Added option to restrict console access

app/config/collections.php

@@ -53,9 +53,9 @@ $collections = [
         'legalCity' => '',
         'legalAddress' => '',
         'legalTaxId' => '',
-        'authWhitelistEmails' => explode(',', $request->getServer('_APP_CONSOLE_WHITELIST_EMAILS', '')),
-        'authWhitelistIPs' => explode(',', $request->getServer('_APP_CONSOLE_WHITELIST_IPS', '')),
-        'authWhitelistDomains' => explode(',', $request->getServer('_APP_CONSOLE_WHITELIST_DOMIANS', '')),
+        'authWhitelistEmails' => (!empty($request->getServer('_APP_CONSOLE_WHITELIST_EMAILS', null))) ? explode(',', $request->getServer('_APP_CONSOLE_WHITELIST_EMAILS', null)) : [],
+        'authWhitelistIPs' => (!empty($request->getServer('_APP_CONSOLE_WHITELIST_IPS', null))) ? explode(',', $request->getServer('_APP_CONSOLE_WHITELIST_IPS', null)) : [],
+        'authWhitelistDomains' => (!empty($request->getServer('_APP_CONSOLE_WHITELIST_DOMAINS', null))) ? explode(',', $request->getServer('_APP_CONSOLE_WHITELIST_DOMAINS', null)) : [],
     ],
     Database::SYSTEM_COLLECTION_COLLECTIONS => [
         '$collection' => Database::SYSTEM_COLLECTION_COLLECTIONS,

app/controllers/auth.php

@@ -35,22 +35,22 @@ $utopia->post('/v1/auth/register')
     ->param('failure', null, function () use ($clients) {return new Host($clients);}, 'Redirect when registration failed')
     ->param('name', '', function () {return new Text(100);}, 'User name', true)
     ->action(
-        function ($email, $password, $name, $redirect, $success, $failure) use ($request, $response, $register, $audit, $projectDB, $project, $webhook) {
+        function ($email, $password, $redirect, $success, $failure, $name) use ($request, $response, $register, $audit, $projectDB, $project, $webhook) {
             if('console' === $project->getUid()) {
                 $whitlistEmails     = $project->getAttribute('authWhitelistEmails');
                 $whitlistIPs        = $project->getAttribute('authWhitelistIPs');
                 $whitlistDomains    = $project->getAttribute('authWhitelistDomains');
 
                 if(!empty($whitlistEmails) && !in_array($email, $whitlistEmails)) {
-                    throw new Exception('Console access is restricted to specific emails', 401);
+                    throw new Exception('Console registration is restricted to specific emails. Contact your administrator for more information.', 401);
                 }
 
                 if(!empty($whitlistIPs) && !in_array($request->getIP(), $whitlistIPs)) {
-                    throw new Exception('Console access is restricted to specific IPs', 401);
+                    throw new Exception('Console registration is restricted to specific IPs. Contact your administrator for more information.', 401);
                 }
 
                 if(!empty($whitlistDomains) && !in_array(substr(strrchr($email, "@"), 1), $whitlistDomains)) {
-                    throw new Exception('Console access is restricted to specific Domains', 401);
+                    throw new Exception('Console registration is restricted to specific domains. Contact your administrator for more information.', 401);
                 }
             }
             

docker-compose.yml

@@ -32,9 +32,9 @@ services:
     - _APP_INFLUXDB_PORT=8086
     - _APP_STATSD_HOST=telegraf
     - _APP_STATSD_PORT=8125
-    # - _APP_CONSOLE_WHITELIST_EMAILS=eldad.fux@example.com,eldad@example.io
-    # - _APP_CONSOLE_WHITELIST_IPS=192.1.1.100
-    # - _APP_CONSOLE_WHITELIST_DOMAINS=appwrite.io,example.com
+    #- _APP_CONSOLE_WHITELIST_EMAILS=user1@example.com,user2@example.com
+    #- _APP_CONSOLE_WHITELIST_IPS=192.1.1.100,192.1.1.101
+    #- _APP_CONSOLE_WHITELIST_DOMAINS=appwrite.io,example.com
 
   mariadb:
     image: appwrite/mariadb:1.0.0 # fix issues when upgrading using: mysql_upgrade -u root -p