1
0
Fork 0
mirror of synced 2024-06-13 16:24:47 +12:00

WIP: Add new group to api.php

This commit is contained in:
Khushboo Verma 2024-01-24 14:41:35 +05:30
parent 9bac4f6728
commit c07a3889e6
4 changed files with 22 additions and 3 deletions

1
.env
View file

@ -103,3 +103,4 @@ _APP_ASSISTANT_OPENAI_API_KEY=
_APP_MESSAGE_SMS_TEST_DSN=
_APP_MESSAGE_EMAIL_TEST_DSN=
_APP_MESSAGE_PUSH_TEST_DSN=
_APP_RESTRICTED_COUNTRIES=

View file

@ -54,7 +54,7 @@ $oauthDefaultFailure = '/auth/oauth2/failure';
App::post('/v1/account')
->desc('Create account')
->groups(['api', 'account', 'auth'])
->groups(['api', 'account', 'auth', 'restrict'])
->label('event', 'users.[userId].create')
->label('scope', 'sessions.write')
->label('auth.type', 'emailPassword')
@ -447,7 +447,7 @@ App::post('/v1/account/sessions/oauth2/callback/:provider/:projectId')
App::get('/v1/account/sessions/oauth2/:provider/redirect')
->desc('OAuth2 redirect')
->groups(['api', 'account', 'session'])
->groups(['api', 'account', 'session', 'restrict'])
->label('error', __DIR__ . '/../../views/general/error.phtml')
->label('event', 'users.[userId].sessions.[sessionId].create')
->label('scope', 'public')
@ -1565,7 +1565,7 @@ App::put('/v1/account/sessions/magic-url')
App::post('/v1/account/sessions/token')
->desc('Create session')
->label('event', 'users.[userId].sessions.[sessionId].create')
->groups(['api', 'account'])
->groups(['api', 'account', 'restrict'])
->label('scope', 'sessions.write')
->label('audits.event', 'session.create')
->label('audits.resource', 'user/{response.userId}')

View file

@ -22,6 +22,7 @@ use Utopia\Database\Database;
use Utopia\Database\DateTime;
use Utopia\Database\Document;
use Utopia\Database\Validator\Authorization;
use MaxMind\Db\Reader;
$parseLabel = function (string $label, array $responsePayload, array $requestParams, Document $user) {
preg_match_all('/{(.*?)}/', $label, $matches);
@ -592,3 +593,19 @@ App::init()
throw new Exception(Exception::GENERAL_USAGE_DISABLED);
}
});
App::init()
->groups(['restrict'])
->inject('request')
->inject('geodb')
->action(function (Request $request, Reader $geodb) {
if (!empty(app::getEnv('_APP_RESTRICTED_COUNTRIES', ''))) {
$countries = explode(',', App::getEnv('_APP_RESTRICTED_COUNTRIES', ''));
// $record = $geodb->get($request->getIP());
$record = $geodb->get('167.220.238.180');
$country = $record['country']['iso_code'];
if (in_array($country, $countries)) {
throw new Exception(Exception::GENERAL_ACCESS_FORBIDDEN, "Access from $country is restricted");
}
}
});

View file

@ -192,6 +192,7 @@ services:
- _APP_MESSAGE_SMS_TEST_DSN
- _APP_MESSAGE_EMAIL_TEST_DSN
- _APP_MESSAGE_PUSH_TEST_DSN
- _APP_RESTRICTED_COUNTRIES
appwrite-realtime:
entrypoint: realtime