WIP: Add new group to api.php
This commit is contained in:
parent
9bac4f6728
commit
c07a3889e6
4 changed files with 22 additions and 3 deletions
1
.env
1
.env
|
@ -103,3 +103,4 @@ _APP_ASSISTANT_OPENAI_API_KEY=
|
|||
_APP_MESSAGE_SMS_TEST_DSN=
|
||||
_APP_MESSAGE_EMAIL_TEST_DSN=
|
||||
_APP_MESSAGE_PUSH_TEST_DSN=
|
||||
_APP_RESTRICTED_COUNTRIES=
|
|
@ -54,7 +54,7 @@ $oauthDefaultFailure = '/auth/oauth2/failure';
|
|||
|
||||
App::post('/v1/account')
|
||||
->desc('Create account')
|
||||
->groups(['api', 'account', 'auth'])
|
||||
->groups(['api', 'account', 'auth', 'restrict'])
|
||||
->label('event', 'users.[userId].create')
|
||||
->label('scope', 'sessions.write')
|
||||
->label('auth.type', 'emailPassword')
|
||||
|
@ -447,7 +447,7 @@ App::post('/v1/account/sessions/oauth2/callback/:provider/:projectId')
|
|||
|
||||
App::get('/v1/account/sessions/oauth2/:provider/redirect')
|
||||
->desc('OAuth2 redirect')
|
||||
->groups(['api', 'account', 'session'])
|
||||
->groups(['api', 'account', 'session', 'restrict'])
|
||||
->label('error', __DIR__ . '/../../views/general/error.phtml')
|
||||
->label('event', 'users.[userId].sessions.[sessionId].create')
|
||||
->label('scope', 'public')
|
||||
|
@ -1565,7 +1565,7 @@ App::put('/v1/account/sessions/magic-url')
|
|||
App::post('/v1/account/sessions/token')
|
||||
->desc('Create session')
|
||||
->label('event', 'users.[userId].sessions.[sessionId].create')
|
||||
->groups(['api', 'account'])
|
||||
->groups(['api', 'account', 'restrict'])
|
||||
->label('scope', 'sessions.write')
|
||||
->label('audits.event', 'session.create')
|
||||
->label('audits.resource', 'user/{response.userId}')
|
||||
|
|
|
@ -22,6 +22,7 @@ use Utopia\Database\Database;
|
|||
use Utopia\Database\DateTime;
|
||||
use Utopia\Database\Document;
|
||||
use Utopia\Database\Validator\Authorization;
|
||||
use MaxMind\Db\Reader;
|
||||
|
||||
$parseLabel = function (string $label, array $responsePayload, array $requestParams, Document $user) {
|
||||
preg_match_all('/{(.*?)}/', $label, $matches);
|
||||
|
@ -592,3 +593,19 @@ App::init()
|
|||
throw new Exception(Exception::GENERAL_USAGE_DISABLED);
|
||||
}
|
||||
});
|
||||
|
||||
App::init()
|
||||
->groups(['restrict'])
|
||||
->inject('request')
|
||||
->inject('geodb')
|
||||
->action(function (Request $request, Reader $geodb) {
|
||||
if (!empty(app::getEnv('_APP_RESTRICTED_COUNTRIES', ''))) {
|
||||
$countries = explode(',', App::getEnv('_APP_RESTRICTED_COUNTRIES', ''));
|
||||
// $record = $geodb->get($request->getIP());
|
||||
$record = $geodb->get('167.220.238.180');
|
||||
$country = $record['country']['iso_code'];
|
||||
if (in_array($country, $countries)) {
|
||||
throw new Exception(Exception::GENERAL_ACCESS_FORBIDDEN, "Access from $country is restricted");
|
||||
}
|
||||
}
|
||||
});
|
||||
|
|
|
@ -192,6 +192,7 @@ services:
|
|||
- _APP_MESSAGE_SMS_TEST_DSN
|
||||
- _APP_MESSAGE_EMAIL_TEST_DSN
|
||||
- _APP_MESSAGE_PUSH_TEST_DSN
|
||||
- _APP_RESTRICTED_COUNTRIES
|
||||
|
||||
appwrite-realtime:
|
||||
entrypoint: realtime
|
||||
|
|
Loading…
Reference in a new issue