CodeMirror/appwrite
1
0
Fork 0
mirror of synced 2024-07-01 04:30:59 +12:00
Code Issues Projects Releases Wiki Activity

Merge pull request #7387 from appwrite/fix-app-console-hostnames-check-on-refactor-usage-sn

Browse source 
Fix app console hostnames check on refactor usage sn
This commit is contained in:
Torsten Dittmann 2024-01-03 22:22:39 +01:00 committed by GitHub
parent 127aa3cea7 0c3ed13ad3
commit 99c163d217
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 60 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
.env
View file

@ -4,7 +4,7 @@ _APP_WORKER_PER_CORE=6
_APP_CONSOLE_WHITELIST_ROOT=disabled
_APP_CONSOLE_WHITELIST_EMAILS=
_APP_CONSOLE_WHITELIST_IPS=
_APP_CONSOLE_HOSTNAMES=
_APP_CONSOLE_HOSTNAMES=localhost,appwrite.io,*.appwrite.io
_APP_SYSTEM_EMAIL_NAME=Appwrite
_APP_SYSTEM_EMAIL_ADDRESS=team@appwrite.io
_APP_SYSTEM_SECURITY_EMAIL_ADDRESS=security@appwrite.io

2
app/config/variables.php
View file

@ -127,7 +127,7 @@ return [
[
'name' => '_APP_CONSOLE_HOSTNAMES',
'description' => 'This option allows you to add additional hostnames to your Appwrite console. This option is very useful for allowing access to the console project from additional domains. To enable it, pass a list of allowed hostnames separated by a comma.',
'introduction' => '',
'introduction' => '1.5.0',
'default' => '',
'required' => false,
'question' => '',

20
app/init.php
View file

@ -81,6 +81,7 @@ use Utopia\Queue\Connection;
use Utopia\Storage\Storage;
use Utopia\VCS\Adapter\Git\GitHub as VcsGitHub;
use Utopia\Validator\Range;
use Utopia\Validator\Hostname;
use Utopia\Validator\IP;
use Utopia\Validator\URL;
use Utopia\Validator\WhiteList;
@ -928,15 +929,18 @@ App::setResource('clients', function ($request, $console, $project) {
], Document::SET_TYPE_APPEND);
$hostnames = explode(',', App::getEnv('_APP_CONSOLE_HOSTNAMES', ''));
if (is_array($hostnames)) {
foreach ($hostnames as $hostname) {
$console->setAttribute('platforms', [
'$collection' => ID::custom('platforms'),
'type' => Origin::CLIENT_TYPE_WEB,
'name' => $hostname,
'hostname' => $hostname,
], Document::SET_TYPE_APPEND);
$validator = new Hostname();
foreach ($hostnames as $hostname) {
$hostname = trim($hostname);
if (!$validator->isValid($hostname)) {
continue;
}
$console->setAttribute('platforms', [
'$collection' => ID::custom('platforms'),
'type' => Origin::CLIENT_TYPE_WEB,
'name' => $hostname,
'hostname' => $hostname,
], Document::SET_TYPE_APPEND);
}
/**

46
tests/e2e/General/HTTPTest.php
View file

@ -171,4 +171,50 @@ class HTTPTest extends Scope
$this->assertEquals(200, $response['headers']['status-code']);
}
public function testCors()
{
/**
* Test for SUCCESS
*/
$endpoint = '/v1/projects'; // Can be any non-404 route
$response = $this->client->call(Client::METHOD_GET, $endpoint);
$this->assertEquals('http://localhost', $response['headers']['access-control-allow-origin']);
$response = $this->client->call(Client::METHOD_GET, $endpoint, [
'origin' => 'http://localhost',
]);
$this->assertEquals('http://localhost', $response['headers']['access-control-allow-origin']);
$response = $this->client->call(Client::METHOD_GET, $endpoint, [
'origin' => 'http://appwrite.io',
]);
$this->assertEquals('http://appwrite.io', $response['headers']['access-control-allow-origin']);
$response = $this->client->call(Client::METHOD_GET, $endpoint, [
'origin' => 'https://appwrite.io',
]);
$this->assertEquals('https://appwrite.io', $response['headers']['access-control-allow-origin']);
$response = $this->client->call(Client::METHOD_GET, $endpoint, [
'origin' => 'http://cloud.appwrite.io',
]);
$this->assertEquals('http://cloud.appwrite.io', $response['headers']['access-control-allow-origin']);
/**
* Test for FAILURE
*/
$response = $this->client->call(Client::METHOD_GET, $endpoint, [
'origin' => 'http://google.com',
]);
$this->assertEquals('http://localhost', $response['headers']['access-control-allow-origin']);
}
}