMENT_INVALID, 'You cannot assign your functions domain or it\'s subdomain to specific resource. Please use different domain.'); + } + if ($domain === 'localhost' || $domain === APP_HOSTNAME_INTERNAL) { throw new Exception(Exception::GENERAL_ARGUMENT_INVALID, 'This domain name is not allowed. Please pick another one.'); } From 461263614462d9f214f7f505019f6f9e9ac2033e Mon Sep 17 00:00:00 2001 From: Damodar Lohani Date: Mon, 8 Apr 2024 03:45:02 +0000 Subject: [PATCH 2/4] fix test --- app/controllers/api/proxy.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/controllers/api/proxy.php b/app/controllers/api/proxy.php index c3a9fbe3ee..eb913dbb63 100644 --- a/app/controllers/api/proxy.php +++ b/app/controllers/api/proxy.php @@ -49,7 +49,7 @@ App::post('/v1/proxy/rules') } $functionsDomain = App::getEnv('_APP_DOMAIN_FUNCTIONS', ''); - if (str_ends_with($functionsDomain, $domain)) { + if (str_ends_with($domain, $functionsDomain)) { throw new Exception(Exception::GENERAL_ARGUMENT_INVALID, 'You cannot assign your functions domain or it\'s subdomain to specific resource. Please use different domain.'); } From 1094238820f920518261c7761447e46fcbf6c316 Mon Sep 17 00:00:00 2001 From: Damodar Lohani Date: Sun, 5 May 2024 04:56:49 +0000 Subject: [PATCH 3/4] add test --- app/controllers/api/proxy.php | 2 +- .../Projects/ProjectsCustomServerTest.php | 32 +++++++++++++++++++ 2 files changed, 33 insertions(+), 1 deletion(-) diff --git a/app/controllers/api/proxy.php b/app/controllers/api/proxy.php index 0cd4c50662..29f39c55af 100644 --- a/app/controllers/api/proxy.php +++ b/app/controllers/api/proxy.php @@ -50,7 +50,7 @@ App::post('/v1/proxy/rules') throw new Exception(Exception::GENERAL_ARGUMENT_INVALID, 'You cannot assign your main domain to specific resource. Please use subdomain or a different domain.'); } - $functionsDomain = App::getEnv('_APP_DOMAIN_FUNCTIONS', ''); + $functionsDomain = System::getEnv('_APP_DOMAIN_FUNCTIONS', ''); if (str_ends_with($domain, $functionsDomain)) { throw new Exception(Exception::GENERAL_ARGUMENT_INVALID, 'You cannot assign your functions domain or it\'s subdomain to specific resource. Please use different domain.'); } diff --git a/tests/e2e/Services/Projects/ProjectsCustomServerTest.php b/tests/e2e/Services/Projects/ProjectsCustomServerTest.php index 436d1df611..e0646d3d6a 100644 --- a/tests/e2e/Services/Projects/ProjectsCustomServerTest.php +++ b/tests/e2e/Services/Projects/ProjectsCustomServerTest.php @@ -2,9 +2,11 @@ namespace Tests\E2E\Services\Projects; +use Tests\E2E\Client; use Tests\E2E\Scopes\ProjectCustom; use Tests\E2E\Scopes\Scope; use Tests\E2E\Scopes\SideServer; +use Utopia\System\System; class ProjectsCustomServerTest extends Scope { @@ -15,4 +17,34 @@ class ProjectsCustomServerTest extends Scope { $this->assertEquals(true, true); } + + // Domains + + public function testCreateProjectRule() + { + $headers = array_merge([ + 'content-type' => 'application/json', + 'x-appwrite-project' => $this->getProject()['$id'], + 'x-appwrite-mode' => 'admin', + 'cookie' => 'a_session_console=' . $this->getRoot()['session'], + ]); + + + $response = $this->client->call(Client::METHOD_POST, '/proxy/rules', $headers, [ + 'resourceType' => 'api', + 'domain' => 'api.appwrite.test', + ]); + + $this->assertEquals(201, $response['headers']['status-code']); + + // prevent functions domain + $functionsDomain = System::getEnv('_APP_DOMAIN_FUNCTIONS', ''); + + $response = $this->client->call(Client::METHOD_POST, '/proxy/rules', $headers, [ + 'resourceType' => 'api', + 'domain' => $functionsDomain, + ]); + + $this->assertEquals(400, $response['headers']['status-code']); + } } From d4d88fc43e80ab7c59a2dc2a9f48089dce24cc3b Mon Sep 17 00:00:00 2001 From: Damodar Lohani Date: Sun, 5 May 2024 04:58:10 +0000 Subject: [PATCH 4/4] remove mock test --- tests/e2e/Services/Projects/ProjectsCustomServerTest.php | 6 ------ 1 file changed, 6 deletions(-) diff --git a/tests/e2e/Services/Projects/ProjectsCustomServerTest.php b/tests/e2e/Services/Projects/ProjectsCustomServerTest.php index e0646d3d6a..bae0d8bda9 100644 --- a/tests/e2e/Services/Projects/ProjectsCustomServerTest.php +++ b/tests/e2e/Services/Projects/ProjectsCustomServerTest.php @@ -13,11 +13,6 @@ class ProjectsCustomServerTest extends Scope use ProjectCustom; use SideServer; - public function testMock() - { - $this->assertEquals(true, true); - } - // Domains public function testCreateProjectRule() @@ -29,7 +24,6 @@ class ProjectsCustomServerTest extends Scope 'cookie' => 'a_session_console=' . $this->getRoot()['session'], ]); - $response = $this->client->call(Client::METHOD_POST, '/proxy/rules', $headers, [ 'resourceType' => 'api', 'domain' => 'api.appwrite.test',