diff --git a/app/app.php b/app/app.php index 6505991c9..b4b9fe6c5 100644 --- a/app/app.php +++ b/app/app.php @@ -15,7 +15,6 @@ use Appwrite\Database\Document; use Appwrite\Database\Validator\Authorization; use Appwrite\Network\Validator\Origin; -Config::setParam('domain', 'localhost'); Config::setParam('domainVerification', false); Config::setParam('cookieDomain', 'localhost'); Config::setParam('cookieSamesite', Response::COOKIE_SAMESITE_NONE); @@ -33,8 +32,8 @@ Config::setParam('cookieSamesite', Response::COOKIE_SAMESITE_NONE); App::init(function ($utopia, $request, $response, $console, $project, $user, $locale, $webhooks, $audits, $usage, $clients) { Authorization::$roles = ['*']; - /** @var Utopia\Request $request */ - /** @var Utopia\Response $response */ + /** @var Appwrite\Utopia\Request $request */ + /** @var Appwrite\Utopia\Response $response */ /** @var Appwrite\Database\Document $console */ /** @var Appwrite\Database\Document $project */ /** @var Appwrite\Database\Document $user */ @@ -66,19 +65,19 @@ App::init(function ($utopia, $request, $response, $console, $project, $user, $lo 'hostname' => $request->getHostname(), ], Document::SET_TYPE_APPEND); - $referrer = $request->getServer('HTTP_REFERER', ''); - $origin = \parse_url($request->getServer('HTTP_ORIGIN', $referrer), PHP_URL_HOST); - $protocol = \parse_url($request->getServer('HTTP_ORIGIN', $referrer), PHP_URL_SCHEME); - $port = \parse_url($request->getServer('HTTP_ORIGIN', $referrer), PHP_URL_PORT); + $referrer = $request->getReferer(); + $origin = \parse_url($request->getOrigin($referrer), PHP_URL_HOST); + $protocol = \parse_url($request->getOrigin($referrer), PHP_URL_SCHEME); + $port = \parse_url($request->getOrigin($referrer), PHP_URL_PORT); $refDomain = $protocol.'://'.((\in_array($origin, $clients)) ? $origin : 'localhost') . (!empty($port) ? ':'.$port : ''); - $selfDomain = new Domain(Config::getParam('hostname')); + $selfDomain = new Domain($request->getHostname()); $endDomain = new Domain($origin); - Config::setParam('domain', $request->getServer('HTTP_HOST', '')); - + // var_dump('referer', $referrer); + // var_dump('origin', $origin); // var_dump('port', $request->getPort()); // var_dump('hostname', $request->getHostname()); // var_dump('protocol', $request->getProtocol()); @@ -87,18 +86,21 @@ App::init(function ($utopia, $request, $response, $console, $project, $user, $lo // var_dump('-----------------'); // var_dump($request->debug()); + var_dump($selfDomain->getRegisterable()); + var_dump($endDomain->getRegisterable()); Config::setParam('domainVerification', ($selfDomain->getRegisterable() === $endDomain->getRegisterable()) && $endDomain->getRegisterable() !== ''); Config::setParam('cookieDomain', ( - $request->getServer('HTTP_HOST', null) === 'localhost' || - $request->getServer('HTTP_HOST', null) === 'localhost:'.$request->getPort() || + $request->getHostname() === 'localhost' || + $request->getHostname() === 'localhost:'.$request->getPort() || (\filter_var($request->getHostname(), FILTER_VALIDATE_IP) !== false) ) ? null : '.'.$request->getHostname() ); + /* * Security Headers * @@ -107,7 +109,7 @@ App::init(function ($utopia, $request, $response, $console, $project, $user, $lo */ if (App::getEnv('_APP_OPTIONS_FORCE_HTTPS', 'disabled') === 'enabled') { // Force HTTPS if($request->getProtocol() !== 'https') { - return $response->redirect('https://' . Config::getParam('domain').$request->getServer('REQUEST_URI')); + return $response->redirect('https://'.$request->getHostname().$request->getServer('REQUEST_URI')); } $response->addHeader('Strict-Transport-Security', 'max-age='.(60 * 60 * 24 * 126)); // 126 days @@ -179,7 +181,7 @@ App::init(function ($utopia, $request, $response, $console, $project, $user, $lo $user = new Document([ '$id' => 0, 'status' => Auth::USER_STATUS_ACTIVATED, - 'email' => 'app.'.$project->getId().'@service.'.Config::getParam('domain'), + 'email' => 'app.'.$project->getId().'@service.'.$request->getHostname(), 'password' => '', 'name' => $project->getAttribute('name', 'Untitled'), ]); diff --git a/app/controllers/api/account.php b/app/controllers/api/account.php index 64fbbcc90..906d3048d 100644 --- a/app/controllers/api/account.php +++ b/app/controllers/api/account.php @@ -160,8 +160,8 @@ App::post('/v1/account/sessions') ->param('email', '', function () { return new Email(); }, 'User email.') ->param('password', '', function () { return new Password(); }, 'User password. Must be between 6 to 32 chars.') ->action(function ($email, $password, $request, $response, $projectDB, $webhook, $audit) { - /** @var Utopia\Request $request */ - /** @var Utopia\Response $response */ + /** @var Appwrite\Utopia\Request $request */ + /** @var Appwrite\Utopia\Response $response */ /** @var Appwrite\Database\Database $projectDB */ /** @var Appwrite\Event\Event $webhook */ /** @var Appwrite\Event\Event $audit */ @@ -230,15 +230,15 @@ App::post('/v1/account/sessions') $response ->addHeader('X-Fallback-Cookies', \json_encode([Auth::$cookieName => Auth::encodeSession($profile->getId(), $secret)])) ; - - $response->dynamic($session, Response::MODEL_SESSION); } $response ->addCookie(Auth::$cookieName.'_legacy', Auth::encodeSession($profile->getId(), $secret), $expiry, '/', Config::getParam('cookieDomain'), ('https' == $protocol), true, null) ->addCookie(Auth::$cookieName, Auth::encodeSession($profile->getId(), $secret), $expiry, '/', Config::getParam('cookieDomain'), ('https' == $protocol), true, Config::getParam('cookieSamesite')) ->setStatusCode(Response::STATUS_CODE_CREATED) - ->json($session->getArrayCopy(['$id', 'type', 'expire'])) + ; + + $response->dynamic($session, Response::MODEL_SESSION); ; }, ['request', 'response', 'projectDB', 'webhook', 'audit']); @@ -309,7 +309,7 @@ App::get('/v1/account/sessions/oauth2/callback/:provider/:projectId') /** @var Utopia\Request $request */ /** @var Utopia\Response $response */ - $domain = Config::getParam('domain'); + $domain = $request->getHostname(); $protocol = $request->getProtocol(); $response @@ -334,7 +334,7 @@ App::post('/v1/account/sessions/oauth2/callback/:provider/:projectId') /** @var Utopia\Request $request */ /** @var Utopia\Response $response */ - $domain = Config::getParam('domain'); + $domain = $request->getHostname(); $protocol = $request->getProtocol(); $response diff --git a/app/controllers/api/teams.php b/app/controllers/api/teams.php index 0988f615c..9a42a6a70 100644 --- a/app/controllers/api/teams.php +++ b/app/controllers/api/teams.php @@ -567,29 +567,18 @@ App::patch('/v1/teams/:teamId/memberships/:inviteId/status') $response ->addHeader('X-Fallback-Cookies', \json_encode([Auth::$cookieName => Auth::encodeSession($user->getId(), $secret)])) ; - - $response->dynamic(new Document(\array_merge($membership->getArrayCopy(), [ - 'email' => $user->getAttribute('email'), - 'name' => $user->getAttribute('name'), - ])), Response::MODEL_MEMBERSHIP); } $response ->addCookie(Auth::$cookieName.'_legacy', Auth::encodeSession($user->getId(), $secret), $expiry, '/', Config::getParam('cookieDomain'), ('https' == $protocol), true, null) ->addCookie(Auth::$cookieName, Auth::encodeSession($user->getId(), $secret), $expiry, '/', Config::getParam('cookieDomain'), ('https' == $protocol), true, Config::getParam('cookieSamesite')) - ->json(\array_merge($membership->getArrayCopy([ - '$id', - 'userId', - 'teamId', - 'roles', - 'invited', - 'joined', - 'confirm', - ]), [ - 'email' => $user->getAttribute('email'), - 'name' => $user->getAttribute('name'), - ])) ; + + $response->dynamic(new Document(\array_merge($membership->getArrayCopy(), [ + 'email' => $user->getAttribute('email'), + 'name' => $user->getAttribute('name'), + ])), Response::MODEL_MEMBERSHIP); + }, ['request', 'response', 'user', 'projectDB', 'audit']); App::delete('/v1/teams/:teamId/memberships/:inviteId') diff --git a/app/controllers/shared/web.php b/app/controllers/shared/web.php index 92666ffe0..d23828fd2 100644 --- a/app/controllers/shared/web.php +++ b/app/controllers/shared/web.php @@ -1,8 +1,6 @@ setParam('title', APP_NAME) ->setParam('protocol', $request->getProtocol()) - ->setParam('domain', Config::getParam('domain')) + ->setParam('domain', $request->getHostname()) ->setParam('home', App::getEnv('_APP_HOME')) ->setParam('setup', App::getEnv('_APP_SETUP')) ->setParam('class', 'unknown') diff --git a/app/controllers/web/home.php b/app/controllers/web/home.php index cd411f432..1f178f101 100644 --- a/app/controllers/web/home.php +++ b/app/controllers/web/home.php @@ -322,7 +322,7 @@ App::get('/open-api-2.json') 'url' => 'https://raw.githubusercontent.com/appwrite/appwrite/master/LICENSE', ], ], - 'host' => \parse_url(App::getEnv('_APP_HOME', Config::getParam('domain')), PHP_URL_HOST), + 'host' => \parse_url(App::getEnv('_APP_HOME', $request->getHostname()), PHP_URL_HOST), 'basePath' => '/v1', 'schemes' => ['https'], 'consumes' => ['application/json', 'multipart/form-data'], @@ -369,7 +369,7 @@ App::get('/open-api-2.json') ], 'externalDocs' => [ 'description' => 'Full API docs, specs and tutorials', - 'url' => $request->getProtocol().'://'.Config::getParam('domain').'/docs', + 'url' => $request->getProtocol().'://'.$request->getHostname().'/docs', ], ]; diff --git a/src/Appwrite/Utopia/Request.php b/src/Appwrite/Utopia/Request.php index 9d582470f..2f12377fc 100644 --- a/src/Appwrite/Utopia/Request.php +++ b/src/Appwrite/Utopia/Request.php @@ -120,7 +120,7 @@ class Request extends UtopiaRequest public function debug() { - return $this->swoole->server; + return $this->swoole->header; } /** @@ -184,11 +184,35 @@ class Request extends UtopiaRequest * * @return string */ - public function getMethod():string + public function getMethod(): string { return $this->getServer('request_method', 'UNKNOWN'); } + /** + * Get Referer + * + * Return HTTP referer header + * + * @return string + */ + public function getReferer(string $default = ''): string + { + return $this->getHeader('referer', ''); + } + + /** + * Get Origin + * + * Return HTTP origin header + * + * @return string + */ + public function getOrigin(string $default = ''): string + { + return $this->getHeader('origin', $default); + } + /** * Get files * diff --git a/tests/e2e/Scopes/Scope.php b/tests/e2e/Scopes/Scope.php index 842e9a34b..61920877b 100644 --- a/tests/e2e/Scopes/Scope.php +++ b/tests/e2e/Scopes/Scope.php @@ -92,7 +92,7 @@ abstract class Scope extends TestCase 'password' => $password, ]); - $session = $this->client->parseCookie($session['headers']['set-cookie'])['a_session_console']; + $session = $this->client->parseCookie((string)$session['headers']['set-cookie'])['a_session_console']; self::$root = [ '$id' => $root['body']['$id'], @@ -143,7 +143,7 @@ abstract class Scope extends TestCase 'password' => $password, ]); - $session = $this->client->parseCookie($session['headers']['set-cookie'])['a_session_'.$this->getProject()['$id']]; + $session = $this->client->parseCookie((string)$session['headers']['set-cookie'])['a_session_'.$this->getProject()['$id']]; self::$user[$this->getProject()['$id']] = [ '$id' => $user['body']['$id'], diff --git a/tests/e2e/Services/Account/AccountBase.php b/tests/e2e/Services/Account/AccountBase.php index 0b49cf219..fef7990f6 100644 --- a/tests/e2e/Services/Account/AccountBase.php +++ b/tests/e2e/Services/Account/AccountBase.php @@ -83,7 +83,7 @@ trait AccountBase $this->assertEquals($response['headers']['status-code'], 201); $sessionId = $response['body']['$id']; - $session = $this->client->parseCookie($response['headers']['set-cookie'])['a_session_'.$this->getProject()['$id']]; + $session = $this->client->parseCookie((string)$response['headers']['set-cookie'])['a_session_'.$this->getProject()['$id']]; /** * Test for FAILURE @@ -774,7 +774,7 @@ trait AccountBase ]); $sessionNewId = $response['body']['$id']; - $sessionNew = $this->client->parseCookie($response['headers']['set-cookie'])['a_session_'.$this->getProject()['$id']]; + $sessionNew = $this->client->parseCookie((string)$response['headers']['set-cookie'])['a_session_'.$this->getProject()['$id']]; $this->assertEquals($response['headers']['status-code'], 201); @@ -840,7 +840,7 @@ trait AccountBase 'password' => $password, ]); - $sessionNew = $this->client->parseCookie($response['headers']['set-cookie'])['a_session_'.$this->getProject()['$id']]; + $sessionNew = $this->client->parseCookie((string)$response['headers']['set-cookie'])['a_session_'.$this->getProject()['$id']]; $this->assertEquals($response['headers']['status-code'], 201); @@ -922,7 +922,7 @@ trait AccountBase 'password' => $password, ]); - $data['session'] = $this->client->parseCookie($response['headers']['set-cookie'])['a_session_'.$this->getProject()['$id']]; + $data['session'] = $this->client->parseCookie((string)$response['headers']['set-cookie'])['a_session_'.$this->getProject()['$id']]; return $data; }