CodeMirror/appwrite
1
0
Fork 0
mirror of synced 2024-06-27 02:31:04 +12:00
Code Issues Projects Releases Wiki Activity

WIP: Add new group to api.php

Browse source
This commit is contained in:
Khushboo Verma 2024-01-24 14:41:35 +05:30
parent 9bac4f6728
commit c07a3889e6
4 changed files with 22 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
.env
View file

@ -103,3 +103,4 @@ _APP_ASSISTANT_OPENAI_API_KEY=
_APP_MESSAGE_SMS_TEST_DSN= _APP_MESSAGE_SMS_TEST_DSN=
_APP_MESSAGE_EMAIL_TEST_DSN= _APP_MESSAGE_EMAIL_TEST_DSN=
_APP_MESSAGE_PUSH_TEST_DSN= _APP_MESSAGE_PUSH_TEST_DSN=
_APP_RESTRICTED_COUNTRIES=

6
app/controllers/api/account.php
View file

@ -54,7 +54,7 @@ $oauthDefaultFailure = '/auth/oauth2/failure';
App::post('/v1/account') App::post('/v1/account')
->desc('Create account') ->desc('Create account')
->groups(['api', 'account', 'auth']) ->groups(['api', 'account', 'auth', 'restrict'])
->label('event', 'users.[userId].create') ->label('event', 'users.[userId].create')
->label('scope', 'sessions.write') ->label('scope', 'sessions.write')
->label('auth.type', 'emailPassword') ->label('auth.type', 'emailPassword')
@ -447,7 +447,7 @@ App::post('/v1/account/sessions/oauth2/callback/:provider/:projectId')
App::get('/v1/account/sessions/oauth2/:provider/redirect') App::get('/v1/account/sessions/oauth2/:provider/redirect')
->desc('OAuth2 redirect') ->desc('OAuth2 redirect')
->groups(['api', 'account', 'session']) ->groups(['api', 'account', 'session', 'restrict'])
->label('error', __DIR__ . '/../../views/general/error.phtml') ->label('error', __DIR__ . '/../../views/general/error.phtml')
->label('event', 'users.[userId].sessions.[sessionId].create') ->label('event', 'users.[userId].sessions.[sessionId].create')
->label('scope', 'public') ->label('scope', 'public')
@ -1565,7 +1565,7 @@ App::put('/v1/account/sessions/magic-url')
App::post('/v1/account/sessions/token') App::post('/v1/account/sessions/token')
->desc('Create session') ->desc('Create session')
->label('event', 'users.[userId].sessions.[sessionId].create') ->label('event', 'users.[userId].sessions.[sessionId].create')
->groups(['api', 'account']) ->groups(['api', 'account', 'restrict'])
->label('scope', 'sessions.write') ->label('scope', 'sessions.write')
->label('audits.event', 'session.create') ->label('audits.event', 'session.create')
->label('audits.resource', 'user/{response.userId}') ->label('audits.resource', 'user/{response.userId}')

17
app/controllers/shared/api.php
View file

@ -22,6 +22,7 @@ use Utopia\Database\Database;
use Utopia\Database\DateTime; use Utopia\Database\DateTime;
use Utopia\Database\Document; use Utopia\Database\Document;
use Utopia\Database\Validator\Authorization; use Utopia\Database\Validator\Authorization;
use MaxMind\Db\Reader;
$parseLabel = function (string $label, array $responsePayload, array $requestParams, Document $user) { $parseLabel = function (string $label, array $responsePayload, array $requestParams, Document $user) {
preg_match_all('/{(.*?)}/', $label, $matches); preg_match_all('/{(.*?)}/', $label, $matches);
@ -592,3 +593,19 @@ App::init()
throw new Exception(Exception::GENERAL_USAGE_DISABLED); throw new Exception(Exception::GENERAL_USAGE_DISABLED);
} }
}); });
App::init()
->groups(['restrict'])
->inject('request')
->inject('geodb')
->action(function (Request $request, Reader $geodb) {
if (!empty(app::getEnv('_APP_RESTRICTED_COUNTRIES', ''))) {
$countries = explode(',', App::getEnv('_APP_RESTRICTED_COUNTRIES', ''));
// $record = $geodb->get($request->getIP());
$record = $geodb->get('167.220.238.180');
$country = $record['country']['iso_code'];
if (in_array($country, $countries)) {
throw new Exception(Exception::GENERAL_ACCESS_FORBIDDEN, "Access from $country is restricted");
}
}
});

1
docker-compose.yml
View file

@ -192,6 +192,7 @@ services:
- _APP_MESSAGE_SMS_TEST_DSN - _APP_MESSAGE_SMS_TEST_DSN
- _APP_MESSAGE_EMAIL_TEST_DSN - _APP_MESSAGE_EMAIL_TEST_DSN
- _APP_MESSAGE_PUSH_TEST_DSN - _APP_MESSAGE_PUSH_TEST_DSN
- _APP_RESTRICTED_COUNTRIES
appwrite-realtime: appwrite-realtime:
entrypoint: realtime entrypoint: realtime