Changed god account to root account
This commit is contained in:
parent
f7f54c0d2f
commit
69abbba02b
2
.env
2
.env
|
@ -1,7 +1,7 @@
|
||||||
_APP_ENV=production
|
_APP_ENV=production
|
||||||
_APP_ENV=development
|
_APP_ENV=development
|
||||||
_APP_LOCALE=en
|
_APP_LOCALE=en
|
||||||
_APP_CONSOLE_WHITELIST_GOD=disabled
|
_APP_CONSOLE_WHITELIST_ROOT=disabled
|
||||||
_APP_CONSOLE_WHITELIST_EMAILS=
|
_APP_CONSOLE_WHITELIST_EMAILS=
|
||||||
_APP_CONSOLE_WHITELIST_IPS=
|
_APP_CONSOLE_WHITELIST_IPS=
|
||||||
_APP_SYSTEM_EMAIL_NAME=Appwrite
|
_APP_SYSTEM_EMAIL_NAME=Appwrite
|
||||||
|
|
|
@ -12,7 +12,7 @@
|
||||||
- Added option to disable anonymous login (need to merge and apply changed) (#947)
|
- Added option to disable anonymous login (need to merge and apply changed) (#947)
|
||||||
- Added option to disable JWT auth (#947)
|
- Added option to disable JWT auth (#947)
|
||||||
- Added option to disable team invites (#947)
|
- Added option to disable team invites (#947)
|
||||||
- Option to limit number of users (good for app launches + god account PR) (#947)
|
- Option to limit number of users (good for app launches + root account PR) (#947)
|
||||||
- Added 2 new endpoints to the projects API to allow new settings
|
- Added 2 new endpoints to the projects API to allow new settings
|
||||||
- Enabled 501 errors (Not Implemented) from the error handler
|
- Enabled 501 errors (Not Implemented) from the error handler
|
||||||
- Added Python 3.9 as a new Cloud Functions runtime (#1044)
|
- Added Python 3.9 as a new Cloud Functions runtime (#1044)
|
||||||
|
|
|
@ -88,7 +88,7 @@ ENV _APP_SERVER=swoole \
|
||||||
_APP_DOMAIN_TARGET=localhost \
|
_APP_DOMAIN_TARGET=localhost \
|
||||||
_APP_HOME=https://appwrite.io \
|
_APP_HOME=https://appwrite.io \
|
||||||
_APP_EDITION=community \
|
_APP_EDITION=community \
|
||||||
_APP_CONSOLE_WHITELIST_GOD=enabled \
|
_APP_CONSOLE_WHITELIST_ROOT=enabled \
|
||||||
_APP_CONSOLE_WHITELIST_EMAILS= \
|
_APP_CONSOLE_WHITELIST_EMAILS= \
|
||||||
_APP_CONSOLE_WHITELIST_IPS= \
|
_APP_CONSOLE_WHITELIST_IPS= \
|
||||||
_APP_SYSTEM_EMAIL_NAME= \
|
_APP_SYSTEM_EMAIL_NAME= \
|
||||||
|
|
|
@ -46,7 +46,7 @@ $collections = [
|
||||||
'legalTaxId' => '',
|
'legalTaxId' => '',
|
||||||
'authWhitelistEmails' => (!empty(App::getEnv('_APP_CONSOLE_WHITELIST_EMAILS', null))) ? \explode(',', App::getEnv('_APP_CONSOLE_WHITELIST_EMAILS', null)) : [],
|
'authWhitelistEmails' => (!empty(App::getEnv('_APP_CONSOLE_WHITELIST_EMAILS', null))) ? \explode(',', App::getEnv('_APP_CONSOLE_WHITELIST_EMAILS', null)) : [],
|
||||||
'authWhitelistIPs' => (!empty(App::getEnv('_APP_CONSOLE_WHITELIST_IPS', null))) ? \explode(',', App::getEnv('_APP_CONSOLE_WHITELIST_IPS', null)) : [],
|
'authWhitelistIPs' => (!empty(App::getEnv('_APP_CONSOLE_WHITELIST_IPS', null))) ? \explode(',', App::getEnv('_APP_CONSOLE_WHITELIST_IPS', null)) : [],
|
||||||
'usersAuthLimit' => (App::getEnv('_APP_CONSOLE_WHITELIST_GOD', 'enabled') === 'enabled') ? 1 : 0, // limit signup to 1 user
|
'usersAuthLimit' => (App::getEnv('_APP_CONSOLE_WHITELIST_ROOT', 'enabled') === 'enabled') ? 1 : 0, // limit signup to 1 user
|
||||||
],
|
],
|
||||||
Database::SYSTEM_COLLECTION_COLLECTIONS => [
|
Database::SYSTEM_COLLECTION_COLLECTIONS => [
|
||||||
'$collection' => Database::SYSTEM_COLLECTION_COLLECTIONS,
|
'$collection' => Database::SYSTEM_COLLECTION_COLLECTIONS,
|
||||||
|
|
|
@ -64,7 +64,7 @@ return [
|
||||||
'question' => 'Enter a DNS A record hostname to serve as a CNAME for your custom domains.\nYou can use the same value as used for the Appwrite hostname.',
|
'question' => 'Enter a DNS A record hostname to serve as a CNAME for your custom domains.\nYou can use the same value as used for the Appwrite hostname.',
|
||||||
],
|
],
|
||||||
[
|
[
|
||||||
'name' => '_APP_CONSOLE_WHITELIST_GOD',
|
'name' => '_APP_CONSOLE_WHITELIST_ROOT',
|
||||||
'description' => 'This option allows you to disable the creation of new users on the Appwrite console. When enabled only 1 user will be able to use the registration form. New users can be added by invting them to your project. By default this option is enabled.',
|
'description' => 'This option allows you to disable the creation of new users on the Appwrite console. When enabled only 1 user will be able to use the registration form. New users can be added by invting them to your project. By default this option is enabled.',
|
||||||
'introduction' => '0.8.0',
|
'introduction' => '0.8.0',
|
||||||
'default' => 'enabled',
|
'default' => 'enabled',
|
||||||
|
|
|
@ -272,7 +272,7 @@ App::get('/v1/health/anti-virus')
|
||||||
App::get('/v1/health/stats') // Currently only used internally
|
App::get('/v1/health/stats') // Currently only used internally
|
||||||
->desc('Get System Stats')
|
->desc('Get System Stats')
|
||||||
->groups(['api', 'health'])
|
->groups(['api', 'health'])
|
||||||
->label('scope', 'god')
|
->label('scope', 'root')
|
||||||
// ->label('sdk.auth', [APP_AUTH_TYPE_KEY])
|
// ->label('sdk.auth', [APP_AUTH_TYPE_KEY])
|
||||||
// ->label('sdk.namespace', 'health')
|
// ->label('sdk.namespace', 'health')
|
||||||
// ->label('sdk.method', 'getStats')
|
// ->label('sdk.method', 'getStats')
|
||||||
|
|
|
@ -612,7 +612,7 @@ App::delete('/v1/storage/files/:fileId')
|
||||||
// App::get('/v1/storage/files/:fileId/scan')
|
// App::get('/v1/storage/files/:fileId/scan')
|
||||||
// ->desc('Scan Storage')
|
// ->desc('Scan Storage')
|
||||||
// ->groups(['api', 'storage'])
|
// ->groups(['api', 'storage'])
|
||||||
// ->label('scope', 'god')
|
// ->label('scope', 'root')
|
||||||
// ->label('sdk.auth', [APP_AUTH_TYPE_SESSION, APP_AUTH_TYPE_KEY, APP_AUTH_TYPE_JWT])
|
// ->label('sdk.auth', [APP_AUTH_TYPE_SESSION, APP_AUTH_TYPE_KEY, APP_AUTH_TYPE_JWT])
|
||||||
// ->label('sdk.namespace', 'storage')
|
// ->label('sdk.namespace', 'storage')
|
||||||
// ->label('sdk.method', 'getFileScan')
|
// ->label('sdk.method', 'getFileScan')
|
||||||
|
|
|
@ -208,7 +208,7 @@ App::init(function ($utopia, $request, $response, $console, $project, $user, $lo
|
||||||
}
|
}
|
||||||
}, $user->getAttribute('memberships', []));
|
}, $user->getAttribute('memberships', []));
|
||||||
|
|
||||||
// TDOO Check if user is god
|
// TDOO Check if user is root
|
||||||
|
|
||||||
if (!\in_array($scope, $scopes)) {
|
if (!\in_array($scope, $scopes)) {
|
||||||
if (empty($project->getId()) || Database::SYSTEM_COLLECTION_PROJECTS !== $project->getCollection()) { // Check if permission is denied because project is missing
|
if (empty($project->getId()) || Database::SYSTEM_COLLECTION_PROJECTS !== $project->getCollection()) { // Check if permission is denied because project is missing
|
||||||
|
|
|
@ -57,9 +57,9 @@ App::get('/')
|
||||||
;
|
;
|
||||||
|
|
||||||
if ('console' === $project->getId()) {
|
if ('console' === $project->getId()) {
|
||||||
$whitlistGod = $project->getAttribute('authWhitelistGod');
|
$whitlistRoot = App::getEnv('_APP_CONSOLE_WHITELIST_ROOT', 'enabled');
|
||||||
|
|
||||||
if($whitlistGod !== 'disabled') {
|
if($whitlistRoot !== 'disabled') {
|
||||||
$projectDB->getCollection([ // Count users
|
$projectDB->getCollection([ // Count users
|
||||||
'filters' => [
|
'filters' => [
|
||||||
'$collection='.Database::SYSTEM_COLLECTION_USERS,
|
'$collection='.Database::SYSTEM_COLLECTION_USERS,
|
||||||
|
@ -88,7 +88,7 @@ App::get('/auth/signin')
|
||||||
$page = new View(__DIR__.'/../../views/home/auth/signin.phtml');
|
$page = new View(__DIR__.'/../../views/home/auth/signin.phtml');
|
||||||
|
|
||||||
$page
|
$page
|
||||||
->setParam('god', App::getEnv('_APP_CONSOLE_WHITELIST_GOD', 'enabled'))
|
->setParam('root', App::getEnv('_APP_CONSOLE_WHITELIST_ROOT', 'enabled'))
|
||||||
;
|
;
|
||||||
|
|
||||||
$layout
|
$layout
|
||||||
|
@ -106,7 +106,7 @@ App::get('/auth/signup')
|
||||||
$page = new View(__DIR__.'/../../views/home/auth/signup.phtml');
|
$page = new View(__DIR__.'/../../views/home/auth/signup.phtml');
|
||||||
|
|
||||||
$page
|
$page
|
||||||
->setParam('god', App::getEnv('_APP_CONSOLE_WHITELIST_GOD', 'enabled'))
|
->setParam('root', App::getEnv('_APP_CONSOLE_WHITELIST_ROOT', 'enabled'))
|
||||||
;
|
;
|
||||||
|
|
||||||
$layout
|
$layout
|
||||||
|
|
|
@ -61,11 +61,11 @@ $cli
|
||||||
Console::log('🟢 Abuse protection is enabled');
|
Console::log('🟢 Abuse protection is enabled');
|
||||||
}
|
}
|
||||||
|
|
||||||
$authWhitelistGod = App::getEnv('_APP_CONSOLE_WHITELIST_GOD', null);
|
$authWhitelistRoot = App::getEnv('_APP_CONSOLE_WHITELIST_ROOT', null);
|
||||||
$authWhitelistEmails = App::getEnv('_APP_CONSOLE_WHITELIST_EMAILS', null);
|
$authWhitelistEmails = App::getEnv('_APP_CONSOLE_WHITELIST_EMAILS', null);
|
||||||
$authWhitelistIPs = App::getEnv('_APP_CONSOLE_WHITELIST_IPS', null);
|
$authWhitelistIPs = App::getEnv('_APP_CONSOLE_WHITELIST_IPS', null);
|
||||||
|
|
||||||
if(empty($authWhitelistGod)
|
if(empty($authWhitelistRoot)
|
||||||
&& empty($authWhitelistEmails)
|
&& empty($authWhitelistEmails)
|
||||||
&& empty($authWhitelistIPs)
|
&& empty($authWhitelistIPs)
|
||||||
) {
|
) {
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
<?php
|
<?php
|
||||||
$god = ($this->getParam('god') !== 'disabled');
|
$root = ($this->getParam('root') !== 'disabled');
|
||||||
?>
|
?>
|
||||||
<div class="zone medium"
|
<div class="zone medium"
|
||||||
data-service="account.get"
|
data-service="account.get"
|
||||||
|
@ -46,7 +46,7 @@ $god = ($this->getParam('god') !== 'disabled');
|
||||||
<br />
|
<br />
|
||||||
|
|
||||||
<div class="text-line-high-large text-align-center">
|
<div class="text-line-high-large text-align-center">
|
||||||
<a href="/auth/recovery">Forgot password?</a><?php if(!$god): ?> or don't have an account? <b><a href="/auth/signup">Sign up now</a></b><?php endif; ?>
|
<a href="/auth/recovery">Forgot password?</a><?php if(!$root): ?> or don't have an account? <b><a href="/auth/signup">Sign up now</a></b><?php endif; ?>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
<?php
|
<?php
|
||||||
$god = ($this->getParam('god') !== 'disabled');
|
$root = ($this->getParam('root') !== 'disabled');
|
||||||
?>
|
?>
|
||||||
<div class="zone medium signup">
|
<div class="zone medium signup">
|
||||||
<h1 class="zone xl margin-bottom-large margin-top">
|
<h1 class="zone xl margin-bottom-large margin-top">
|
||||||
|
@ -26,8 +26,8 @@ $god = ($this->getParam('god') !== 'disabled');
|
||||||
data-failure-param-alert-text="Registration Failed. Please try again later"
|
data-failure-param-alert-text="Registration Failed. Please try again later"
|
||||||
data-failure-param-alert-classname="error">
|
data-failure-param-alert-classname="error">
|
||||||
|
|
||||||
<?php if($god): ?>
|
<?php if($root): ?>
|
||||||
<p>Please create your first god account</p>
|
<p>Please create your root account</p>
|
||||||
<?php endif; ?>
|
<?php endif; ?>
|
||||||
|
|
||||||
<label>Name</label>
|
<label>Name</label>
|
||||||
|
@ -51,7 +51,7 @@ $god = ($this->getParam('god') !== 'disabled');
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<?php if(!$god): ?>
|
<?php if(!$root): ?>
|
||||||
<div class="zone medium text-align-center">
|
<div class="zone medium text-align-center">
|
||||||
<a href="/auth/signin">Already have an account?</a>
|
<a href="/auth/signin">Already have an account?</a>
|
||||||
</div>
|
</div>
|
||||||
|
|
|
@ -57,7 +57,7 @@ services:
|
||||||
environment:
|
environment:
|
||||||
- _APP_ENV
|
- _APP_ENV
|
||||||
- _APP_LOCALE
|
- _APP_LOCALE
|
||||||
- _APP_CONSOLE_WHITELIST_GOD
|
- _APP_CONSOLE_WHITELIST_ROOT
|
||||||
- _APP_CONSOLE_WHITELIST_EMAILS
|
- _APP_CONSOLE_WHITELIST_EMAILS
|
||||||
- _APP_CONSOLE_WHITELIST_IPS
|
- _APP_CONSOLE_WHITELIST_IPS
|
||||||
- _APP_SYSTEM_EMAIL_NAME
|
- _APP_SYSTEM_EMAIL_NAME
|
||||||
|
|
|
@ -76,7 +76,7 @@ services:
|
||||||
environment:
|
environment:
|
||||||
- _APP_ENV
|
- _APP_ENV
|
||||||
- _APP_LOCALE
|
- _APP_LOCALE
|
||||||
- _APP_CONSOLE_WHITELIST_GOD
|
- _APP_CONSOLE_WHITELIST_ROOT
|
||||||
- _APP_CONSOLE_WHITELIST_EMAILS
|
- _APP_CONSOLE_WHITELIST_EMAILS
|
||||||
- _APP_CONSOLE_WHITELIST_IPS
|
- _APP_CONSOLE_WHITELIST_IPS
|
||||||
- _APP_SYSTEM_EMAIL_NAME
|
- _APP_SYSTEM_EMAIL_NAME
|
||||||
|
|
Loading…
Reference in a new issue