From 8fcb2b40589db538738b076097f4c7ed5720514c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Matej=20Ba=C4=8Do?= <matejbaco2000@gmail.com>
Date: Wed, 20 Apr 2022 09:31:17 +0000
Subject: [PATCH] Hostname-related features&fixes

---
 app/controllers/api/projects.php          | 14 +++++++++-
 app/controllers/general.php               | 10 +++++--
 app/views/console/home/index.phtml        | 29 ++++++++++++-------
 composer.lock                             | 34 +++++++++--------------
 src/Appwrite/Network/Validator/Host.php   | 10 +++----
 src/Appwrite/Network/Validator/Origin.php |  8 ++----
 6 files changed, 61 insertions(+), 44 deletions(-)

diff --git a/app/controllers/api/projects.php b/app/controllers/api/projects.php
index f7100a88a..cc289a822 100644
--- a/app/controllers/api/projects.php
+++ b/app/controllers/api/projects.php
@@ -21,7 +21,7 @@ use Utopia\Domains\Domain;
 use Appwrite\Extend\Exception;
 use Utopia\Validator\ArrayList;
 use Utopia\Validator\Boolean;
-use Utopia\Validator\Integer;
+use Utopia\Validator\Hostname;
 use Utopia\Validator\Range;
 use Utopia\Validator\Text;
 use Utopia\Validator\WhiteList;
@@ -1016,6 +1016,12 @@ App::post('/v1/projects/:projectId/platforms')
         /** @var Appwrite\Utopia\Response $response */
         /** @var Utopia\Database\Database $dbForConsole */
 
+        // Ensure hostname has proper structure (no port, protocol..)
+        $validator = new Hostname();
+        if (!is_null($hostname) && !$validator->isValid($hostname)) {
+            throw new Exception($validator->getDescription(), 400, Exception::ATTRIBUTE_VALUE_INVALID);
+        }
+
         $project = $dbForConsole->getDocument('projects', $projectId);
 
         if ($project->isEmpty()) {
@@ -1135,6 +1141,12 @@ App::put('/v1/projects/:projectId/platforms/:platformId')
         /** @var Appwrite\Utopia\Response $response */
         /** @var Utopia\Database\Database $dbForConsole */
 
+        // Ensure hostname has proper structure (no port, protocol..)
+        $validator = new Hostname();
+        if (!is_null($hostname) && !$validator->isValid($hostname)) {
+            throw new Exception($validator->getDescription(), 400, Exception::ATTRIBUTE_VALUE_INVALID);
+        }
+
         $project = $dbForConsole->getDocument('projects', $projectId);
 
         if ($project->isEmpty()) {
diff --git a/app/controllers/general.php b/app/controllers/general.php
index a65e07c81..aa7af6a47 100644
--- a/app/controllers/general.php
+++ b/app/controllers/general.php
@@ -19,6 +19,7 @@ use Utopia\CLI\Console;
 use Utopia\Database\Document;
 use Utopia\Database\Query;
 use Utopia\Database\Validator\Authorization;
+use Utopia\Validator\Hostname;
 use Appwrite\Utopia\Request\Filters\V12 as RequestV12;
 use Appwrite\Utopia\Request\Filters\V13 as RequestV13;
 use Utopia\Validator\Text;
@@ -123,8 +124,13 @@ App::init(function ($utopia, $request, $response, $console, $project, $dbForCons
     $protocol = \parse_url($request->getOrigin($referrer), PHP_URL_SCHEME);
     $port = \parse_url($request->getOrigin($referrer), PHP_URL_PORT);
 
-    $refDomain = (!empty($protocol) ? $protocol : $request->getProtocol()).'://'.((\in_array($origin, $clients))
-        ? $origin : 'localhost').(!empty($port) ? ':'.$port : '');
+    $refDomainOrigin = 'localhost';
+    $validator = new Hostname($clients);
+    if ($validator->isValid($origin)) {
+        $refDomainOrigin = $origin;
+    }
+
+    $refDomain = (!empty($protocol) ? $protocol : $request->getProtocol()) . '://' . $refDomainOrigin . (!empty($port) ? ':' . $port : '');
 
     $refDomain = (!$route->getLabel('origin', false))  // This route is publicly accessible
         ? $refDomain
diff --git a/app/views/console/home/index.phtml b/app/views/console/home/index.phtml
index 028e7f3b7..82be016b6 100644
--- a/app/views/console/home/index.phtml
+++ b/app/views/console/home/index.phtml
@@ -299,8 +299,9 @@ $usageStatsEnabled = $this->getParam('usageStatsEnabled', true);
         <label for="name">Name <span class="tooltip large" data-tooltip="Choose any name that will help you distinguish between your different apps."><i class="icon-question"></i></span></label>
         <input type="text" class="full-width" name="name" required autocomplete="off" placeholder="My Web App" maxlength="128" />
 
-        <label for="hostname">Hostname <span class="tooltip large" data-tooltip="The hostname that your website will use to interact with the <?php echo APP_NAME; ?> APIs in production or development environments. No port number required."><i class="icon-question"></i></span></label>
-        <input name="hostname" type="text" class="margin-bottom" autocomplete="off" placeholder="localhost" required>
+        <label for="hostname">Hostname <span class="tooltip large" data-tooltip="The hostname that your website will use to interact with the <?php echo APP_NAME; ?> APIs in production or development environments. No protocol or port number required."><i class="icon-question"></i></span></label>
+        <input name="hostname" type="text" class="margin-bottom" autocomplete="off" placeholder="yourapp.com" required>
+        <div class="text-fade text-size-xs margin-top-negative-small margin-bottom">You can use * to allow wildcard hostnames or subdomains.</div>
 
         <div class="info margin-top margin-bottom">
             <div class="text-bold margin-bottom-small">Next Steps</div>
@@ -329,7 +330,8 @@ $usageStatsEnabled = $this->getParam('usageStatsEnabled', true);
         data-success="alert,trigger"
         data-success-param-alert-text="Updated platform successfully"
         data-success-param-trigger-events="projects.updatePlatform"
-        data-failure="alert"
+        data-failure="alert,trigger"
+        data-failure-param-trigger-events="projects.updatePlatform"
         data-failure-param-alert-text="Failed to update platform"
         data-failure-param-alert-classname="error">
 
@@ -340,7 +342,8 @@ $usageStatsEnabled = $this->getParam('usageStatsEnabled', true);
         <input type="text" class="full-width" data-ls-attrs="id=name-{{platform.$id}}" name="name" required autocomplete="off" data-ls-bind="{{platform.name}}" placeholder="My Web App" maxlength="128" />
 
         <label for="hostname">Hostname <span class="tooltip large" data-tooltip="The hostname that your website will use to interact with the <?php echo APP_NAME; ?> APIs in production or development environments. No port number required."><i class="icon-question"></i></span></label>
-        <input name="hostname" type="text" class="margin-bottom" autocomplete="off" placeholder="localhost" data-ls-bind="{{platform.hostname}}" required />
+        <input name="hostname" type="text" class="margin-bottom" autocomplete="off" placeholder="yourapp.com" data-ls-bind="{{platform.hostname}}" required />
+        <div class="text-fade text-size-xs margin-top-negative-small margin-bottom">You can use * to allow wildcard hostnames or subdomains.</div>
 
         <hr />
 
@@ -714,7 +717,8 @@ $usageStatsEnabled = $this->getParam('usageStatsEnabled', true);
         data-success="alert,trigger"
         data-success-param-alert-text="Updated platform successfully"
         data-success-param-trigger-events="projects.updatePlatform"
-        data-failure="alert"
+        data-failure="alert,trigger"
+        data-failure-param-trigger-events="projects.updatePlatform"
         data-failure-param-alert-text="Failed to update platform"
         data-failure-param-alert-classname="error">
 
@@ -746,7 +750,8 @@ $usageStatsEnabled = $this->getParam('usageStatsEnabled', true);
             data-success="alert,trigger"
             data-success-param-alert-text="Updated platform successfully"
             data-success-param-trigger-events="projects.updatePlatform"
-            data-failure="alert"
+            data-failure="alert,trigger"
+            data-failure-param-trigger-events="projects.updatePlatform"
             data-failure-param-alert-text="Failed to update platform"
             data-failure-param-alert-classname="error">
 
@@ -777,7 +782,8 @@ $usageStatsEnabled = $this->getParam('usageStatsEnabled', true);
         data-success="alert,trigger"
         data-success-param-alert-text="Updated platform successfully"
         data-success-param-trigger-events="projects.updatePlatform"
-        data-failure="alert"
+        data-failure="alert,trigger"
+        data-failure-param-trigger-events="projects.updatePlatform"
         data-failure-param-alert-text="Failed to update platform"
         data-failure-param-alert-classname="error">
 
@@ -808,7 +814,8 @@ $usageStatsEnabled = $this->getParam('usageStatsEnabled', true);
         data-success="alert,trigger"
         data-success-param-alert-text="Updated platform successfully"
         data-success-param-trigger-events="projects.updatePlatform"
-        data-failure="alert"
+        data-failure="alert,trigger"
+        data-failure-param-trigger-events="projects.updatePlatform"
         data-failure-param-alert-text="Failed to update platform"
         data-failure-param-alert-classname="error">
 
@@ -841,7 +848,8 @@ $usageStatsEnabled = $this->getParam('usageStatsEnabled', true);
             data-success="alert,trigger"
             data-success-param-alert-text="Updated platform successfully"
             data-success-param-trigger-events="projects.updatePlatform"
-            data-failure="alert"
+            data-failure="alert,trigger"
+            data-failure-param-trigger-events="projects.updatePlatform"
             data-failure-param-alert-text="Failed to update platform"
             data-failure-param-alert-classname="error">
 
@@ -873,7 +881,8 @@ $usageStatsEnabled = $this->getParam('usageStatsEnabled', true);
             data-success="alert,trigger"
             data-success-param-alert-text="Updated platform successfully"
             data-success-param-trigger-events="projects.updatePlatform"
-            data-failure="alert"
+            data-failure="alert,trigger"
+            data-failure-param-trigger-events="projects.updatePlatform"
             data-failure-param-alert-text="Failed to update platform"
             data-failure-param-alert-classname="error">
 
diff --git a/composer.lock b/composer.lock
index e908e573c..ca6633679 100644
--- a/composer.lock
+++ b/composer.lock
@@ -2250,16 +2250,16 @@
         },
         {
             "name": "utopia-php/framework",
-            "version": "0.19.8",
+            "version": "0.19.20",
             "source": {
                 "type": "git",
                 "url": "https://github.com/utopia-php/framework.git",
-                "reference": "8c3b3e330546fd6cd65bd1f8d8d08882ff3abb7d"
+                "reference": "65ced168db8f6e188ceeb0d101f57552c3d8b2af"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/utopia-php/framework/zipball/8c3b3e330546fd6cd65bd1f8d8d08882ff3abb7d",
-                "reference": "8c3b3e330546fd6cd65bd1f8d8d08882ff3abb7d",
+                "url": "https://api.github.com/repos/utopia-php/framework/zipball/65ced168db8f6e188ceeb0d101f57552c3d8b2af",
+                "reference": "65ced168db8f6e188ceeb0d101f57552c3d8b2af",
                 "shasum": ""
             },
             "require": {
@@ -2293,9 +2293,9 @@
             ],
             "support": {
                 "issues": "https://github.com/utopia-php/framework/issues",
-                "source": "https://github.com/utopia-php/framework/tree/0.19.8"
+                "source": "https://github.com/utopia-php/framework/tree/0.19.20"
             },
-            "time": "2022-04-12T00:28:15+00:00"
+            "time": "2022-04-14T15:42:37+00:00"
         },
         {
             "name": "utopia-php/image",
@@ -3551,16 +3551,16 @@
         },
         {
             "name": "matthiasmullie/minify",
-            "version": "1.3.66",
+            "version": "1.3.67",
             "source": {
                 "type": "git",
                 "url": "https://github.com/matthiasmullie/minify.git",
-                "reference": "45fd3b0f1dfa2c965857c6d4a470bea52adc31a6"
+                "reference": "acaee1b7ca3cd67a39d7f98673cacd7e4739a8d9"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/matthiasmullie/minify/zipball/45fd3b0f1dfa2c965857c6d4a470bea52adc31a6",
-                "reference": "45fd3b0f1dfa2c965857c6d4a470bea52adc31a6",
+                "url": "https://api.github.com/repos/matthiasmullie/minify/zipball/acaee1b7ca3cd67a39d7f98673cacd7e4739a8d9",
+                "reference": "acaee1b7ca3cd67a39d7f98673cacd7e4739a8d9",
                 "shasum": ""
             },
             "require": {
@@ -3609,23 +3609,15 @@
             ],
             "support": {
                 "issues": "https://github.com/matthiasmullie/minify/issues",
-                "source": "https://github.com/matthiasmullie/minify/tree/1.3.66"
+                "source": "https://github.com/matthiasmullie/minify/tree/1.3.67"
             },
             "funding": [
                 {
-                    "url": "https://github.com/[user1",
-                    "type": "github"
-                },
-                {
-                    "url": "https://github.com/matthiasmullie] # Replace with up to 4 GitHub Sponsors-enabled usernames e.g.",
-                    "type": "github"
-                },
-                {
-                    "url": "https://github.com/user2",
+                    "url": "https://github.com/matthiasmullie",
                     "type": "github"
                 }
             ],
-            "time": "2021-01-06T15:18:10+00:00"
+            "time": "2022-03-24T08:54:59+00:00"
         },
         {
             "name": "matthiasmullie/path-converter",
diff --git a/src/Appwrite/Network/Validator/Host.php b/src/Appwrite/Network/Validator/Host.php
index 703907c3d..4e5aa0b66 100644
--- a/src/Appwrite/Network/Validator/Host.php
+++ b/src/Appwrite/Network/Validator/Host.php
@@ -1,6 +1,7 @@
 <?php
 
 namespace Appwrite\Network\Validator;
+use Utopia\Validator\Hostname;
 
 use Utopia\Validator;
 
@@ -45,17 +46,16 @@ class Host extends Validator
      */
     public function isValid($value): bool
     {
+        // Check if value is valid URL
         $urlValidator = new URL();
 
         if (!$urlValidator->isValid($value)) {
             return false;
         }
 
-        if (\in_array(\parse_url($value, PHP_URL_HOST), $this->whitelist)) {
-            return true;
-        }
-
-        return false;
+        $hostname = \parse_url($value, PHP_URL_HOST);
+        $hostnameValudator = new Hostname($this->whitelist);
+        return $hostnameValudator->isValid($hostname);
     }
 
     /**
diff --git a/src/Appwrite/Network/Validator/Origin.php b/src/Appwrite/Network/Validator/Origin.php
index 8831707ce..c2ef6f112 100644
--- a/src/Appwrite/Network/Validator/Origin.php
+++ b/src/Appwrite/Network/Validator/Origin.php
@@ -1,6 +1,7 @@
 <?php
 
 namespace Appwrite\Network\Validator;
+use Utopia\Validator\Hostname;
 
 use Utopia\Validator;
 
@@ -122,11 +123,8 @@ class Origin extends Validator
             return true;
         }
 
-        if (\in_array($host, $this->clients)) {
-            return true;
-        }
-
-        return false;
+        $validator = new Hostname($this->clients);
+        return $validator->isValid($host);
     }
 
     /**