Merge branch 'master' of https://github.com/appwrite/appwrite into feat-database-indexing
This commit is contained in:
commit
7230b5f6ec
2
.github/workflows/tests.yml
vendored
2
.github/workflows/tests.yml
vendored
|
@ -28,7 +28,7 @@ jobs:
|
||||||
docker pull php:8.0-cli-alpine
|
docker pull php:8.0-cli-alpine
|
||||||
docker compose build --progress=plain
|
docker compose build --progress=plain
|
||||||
docker compose up -d
|
docker compose up -d
|
||||||
sleep 10
|
sleep 30
|
||||||
- name: Doctor
|
- name: Doctor
|
||||||
run: docker compose exec -T appwrite doctor
|
run: docker compose exec -T appwrite doctor
|
||||||
|
|
||||||
|
|
|
@ -1740,7 +1740,7 @@ App::post('/v1/account/recovery')
|
||||||
->label('sdk.response.type', Response::CONTENT_TYPE_JSON)
|
->label('sdk.response.type', Response::CONTENT_TYPE_JSON)
|
||||||
->label('sdk.response.model', Response::MODEL_TOKEN)
|
->label('sdk.response.model', Response::MODEL_TOKEN)
|
||||||
->label('abuse-limit', 10)
|
->label('abuse-limit', 10)
|
||||||
->label('abuse-key', 'url:{url},email:{param-email}')
|
->label('abuse-key', ['url:{url},email:{param-email}', 'ip:{ip}'])
|
||||||
->param('email', '', new Email(), 'User email.')
|
->param('email', '', new Email(), 'User email.')
|
||||||
->param('url', '', function ($clients) {return new Host($clients);}, 'URL to redirect the user back to your app from the recovery email. Only URLs from hostnames in your project platform list are allowed. This requirement helps to prevent an [open redirect](https://cheatsheetseries.owasp.org/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.html) attack against your project API.', false, ['clients'])
|
->param('url', '', function ($clients) {return new Host($clients);}, 'URL to redirect the user back to your app from the recovery email. Only URLs from hostnames in your project platform list are allowed. This requirement helps to prevent an [open redirect](https://cheatsheetseries.owasp.org/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.html) attack against your project API.', false, ['clients'])
|
||||||
->inject('request')
|
->inject('request')
|
||||||
|
|
|
@ -38,41 +38,51 @@ App::init(function ($utopia, $request, $response, $project, $user, $events, $aud
|
||||||
/*
|
/*
|
||||||
* Abuse Check
|
* Abuse Check
|
||||||
*/
|
*/
|
||||||
$timeLimit = new TimeLimit($route->getLabel('abuse-key', 'url:{url},ip:{ip}'), $route->getLabel('abuse-limit', 0), $route->getLabel('abuse-time', 3600), $dbForProject);
|
$abuseKeyLabel = $route->getLabel('abuse-key', 'url:{url},ip:{ip}');
|
||||||
$timeLimit
|
$timeLimitArray = [];
|
||||||
->setParam('{userId}', $user->getId())
|
|
||||||
->setParam('{userAgent}', $request->getUserAgent(''))
|
|
||||||
->setParam('{ip}', $request->getIP())
|
|
||||||
->setParam('{url}', $request->getHostname().$route->getPath())
|
|
||||||
;
|
|
||||||
|
|
||||||
// TODO make sure we get array here
|
$abuseKeyLabel = (!is_array($abuseKeyLabel)) ? [$abuseKeyLabel] : $abuseKeyLabel;
|
||||||
|
|
||||||
foreach ($request->getParams() as $key => $value) { // Set request params as potential abuse keys
|
foreach ($abuseKeyLabel as $abuseKey) {
|
||||||
if(!empty($value)) {
|
$timeLimit = new TimeLimit($abuseKey, $route->getLabel('abuse-limit', 0), $route->getLabel('abuse-time', 3600), $dbForProject);
|
||||||
$timeLimit->setParam('{param-'.$key.'}', (\is_array($value)) ? \json_encode($value) : $value);
|
$timeLimit
|
||||||
}
|
->setParam('{userId}', $user->getId())
|
||||||
|
->setParam('{userAgent}', $request->getUserAgent(''))
|
||||||
|
->setParam('{ip}', $request->getIP())
|
||||||
|
->setParam('{url}', $request->getHostname().$route->getPath());
|
||||||
|
$timeLimitArray[] = $timeLimit;
|
||||||
}
|
}
|
||||||
|
|
||||||
$abuse = new Abuse($timeLimit);
|
$closestLimit = null;
|
||||||
|
|
||||||
if ($timeLimit->limit()) {
|
|
||||||
$response
|
|
||||||
->addHeader('X-RateLimit-Limit', $timeLimit->limit())
|
|
||||||
->addHeader('X-RateLimit-Remaining', $timeLimit->remaining())
|
|
||||||
->addHeader('X-RateLimit-Reset', $timeLimit->time() + $route->getLabel('abuse-time', 3600))
|
|
||||||
;
|
|
||||||
}
|
|
||||||
|
|
||||||
$roles = Authorization::getRoles();
|
$roles = Authorization::getRoles();
|
||||||
$isPrivilegedUser = Auth::isPrivilegedUser($roles);
|
$isPrivilegedUser = Auth::isPrivilegedUser($roles);
|
||||||
$isAppUser = Auth::isAppUser($roles);
|
$isAppUser = Auth::isAppUser($roles);
|
||||||
|
|
||||||
if (($abuse->check() // Route is rate-limited
|
foreach ($timeLimitArray as $timeLimit) {
|
||||||
|
foreach ($request->getParams() as $key => $value) { // Set request params as potential abuse keys
|
||||||
|
if(!empty($value)) {
|
||||||
|
$timeLimit->setParam('{param-'.$key.'}', (\is_array($value)) ? \json_encode($value) : $value);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
$abuse = new Abuse($timeLimit);
|
||||||
|
|
||||||
|
if ($timeLimit->limit() && ($timeLimit->remaining() < $closestLimit || is_null($closestLimit))) {
|
||||||
|
$closestLimit = $timeLimit->remaining();
|
||||||
|
$response
|
||||||
|
->addHeader('X-RateLimit-Limit', $timeLimit->limit())
|
||||||
|
->addHeader('X-RateLimit-Remaining', $timeLimit->remaining())
|
||||||
|
->addHeader('X-RateLimit-Reset', $timeLimit->time() + $route->getLabel('abuse-time', 3600))
|
||||||
|
;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (($abuse->check() // Route is rate-limited
|
||||||
&& App::getEnv('_APP_OPTIONS_ABUSE', 'enabled') !== 'disabled') // Abuse is not disabled
|
&& App::getEnv('_APP_OPTIONS_ABUSE', 'enabled') !== 'disabled') // Abuse is not disabled
|
||||||
&& (!$isAppUser && !$isPrivilegedUser)) // User is not an admin or API key
|
&& (!$isAppUser && !$isPrivilegedUser)) // User is not an admin or API key
|
||||||
{
|
{
|
||||||
throw new Exception('Too many requests', 429);
|
throw new Exception('Too many requests', 429);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
|
|
@ -217,7 +217,7 @@ THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
|
||||||
git fetch && \
|
git fetch && \
|
||||||
git pull ' . $gitUrl . ' && \
|
git pull ' . $gitUrl . ' && \
|
||||||
rm -rf ' . $target . '/* && \
|
rm -rf ' . $target . '/* && \
|
||||||
cp -r ' . $result . '/ ' . $target . '/ && \
|
cp -r ' . $result . '/* ' . $target . '/ && \
|
||||||
git add . && \
|
git add . && \
|
||||||
git commit -m "' . $message . '" && \
|
git commit -m "' . $message . '" && \
|
||||||
git push -u origin ' . $gitBranch . '
|
git push -u origin ' . $gitBranch . '
|
||||||
|
@ -231,7 +231,7 @@ THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
|
||||||
|
|
||||||
$docDirectories = $language['docDirectories'] ?? [''];
|
$docDirectories = $language['docDirectories'] ?? [''];
|
||||||
|
|
||||||
if($version === 'latest') {
|
if ($version === 'latest') {
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue