Added option to restrict console access
This commit is contained in:
parent
be7be9f3a4
commit
be7fddc303
|
@ -53,9 +53,9 @@ $collections = [
|
|||
'legalCity' => '',
|
||||
'legalAddress' => '',
|
||||
'legalTaxId' => '',
|
||||
'authWhitelistEmails' => explode(',', $request->getServer('_APP_CONSOLE_WHITELIST_EMAILS', '')),
|
||||
'authWhitelistIPs' => explode(',', $request->getServer('_APP_CONSOLE_WHITELIST_IPS', '')),
|
||||
'authWhitelistDomains' => explode(',', $request->getServer('_APP_CONSOLE_WHITELIST_DOMIANS', '')),
|
||||
'authWhitelistEmails' => (!empty($request->getServer('_APP_CONSOLE_WHITELIST_EMAILS', null))) ? explode(',', $request->getServer('_APP_CONSOLE_WHITELIST_EMAILS', null)) : [],
|
||||
'authWhitelistIPs' => (!empty($request->getServer('_APP_CONSOLE_WHITELIST_IPS', null))) ? explode(',', $request->getServer('_APP_CONSOLE_WHITELIST_IPS', null)) : [],
|
||||
'authWhitelistDomains' => (!empty($request->getServer('_APP_CONSOLE_WHITELIST_DOMAINS', null))) ? explode(',', $request->getServer('_APP_CONSOLE_WHITELIST_DOMAINS', null)) : [],
|
||||
],
|
||||
Database::SYSTEM_COLLECTION_COLLECTIONS => [
|
||||
'$collection' => Database::SYSTEM_COLLECTION_COLLECTIONS,
|
||||
|
|
|
@ -35,22 +35,22 @@ $utopia->post('/v1/auth/register')
|
|||
->param('failure', null, function () use ($clients) {return new Host($clients);}, 'Redirect when registration failed')
|
||||
->param('name', '', function () {return new Text(100);}, 'User name', true)
|
||||
->action(
|
||||
function ($email, $password, $name, $redirect, $success, $failure) use ($request, $response, $register, $audit, $projectDB, $project, $webhook) {
|
||||
function ($email, $password, $redirect, $success, $failure, $name) use ($request, $response, $register, $audit, $projectDB, $project, $webhook) {
|
||||
if('console' === $project->getUid()) {
|
||||
$whitlistEmails = $project->getAttribute('authWhitelistEmails');
|
||||
$whitlistIPs = $project->getAttribute('authWhitelistIPs');
|
||||
$whitlistDomains = $project->getAttribute('authWhitelistDomains');
|
||||
|
||||
if(!empty($whitlistEmails) && !in_array($email, $whitlistEmails)) {
|
||||
throw new Exception('Console access is restricted to specific emails', 401);
|
||||
throw new Exception('Console registration is restricted to specific emails. Contact your administrator for more information.', 401);
|
||||
}
|
||||
|
||||
if(!empty($whitlistIPs) && !in_array($request->getIP(), $whitlistIPs)) {
|
||||
throw new Exception('Console access is restricted to specific IPs', 401);
|
||||
throw new Exception('Console registration is restricted to specific IPs. Contact your administrator for more information.', 401);
|
||||
}
|
||||
|
||||
if(!empty($whitlistDomains) && !in_array(substr(strrchr($email, "@"), 1), $whitlistDomains)) {
|
||||
throw new Exception('Console access is restricted to specific Domains', 401);
|
||||
throw new Exception('Console registration is restricted to specific domains. Contact your administrator for more information.', 401);
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -32,9 +32,9 @@ services:
|
|||
- _APP_INFLUXDB_PORT=8086
|
||||
- _APP_STATSD_HOST=telegraf
|
||||
- _APP_STATSD_PORT=8125
|
||||
# - _APP_CONSOLE_WHITELIST_EMAILS=eldad.fux@example.com,eldad@example.io
|
||||
# - _APP_CONSOLE_WHITELIST_IPS=192.1.1.100
|
||||
# - _APP_CONSOLE_WHITELIST_DOMAINS=appwrite.io,example.com
|
||||
#- _APP_CONSOLE_WHITELIST_EMAILS=user1@example.com,user2@example.com
|
||||
#- _APP_CONSOLE_WHITELIST_IPS=192.1.1.100,192.1.1.101
|
||||
#- _APP_CONSOLE_WHITELIST_DOMAINS=appwrite.io,example.com
|
||||
|
||||
mariadb:
|
||||
image: appwrite/mariadb:1.0.0 # fix issues when upgrading using: mysql_upgrade -u root -p
|
||||
|
|
Loading…
Reference in a new issue