From 7c184498bbb79792f6de260162f01b1d7f704ed9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Matej=20Ba=C4=8Do?= Date: Mon, 21 Aug 2023 15:16:02 +0200 Subject: [PATCH] Fix GitHub app auth and migrations --- app/controllers/api/vcs.php | 21 ++++++--------------- app/controllers/general.php | 2 +- docker-compose.yml | 2 +- 3 files changed, 8 insertions(+), 17 deletions(-) diff --git a/app/controllers/api/vcs.php b/app/controllers/api/vcs.php index 0097da3e0..ff1853f3f 100644 --- a/app/controllers/api/vcs.php +++ b/app/controllers/api/vcs.php @@ -277,6 +277,11 @@ App::get('/v1/vcs/github/callback') ->inject('response') ->inject('dbForConsole') ->action(function (string $providerInstallationId, string $setupAction, string $state, string $code, GitHub $github, Document $user, Document $project, Request $request, Response $response, Database $dbForConsole) { + if (empty($state)) { + $error = 'Installation requests from organisation members for the Appwrite GitHub App are currently unsupported. To proceed with the installation, login to the Appwrite Console and install the GitHub App.'; + throw new Exception(Exception::GENERAL_ARGUMENT_INVALID, $error); + } + $state = \json_decode($state, true); $projectId = $state['projectId'] ?? ''; @@ -285,25 +290,11 @@ App::get('/v1/vcs/github/callback') 'failure' => $request->getProtocol() . '://' . $request->getHostname() . "/console/project-$projectId/settings/git-installations", ]; - $state = \array_merge($defaultState, $state); + $state = \array_merge($defaultState, $state ?? []); $redirectSuccess = $state['success'] ?? ''; $redirectFailure = $state['failure'] ?? ''; - if (empty($state)) { - $error = 'Installation requests from organisation members for the Appwrite GitHub App are currently unsupported. To proceed with the installation, login to the Appwrite Console and install the GitHub App.'; - - if (!empty($redirectFailure)) { - $separator = \str_contains($redirectFailure, '?') ? '&' : ':'; - return $response - ->addHeader('Cache-Control', 'no-store, no-cache, must-revalidate, max-age=0') - ->addHeader('Pragma', 'no-cache') - ->redirect($redirectFailure . $separator . \http_build_query(['error' => $error])); - } - - throw new Exception(Exception::GENERAL_ARGUMENT_INVALID, $error); - } - $project = $dbForConsole->getDocument('projects', $projectId); if ($project->isEmpty()) { diff --git a/app/controllers/general.php b/app/controllers/general.php index e8ab7f132..59821296d 100644 --- a/app/controllers/general.php +++ b/app/controllers/general.php @@ -319,7 +319,7 @@ App::init() * @see https://www.owasp.org/index.php/List_of_useful_HTTP_headers */ if (App::getEnv('_APP_OPTIONS_FORCE_HTTPS', 'disabled') === 'enabled') { // Force HTTPS - if ($request->getProtocol() !== 'https' && ($swooleRequest->header['host'] ?? '') !== 'localhost') { // Localhost allowed for proxy + if ($request->getProtocol() !== 'https' && ($swooleRequest->header['host'] ?? '') !== 'localhost' && ($swooleRequest->header['host'] ?? '') !== APP_HOSTNAME_INTERNAL) { // Localhost allowed for proxy, APP_HOSTNAME_INTERNAL allowed for migrations if ($request->getMethod() !== Request::METHOD_GET) { throw new AppwriteException(AppwriteException::GENERAL_PROTOCOL_UNSUPPORTED, 'Method unsupported over HTTP.'); } diff --git a/docker-compose.yml b/docker-compose.yml index 34e264c38..f55c0d48c 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -772,7 +772,7 @@ services: hostname: executor <<: *x-logging stop_signal: SIGINT - image: openruntimes/executor:0.3.2 + image: openruntimes/executor:0.3.3 networks: - appwrite - runtimes