diff --git a/.travis.yml b/.travis.yml index af63bd6030..3381c3ecb2 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,8 +1,8 @@ -dist: xenial +dist: focal arch: - amd64 - - arm64 + - arm64-graviton2 os: linux @@ -30,7 +30,7 @@ before_install: - echo "_APP_FUNCTIONS_RUNTIMES=php-8.0" >> .env install: -- docker-compose up -d +- docker-compose up -d --build - sleep 10 script: @@ -41,6 +41,9 @@ script: - docker-compose exec appwrite vars - docker-compose exec appwrite test --debug +after_failure: +- docker-compose logs appwrite + deploy: - provider: script edge: true diff --git a/CHANGES.md b/CHANGES.md index 13cff282b0..2f83ca4522 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -1,6 +1,10 @@ # Unreleased Version 0.11.0 - Added ability to create syncronous function executions - Introduced new execution model for functions +# Version 0.9.4 +## Security + +- Fixed security vulnerability that exposes project ID's from other admin users (#1453) # Version 0.9.3 diff --git a/Dockerfile b/Dockerfile index d15dbf508e..5b2224323c 100755 --- a/Dockerfile +++ b/Dockerfile @@ -18,8 +18,8 @@ ARG DEBUG=false ENV DEBUG=$DEBUG ENV PHP_REDIS_VERSION=5.3.4 \ - PHP_SWOOLE_VERSION=v4.6.7 \ - PHP_IMAGICK_VERSION=3.5.0 \ + PHP_SWOOLE_VERSION=v4.7.0 \ + PHP_IMAGICK_VERSION=3.5.1 \ PHP_YAML_VERSION=2.2.1 \ PHP_MAXMINDDB_VERSION=v1.10.1 diff --git a/README.md b/README.md index e96c201f71..de3386ce91 100644 --- a/README.md +++ b/README.md @@ -57,7 +57,7 @@ docker run -it --rm \ --volume /var/run/docker.sock:/var/run/docker.sock \ --volume "$(pwd)"/appwrite:/usr/src/code/appwrite:rw \ --entrypoint="install" \ - appwrite/appwrite:0.9.3 + appwrite/appwrite:0.9.4 ``` ### Windows @@ -69,7 +69,7 @@ docker run -it --rm ^ --volume //var/run/docker.sock:/var/run/docker.sock ^ --volume "%cd%"/appwrite:/usr/src/code/appwrite:rw ^ --entrypoint="install" ^ - appwrite/appwrite:0.9.3 + appwrite/appwrite:0.9.4 ``` #### PowerShell @@ -79,7 +79,7 @@ docker run -it --rm , --volume /var/run/docker.sock:/var/run/docker.sock , --volume ${pwd}/appwrite:/usr/src/code/appwrite:rw , --entrypoint="install" , - appwrite/appwrite:0.9.3 + appwrite/appwrite:0.9.4 ``` Once the Docker installation completes, go to http://localhost to access the Appwrite console from your browser. Please note that on non-linux native hosts, the server might take a few minutes to start after installation completes. diff --git a/app/config/platforms.php b/app/config/platforms.php index 50b8e4f745..ba1f54cc96 100644 --- a/app/config/platforms.php +++ b/app/config/platforms.php @@ -45,7 +45,7 @@ return [ ], [ 'icon' => 'angular.svg', - 'name' => 'Todo App with Angular.js', + 'name' => 'Todo App with Angular', 'description' => 'A simple Todo app that uses both the Appwrite account and database APIs.', 'source' => 'https://github.com/appwrite/todo-with-angular', 'url' => 'https://appwrite-todo-with-angular.vercel.app/', diff --git a/app/controllers/general.php b/app/controllers/general.php index 708e249853..0af6d92fd4 100644 --- a/app/controllers/general.php +++ b/app/controllers/general.php @@ -316,7 +316,7 @@ App::error(function ($error, $utopia, $request, $response, $layout, $project) { if($route) { Console::error('[Error] Method: '.$route->getMethod()); - Console::error('[Error] URL: '.$route->getURL()); + Console::error('[Error] URL: '.$route->getPath()); } Console::error('[Error] Type: '.get_class($error)); diff --git a/app/controllers/mock.php b/app/controllers/mock.php index 2cad650f58..d4076547e0 100644 --- a/app/controllers/mock.php +++ b/app/controllers/mock.php @@ -518,7 +518,7 @@ App::shutdown(function($utopia, $response, $request) { throw new Exception('Failed to read results', 500); } - $result[$route->getMethod() . ':' . $route->getURL()] = true; + $result[$route->getMethod() . ':' . $route->getPath()] = true; $tests = \array_merge($tests, $result); @@ -526,5 +526,5 @@ App::shutdown(function($utopia, $response, $request) { throw new Exception('Failed to save resutls', 500); } - $response->dynamic(new Document(['result' => $route->getMethod() . ':' . $route->getURL() . ':passed']), Response::MODEL_MOCK); + $response->dynamic(new Document(['result' => $route->getMethod() . ':' . $route->getPath() . ':passed']), Response::MODEL_MOCK); }, ['utopia', 'response', 'request'], 'mock'); \ No newline at end of file diff --git a/app/controllers/shared/api.php b/app/controllers/shared/api.php index 4ebe7f32af..0df72d0578 100644 --- a/app/controllers/shared/api.php +++ b/app/controllers/shared/api.php @@ -40,7 +40,7 @@ App::init(function ($utopia, $request, $response, $project, $user, $register, $e ->setParam('{userId}', $user->getId()) ->setParam('{userAgent}', $request->getUserAgent('')) ->setParam('{ip}', $request->getIP()) - ->setParam('{url}', $request->getHostname().$route->getURL()) + ->setParam('{url}', $request->getHostname().$route->getPath()) ; //TODO make sure we get array here diff --git a/app/init.php b/app/init.php index 1c34b621c9..0dd043bba9 100644 --- a/app/init.php +++ b/app/init.php @@ -48,7 +48,7 @@ const APP_MODE_DEFAULT = 'default'; const APP_MODE_ADMIN = 'admin'; const APP_PAGING_LIMIT = 12; const APP_CACHE_BUSTER = 151; -const APP_VERSION_STABLE = '0.9.3'; +const APP_VERSION_STABLE = '0.9.4'; const APP_STORAGE_UPLOADS = '/storage/uploads'; const APP_STORAGE_FUNCTIONS = '/storage/functions'; const APP_STORAGE_CACHE = '/storage/cache'; diff --git a/app/views/install/compose.phtml b/app/views/install/compose.phtml index c110fcd4eb..95e33b9ea2 100644 --- a/app/views/install/compose.phtml +++ b/app/views/install/compose.phtml @@ -9,7 +9,7 @@ $image = $this->getParam('image', ''); services: traefik: - image: traefik:2.3 + image: traefik:2.5 container_name: appwrite-traefik command: - --providers.file.directory=/storage/config diff --git a/composer.json b/composer.json index 9608eae30f..819362be1d 100644 --- a/composer.json +++ b/composer.json @@ -38,7 +38,7 @@ "appwrite/php-clamav": "1.1.*", "appwrite/php-runtimes": "0.4.*", - "utopia-php/framework": "0.17.*", + "utopia-php/framework": "0.18.*", "utopia-php/abuse": "0.5.*", "utopia-php/analytics": "0.2.*", "utopia-php/audit": "0.5.*", diff --git a/composer.lock b/composer.lock index 9f665352c6..e0858de93c 100644 --- a/composer.lock +++ b/composer.lock @@ -4,7 +4,7 @@ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", "This file is @generated automatically" ], - "content-hash": "aff105f689d2f08f13b6f3efef690d2c", + "content-hash": "45963af754680568d89330a4f37c40d1", "packages": [ { "name": "adhocore/jwt", @@ -1756,16 +1756,16 @@ }, { "name": "utopia-php/framework", - "version": "0.17.3", + "version": "0.18.0", "source": { "type": "git", "url": "https://github.com/utopia-php/framework.git", - "reference": "0274f6b3e49db2af0d702edf278ec7504dc99878" + "reference": "f577522a5eb8009967b893fb7ad4ee70d3f7c0db" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/utopia-php/framework/zipball/0274f6b3e49db2af0d702edf278ec7504dc99878", - "reference": "0274f6b3e49db2af0d702edf278ec7504dc99878", + "url": "https://api.github.com/repos/utopia-php/framework/zipball/f577522a5eb8009967b893fb7ad4ee70d3f7c0db", + "reference": "f577522a5eb8009967b893fb7ad4ee70d3f7c0db", "shasum": "" }, "require": { @@ -1799,9 +1799,9 @@ ], "support": { "issues": "https://github.com/utopia-php/framework/issues", - "source": "https://github.com/utopia-php/framework/tree/0.17.3" + "source": "https://github.com/utopia-php/framework/tree/0.18.0" }, - "time": "2021-08-03T13:57:01+00:00" + "time": "2021-08-19T04:58:47+00:00" }, { "name": "utopia-php/image", @@ -1907,61 +1907,6 @@ }, "time": "2021-07-24T11:35:55+00:00" }, - { - "name": "utopia-php/orchestration", - "version": "0.2.0", - "source": { - "type": "git", - "url": "https://github.com/utopia-php/orchestration.git", - "reference": "de10509017768cf2b62363bb39912002ab41dafb" - }, - "dist": { - "type": "zip", - "url": "https://api.github.com/repos/utopia-php/orchestration/zipball/de10509017768cf2b62363bb39912002ab41dafb", - "reference": "de10509017768cf2b62363bb39912002ab41dafb", - "shasum": "" - }, - "require": { - "php": ">=8.0", - "utopia-php/cli": "0.11.*" - }, - "require-dev": { - "phpunit/phpunit": "^9.3", - "vimeo/psalm": "4.0.1" - }, - "type": "library", - "autoload": { - "psr-4": { - "Utopia\\Orchestration\\": "src/Orchestration" - } - }, - "notification-url": "https://packagist.org/downloads/", - "license": [ - "MIT" - ], - "authors": [ - { - "name": "Eldad Fux", - "email": "eldad@appwrite.io" - } - ], - "description": "Lite & fast micro PHP abstraction library for container orchestration", - "keywords": [ - "docker", - "framework", - "kubernetes", - "orchestration", - "php", - "swarm", - "upf", - "utopia" - ], - "support": { - "issues": "https://github.com/utopia-php/orchestration/issues", - "source": "https://github.com/utopia-php/orchestration/tree/0.2.0" - }, - "time": "2021-08-16T12:52:42+00:00" - }, { "name": "utopia-php/preloader", "version": "0.2.4", diff --git a/docker-compose.yml b/docker-compose.yml index a3127f313f..d17e51b7c4 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -7,7 +7,7 @@ version: '3' services: traefik: - image: traefik:2.3 + image: traefik:2.5 container_name: appwrite-traefik command: - --log.level=DEBUG diff --git a/src/Appwrite/Migration/Migration.php b/src/Appwrite/Migration/Migration.php index 9f5d12d47d..203af0c67d 100644 --- a/src/Appwrite/Migration/Migration.php +++ b/src/Appwrite/Migration/Migration.php @@ -42,6 +42,7 @@ abstract class Migration '0.9.1' => 'V08', '0.9.2' => 'V08', '0.9.3' => 'V08', + '0.9.4' => 'V08', ]; /** diff --git a/src/Appwrite/Specification/Format/OpenAPI3.php b/src/Appwrite/Specification/Format/OpenAPI3.php index b14134cdf2..d01a7da72e 100644 --- a/src/Appwrite/Specification/Format/OpenAPI3.php +++ b/src/Appwrite/Specification/Format/OpenAPI3.php @@ -91,7 +91,7 @@ class OpenAPI3 extends Format $usedModels = []; foreach ($this->routes as $route) { /** @var \Utopia\Route $route */ - $url = \str_replace('/v1', '', $route->getURL()); + $url = \str_replace('/v1', '', $route->getPath()); $scope = $route->getLabel('scope', ''); $hide = $route->getLabel('sdk.hide', false); $consumes = [$route->getLabel('sdk.request.type', 'application/json')]; diff --git a/src/Appwrite/Specification/Format/Swagger2.php b/src/Appwrite/Specification/Format/Swagger2.php index 9809220f87..dfb6bdc987 100644 --- a/src/Appwrite/Specification/Format/Swagger2.php +++ b/src/Appwrite/Specification/Format/Swagger2.php @@ -89,7 +89,7 @@ class Swagger2 extends Format $usedModels = []; foreach ($this->routes as $route) { /** @var \Utopia\Route $route */ - $url = \str_replace('/v1', '', $route->getURL()); + $url = \str_replace('/v1', '', $route->getPath()); $scope = $route->getLabel('scope', ''); $hide = $route->getLabel('sdk.hide', false); $consumes = [$route->getLabel('sdk.request.type', 'application/json')];