add cors validation
This commit is contained in:
parent
8e912ba252
commit
a3fb2abf66
1 changed files with 26 additions and 5 deletions
|
@ -9,6 +9,7 @@ use Appwrite\Database\Adapter\Redis as RedisAdapter;
|
||||||
use Appwrite\Database\Database;
|
use Appwrite\Database\Database;
|
||||||
use Appwrite\Database\Document;
|
use Appwrite\Database\Document;
|
||||||
use Appwrite\Database\Validator\Authorization;
|
use Appwrite\Database\Validator\Authorization;
|
||||||
|
use Appwrite\Network\Validator\Origin;
|
||||||
use Appwrite\Realtime\Realtime;
|
use Appwrite\Realtime\Realtime;
|
||||||
use Swoole\Database\RedisConfig;
|
use Swoole\Database\RedisConfig;
|
||||||
use Swoole\Database\RedisPool;
|
use Swoole\Database\RedisPool;
|
||||||
|
@ -51,13 +52,13 @@ $subscriptions = [];
|
||||||
$connections = [];
|
$connections = [];
|
||||||
|
|
||||||
$register->set('redis', function () {
|
$register->set('redis', function () {
|
||||||
$user = App::getEnv('_APP_REDIS_USER','');
|
$user = App::getEnv('_APP_REDIS_USER', '');
|
||||||
$pass = App::getEnv('_APP_REDIS_PASS','');
|
$pass = App::getEnv('_APP_REDIS_PASS', '');
|
||||||
$auth = '';
|
$auth = '';
|
||||||
if(!empty($user)) {
|
if (!empty($user)) {
|
||||||
$auth += $user;
|
$auth += $user;
|
||||||
}
|
}
|
||||||
if(!empty($pass)) {
|
if (!empty($pass)) {
|
||||||
$auth += ':' . $pass;
|
$auth += ':' . $pass;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -188,6 +189,10 @@ $server->on('open', function (Server $server, Request $request) use (&$connectio
|
||||||
return $project;
|
return $project;
|
||||||
}, ['consoleDB', 'request']);
|
}, ['consoleDB', 'request']);
|
||||||
|
|
||||||
|
App::setResource('console', function ($consoleDB) {
|
||||||
|
return $consoleDB->getDocument('console');
|
||||||
|
}, ['consoleDB']);
|
||||||
|
|
||||||
App::setResource('user', function ($project, $request, $projectDB) {
|
App::setResource('user', function ($project, $request, $projectDB) {
|
||||||
/** @var Utopia\Swoole\Request $request */
|
/** @var Utopia\Swoole\Request $request */
|
||||||
/** @var Appwrite\Database\Document $project */
|
/** @var Appwrite\Database\Document $project */
|
||||||
|
@ -226,6 +231,9 @@ $server->on('open', function (Server $server, Request $request) use (&$connectio
|
||||||
/** @var Appwrite\Database\Document $project */
|
/** @var Appwrite\Database\Document $project */
|
||||||
$project = $app->getResource('project');
|
$project = $app->getResource('project');
|
||||||
|
|
||||||
|
/** @var Appwrite\Database\Document $console */
|
||||||
|
$console = $app->getResource('console');
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Abuse Check
|
* Abuse Check
|
||||||
*/
|
*/
|
||||||
|
@ -244,6 +252,19 @@ $server->on('open', function (Server $server, Request $request) use (&$connectio
|
||||||
$server->close($connection);
|
$server->close($connection);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Validate Client Domain - Check to avoid CSRF attack
|
||||||
|
* Adding Appwrite API domains to allow XDOMAIN communication
|
||||||
|
* Skip this check for non-web platforms which are not required to send an origin header
|
||||||
|
*/
|
||||||
|
$origin = $request->getOrigin();
|
||||||
|
$originValidator = new Origin(\array_merge($project->getAttribute('platforms', []), $console->getAttribute('platforms', [])));
|
||||||
|
|
||||||
|
if (!$originValidator->isValid($origin)) {
|
||||||
|
$server->push($connection, $originValidator->getDescription());
|
||||||
|
$server->close($connection);
|
||||||
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Project Check
|
* Project Check
|
||||||
*/
|
*/
|
||||||
|
@ -264,7 +285,7 @@ $server->on('open', function (Server $server, Request $request) use (&$connectio
|
||||||
$server->push($connection, 'Missing channels');
|
$server->push($connection, 'Missing channels');
|
||||||
$server->close($connection);
|
$server->close($connection);
|
||||||
}
|
}
|
||||||
|
|
||||||
Realtime::subscribe($project->getId(), $connection, $roles, $subscriptions, $connections, $channels);
|
Realtime::subscribe($project->getId(), $connection, $roles, $subscriptions, $connections, $channels);
|
||||||
|
|
||||||
$server->push($connection, json_encode($channels));
|
$server->push($connection, json_encode($channels));
|
||||||
|
|
Loading…
Reference in a new issue