CodeMirror/appwrite
1
0
Fork 0
mirror of synced 2024-09-29 17:01:37 +13:00
Code Issues Projects Releases Wiki Activity

Allow only public domains in webhook url

Browse source
This commit is contained in:
Khushboo Verma 2023-12-28 15:16:08 +05:30
parent 557565b949
commit d418a581b7
3 changed files with 66 additions and 64 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
app/controllers/api/projects.php
View file

@ -27,6 +27,7 @@ use Utopia\Database\Query;
use Utopia\Database\Validator\Authorization; use Utopia\Database\Validator\Authorization;
use Utopia\Database\Validator\Datetime as DatetimeValidator; use Utopia\Database\Validator\Datetime as DatetimeValidator;
use Utopia\Database\Validator\UID; use Utopia\Database\Validator\UID;
use Utopia\Domains\Validator\PublicDomain;
use Utopia\Locale\Locale; use Utopia\Locale\Locale;
use Utopia\Pools\Group; use Utopia\Pools\Group;
use Utopia\Registry\Registry; use Utopia\Registry\Registry;
@ -34,6 +35,7 @@ use Utopia\Validator\ArrayList;
use Utopia\Validator\Boolean; use Utopia\Validator\Boolean;
use Utopia\Validator\Hostname; use Utopia\Validator\Hostname;
use Utopia\Validator\Integer; use Utopia\Validator\Integer;
use Utopia\Validator\Multiple;
use Utopia\Validator\Range; use Utopia\Validator\Range;
use Utopia\Validator\Text; use Utopia\Validator\Text;
use Utopia\Validator\URL; use Utopia\Validator\URL;
@ -898,7 +900,7 @@ App::post('/v1/projects/:projectId/webhooks')
->param('projectId', '', new UID(), 'Project unique ID.') ->param('projectId', '', new UID(), 'Project unique ID.')
->param('name', null, new Text(128), 'Webhook name. Max length: 128 chars.') ->param('name', null, new Text(128), 'Webhook name. Max length: 128 chars.')
->param('events', null, new ArrayList(new Event(), APP_LIMIT_ARRAY_PARAMS_SIZE), 'Events list. Maximum of ' . APP_LIMIT_ARRAY_PARAMS_SIZE . ' events are allowed.') ->param('events', null, new ArrayList(new Event(), APP_LIMIT_ARRAY_PARAMS_SIZE), 'Events list. Maximum of ' . APP_LIMIT_ARRAY_PARAMS_SIZE . ' events are allowed.')
->param('url', null, new URL(['http', 'https']), 'Webhook URL.') ->param('url', '', fn ($request) => new Multiple([new URL(['http', 'https']), new PublicDomain(\parse_url($request->getPayload('url'), PHP_URL_HOST))], Multiple::TYPE_STRING), 'Webhook URL.', false, ['request'])
->param('security', false, new Boolean(true), 'Certificate verification, false for disabled or true for enabled.') ->param('security', false, new Boolean(true), 'Certificate verification, false for disabled or true for enabled.')
->param('httpUser', '', new Text(256), 'Webhook HTTP user. Max length: 256 chars.', true) ->param('httpUser', '', new Text(256), 'Webhook HTTP user. Max length: 256 chars.', true)
->param('httpPass', '', new Text(256), 'Webhook HTTP password. Max length: 256 chars.', true) ->param('httpPass', '', new Text(256), 'Webhook HTTP password. Max length: 256 chars.', true)
@ -1021,7 +1023,7 @@ App::put('/v1/projects/:projectId/webhooks/:webhookId')
->param('webhookId', '', new UID(), 'Webhook unique ID.') ->param('webhookId', '', new UID(), 'Webhook unique ID.')
->param('name', null, new Text(128), 'Webhook name. Max length: 128 chars.') ->param('name', null, new Text(128), 'Webhook name. Max length: 128 chars.')
->param('events', null, new ArrayList(new Event(), APP_LIMIT_ARRAY_PARAMS_SIZE), 'Events list. Maximum of ' . APP_LIMIT_ARRAY_PARAMS_SIZE . ' events are allowed.') ->param('events', null, new ArrayList(new Event(), APP_LIMIT_ARRAY_PARAMS_SIZE), 'Events list. Maximum of ' . APP_LIMIT_ARRAY_PARAMS_SIZE . ' events are allowed.')
->param('url', null, new URL(['http', 'https']), 'Webhook URL.') ->param('url', '', fn ($request) => new Multiple([new URL(['http', 'https']), new PublicDomain(\parse_url($request->getPayload('url'), PHP_URL_HOST))], Multiple::TYPE_STRING), 'Webhook URL.', false, ['request'])
->param('security', false, new Boolean(true), 'Certificate verification, false for disabled or true for enabled.') ->param('security', false, new Boolean(true), 'Certificate verification, false for disabled or true for enabled.')
->param('httpUser', '', new Text(256), 'Webhook HTTP user. Max length: 256 chars.', true) ->param('httpUser', '', new Text(256), 'Webhook HTTP user. Max length: 256 chars.', true)
->param('httpPass', '', new Text(256), 'Webhook HTTP password. Max length: 256 chars.', true) ->param('httpPass', '', new Text(256), 'Webhook HTTP password. Max length: 256 chars.', true)

4
composer.json
View file

@ -50,9 +50,9 @@
"utopia-php/cli": "0.15.*", "utopia-php/cli": "0.15.*",
"utopia-php/config": "0.2.*", "utopia-php/config": "0.2.*",
"utopia-php/database": "0.45.*", "utopia-php/database": "0.45.*",
"utopia-php/domains": "0.3.*", "utopia-php/domains": "0.4.*",
"utopia-php/dsn": "0.1.*", "utopia-php/dsn": "0.1.*",
"utopia-php/framework": "0.31.1", "utopia-php/framework": "0.32.*",
"utopia-php/image": "0.5.*", "utopia-php/image": "0.5.*",
"utopia-php/locale": "0.4.*", "utopia-php/locale": "0.4.*",
"utopia-php/logger": "0.3.*", "utopia-php/logger": "0.3.*",

120
composer.lock generated
View file

@ -4,7 +4,7 @@
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
"This file is @generated automatically" "This file is @generated automatically"
], ],
"content-hash": "7041499af2e7b23795d8ef82c9d7a072", "content-hash": "def5b4f6d260324aefe22c6980a89e9d",
"packages": [ "packages": [
{ {
"name": "adhocore/jwt", "name": "adhocore/jwt",
@ -1962,16 +1962,16 @@
}, },
{ {
"name": "utopia-php/domains", "name": "utopia-php/domains",
"version": "0.3.2", "version": "0.4.1",
"source": { "source": {
"type": "git", "type": "git",
"url": "https://github.com/utopia-php/domains.git", "url": "https://github.com/utopia-php/domains.git",
"reference": "aaa8c9a96c69ccb397997b1f4f2299c66f77eefb" "reference": "815198420852f924a350150ca201edfc6f19cf20"
}, },
"dist": { "dist": {
"type": "zip", "type": "zip",
"url": "https://api.github.com/repos/utopia-php/domains/zipball/aaa8c9a96c69ccb397997b1f4f2299c66f77eefb", "url": "https://api.github.com/repos/utopia-php/domains/zipball/815198420852f924a350150ca201edfc6f19cf20",
"reference": "aaa8c9a96c69ccb397997b1f4f2299c66f77eefb", "reference": "815198420852f924a350150ca201edfc6f19cf20",
"shasum": "" "shasum": ""
}, },
"require": { "require": {
@ -2016,9 +2016,9 @@
], ],
"support": { "support": {
"issues": "https://github.com/utopia-php/domains/issues", "issues": "https://github.com/utopia-php/domains/issues",
"source": "https://github.com/utopia-php/domains/tree/0.3.2" "source": "https://github.com/utopia-php/domains/tree/0.4.1"
}, },
"time": "2023-07-19T16:39:24+00:00" "time": "2023-12-28T09:23:51+00:00"
}, },
{ {
"name": "utopia-php/dsn", "name": "utopia-php/dsn",
@ -2069,16 +2069,16 @@
}, },
{ {
"name": "utopia-php/framework", "name": "utopia-php/framework",
"version": "0.31.1", "version": "0.32.0",
"source": { "source": {
"type": "git", "type": "git",
"url": "https://github.com/utopia-php/framework.git", "url": "https://github.com/utopia-php/framework.git",
"reference": "e50d2d16f4bc31319043f3f6d3dbea36c6fd6b68" "reference": "ad6f7e6d6b38cf5bed4e3af9a1394c59d4bb9225"
}, },
"dist": { "dist": {
"type": "zip", "type": "zip",
"url": "https://api.github.com/repos/utopia-php/framework/zipball/e50d2d16f4bc31319043f3f6d3dbea36c6fd6b68", "url": "https://api.github.com/repos/utopia-php/framework/zipball/ad6f7e6d6b38cf5bed4e3af9a1394c59d4bb9225",
"reference": "e50d2d16f4bc31319043f3f6d3dbea36c6fd6b68", "reference": "ad6f7e6d6b38cf5bed4e3af9a1394c59d4bb9225",
"shasum": "" "shasum": ""
}, },
"require": { "require": {
@ -2108,9 +2108,9 @@
], ],
"support": { "support": {
"issues": "https://github.com/utopia-php/framework/issues", "issues": "https://github.com/utopia-php/framework/issues",
"source": "https://github.com/utopia-php/framework/tree/0.31.1" "source": "https://github.com/utopia-php/framework/tree/0.32.0"
}, },
"time": "2023-12-08T18:47:29+00:00" "time": "2023-12-26T14:18:36+00:00"
}, },
{ {
"name": "utopia-php/image", "name": "utopia-php/image",
@ -2476,16 +2476,16 @@
}, },
{ {
"name": "utopia-php/platform", "name": "utopia-php/platform",
"version": "0.5.0", "version": "0.5.1",
"source": { "source": {
"type": "git", "type": "git",
"url": "https://github.com/utopia-php/platform.git", "url": "https://github.com/utopia-php/platform.git",
"reference": "229a7b1fa1f39afd1532f7a515326a6afc222a26" "reference": "3eceef0b6593fe0f7d2efd36d40402a395a4c285"
}, },
"dist": { "dist": {
"type": "zip", "type": "zip",
"url": "https://api.github.com/repos/utopia-php/platform/zipball/229a7b1fa1f39afd1532f7a515326a6afc222a26", "url": "https://api.github.com/repos/utopia-php/platform/zipball/3eceef0b6593fe0f7d2efd36d40402a395a4c285",
"reference": "229a7b1fa1f39afd1532f7a515326a6afc222a26", "reference": "3eceef0b6593fe0f7d2efd36d40402a395a4c285",
"shasum": "" "shasum": ""
}, },
"require": { "require": {
@ -2493,7 +2493,7 @@
"ext-redis": "*", "ext-redis": "*",
"php": ">=8.0", "php": ">=8.0",
"utopia-php/cli": "0.15.*", "utopia-php/cli": "0.15.*",
"utopia-php/framework": "0.31.*" "utopia-php/framework": "0.*.*"
}, },
"require-dev": { "require-dev": {
"laravel/pint": "1.2.*", "laravel/pint": "1.2.*",
@ -2519,9 +2519,9 @@
], ],
"support": { "support": {
"issues": "https://github.com/utopia-php/platform/issues", "issues": "https://github.com/utopia-php/platform/issues",
"source": "https://github.com/utopia-php/platform/tree/0.5.0" "source": "https://github.com/utopia-php/platform/tree/0.5.1"
}, },
"time": "2023-10-16T20:28:49+00:00" "time": "2023-12-26T16:14:41+00:00"
}, },
{ {
"name": "utopia-php/pools", "name": "utopia-php/pools",
@ -2904,23 +2904,23 @@
}, },
{ {
"name": "utopia-php/vcs", "name": "utopia-php/vcs",
"version": "0.6.2", "version": "0.6.4",
"source": { "source": {
"type": "git", "type": "git",
"url": "https://github.com/utopia-php/vcs.git", "url": "https://github.com/utopia-php/vcs.git",
"reference": "f135291b87cb45335fc6608722e7f89894bc33ee" "reference": "b2595a50a4897a8c88319240810055b7a96efd6d"
}, },
"dist": { "dist": {
"type": "zip", "type": "zip",
"url": "https://api.github.com/repos/utopia-php/vcs/zipball/f135291b87cb45335fc6608722e7f89894bc33ee", "url": "https://api.github.com/repos/utopia-php/vcs/zipball/b2595a50a4897a8c88319240810055b7a96efd6d",
"reference": "f135291b87cb45335fc6608722e7f89894bc33ee", "reference": "b2595a50a4897a8c88319240810055b7a96efd6d",
"shasum": "" "shasum": ""
}, },
"require": { "require": {
"adhocore/jwt": "^1.1", "adhocore/jwt": "^1.1",
"php": ">=8.0", "php": ">=8.0",
"utopia-php/cache": "^0.8.0", "utopia-php/cache": "^0.8.0",
"utopia-php/framework": "0.31.*" "utopia-php/framework": "0.*.*"
}, },
"require-dev": { "require-dev": {
"laravel/pint": "1.2.*", "laravel/pint": "1.2.*",
@ -2947,9 +2947,9 @@
], ],
"support": { "support": {
"issues": "https://github.com/utopia-php/vcs/issues", "issues": "https://github.com/utopia-php/vcs/issues",
"source": "https://github.com/utopia-php/vcs/tree/0.6.2" "source": "https://github.com/utopia-php/vcs/tree/0.6.4"
}, },
"time": "2023-11-08T15:36:03+00:00" "time": "2023-12-26T15:38:19+00:00"
}, },
{ {
"name": "utopia-php/websocket", "name": "utopia-php/websocket",
@ -3487,16 +3487,16 @@
}, },
{ {
"name": "nikic/php-parser", "name": "nikic/php-parser",
"version": "v4.17.1", "version": "v4.18.0",
"source": { "source": {
"type": "git", "type": "git",
"url": "https://github.com/nikic/PHP-Parser.git", "url": "https://github.com/nikic/PHP-Parser.git",
"reference": "a6303e50c90c355c7eeee2c4a8b27fe8dc8fef1d" "reference": "1bcbb2179f97633e98bbbc87044ee2611c7d7999"
}, },
"dist": { "dist": {
"type": "zip", "type": "zip",
"url": "https://api.github.com/repos/nikic/PHP-Parser/zipball/a6303e50c90c355c7eeee2c4a8b27fe8dc8fef1d", "url": "https://api.github.com/repos/nikic/PHP-Parser/zipball/1bcbb2179f97633e98bbbc87044ee2611c7d7999",
"reference": "a6303e50c90c355c7eeee2c4a8b27fe8dc8fef1d", "reference": "1bcbb2179f97633e98bbbc87044ee2611c7d7999",
"shasum": "" "shasum": ""
}, },
"require": { "require": {
@ -3537,9 +3537,9 @@
], ],
"support": { "support": {
"issues": "https://github.com/nikic/PHP-Parser/issues", "issues": "https://github.com/nikic/PHP-Parser/issues",
"source": "https://github.com/nikic/PHP-Parser/tree/v4.17.1" "source": "https://github.com/nikic/PHP-Parser/tree/v4.18.0"
}, },
"time": "2023-08-13T19:53:39+00:00" "time": "2023-12-10T21:03:43+00:00"
}, },
{ {
"name": "phar-io/manifest", "name": "phar-io/manifest",
@ -3891,16 +3891,16 @@
}, },
{ {
"name": "phpstan/phpdoc-parser", "name": "phpstan/phpdoc-parser",
"version": "1.24.4", "version": "1.24.5",
"source": { "source": {
"type": "git", "type": "git",
"url": "https://github.com/phpstan/phpdoc-parser.git", "url": "https://github.com/phpstan/phpdoc-parser.git",
"reference": "6bd0c26f3786cd9b7c359675cb789e35a8e07496" "reference": "fedf211ff14ec8381c9bf5714e33a7a552dd1acc"
}, },
"dist": { "dist": {
"type": "zip", "type": "zip",
"url": "https://api.github.com/repos/phpstan/phpdoc-parser/zipball/6bd0c26f3786cd9b7c359675cb789e35a8e07496", "url": "https://api.github.com/repos/phpstan/phpdoc-parser/zipball/fedf211ff14ec8381c9bf5714e33a7a552dd1acc",
"reference": "6bd0c26f3786cd9b7c359675cb789e35a8e07496", "reference": "fedf211ff14ec8381c9bf5714e33a7a552dd1acc",
"shasum": "" "shasum": ""
}, },
"require": { "require": {
@ -3932,29 +3932,29 @@
"description": "PHPDoc parser with support for nullable, intersection and generic types", "description": "PHPDoc parser with support for nullable, intersection and generic types",
"support": { "support": {
"issues": "https://github.com/phpstan/phpdoc-parser/issues", "issues": "https://github.com/phpstan/phpdoc-parser/issues",
"source": "https://github.com/phpstan/phpdoc-parser/tree/1.24.4" "source": "https://github.com/phpstan/phpdoc-parser/tree/1.24.5"
}, },
"time": "2023-11-26T18:29:22+00:00" "time": "2023-12-16T09:33:33+00:00"
}, },
{ {
"name": "phpunit/php-code-coverage", "name": "phpunit/php-code-coverage",
"version": "9.2.29", "version": "9.2.30",
"source": { "source": {
"type": "git", "type": "git",
"url": "https://github.com/sebastianbergmann/php-code-coverage.git", "url": "https://github.com/sebastianbergmann/php-code-coverage.git",
"reference": "6a3a87ac2bbe33b25042753df8195ba4aa534c76" "reference": "ca2bd87d2f9215904682a9cb9bb37dda98e76089"
}, },
"dist": { "dist": {
"type": "zip", "type": "zip",
"url": "https://api.github.com/repos/sebastianbergmann/php-code-coverage/zipball/6a3a87ac2bbe33b25042753df8195ba4aa534c76", "url": "https://api.github.com/repos/sebastianbergmann/php-code-coverage/zipball/ca2bd87d2f9215904682a9cb9bb37dda98e76089",
"reference": "6a3a87ac2bbe33b25042753df8195ba4aa534c76", "reference": "ca2bd87d2f9215904682a9cb9bb37dda98e76089",
"shasum": "" "shasum": ""
}, },
"require": { "require": {
"ext-dom": "*", "ext-dom": "*",
"ext-libxml": "*", "ext-libxml": "*",
"ext-xmlwriter": "*", "ext-xmlwriter": "*",
"nikic/php-parser": "^4.15", "nikic/php-parser": "^4.18 || ^5.0",
"php": ">=7.3", "php": ">=7.3",
"phpunit/php-file-iterator": "^3.0.3", "phpunit/php-file-iterator": "^3.0.3",
"phpunit/php-text-template": "^2.0.2", "phpunit/php-text-template": "^2.0.2",
@ -4004,7 +4004,7 @@
"support": { "support": {
"issues": "https://github.com/sebastianbergmann/php-code-coverage/issues", "issues": "https://github.com/sebastianbergmann/php-code-coverage/issues",
"security": "https://github.com/sebastianbergmann/php-code-coverage/security/policy", "security": "https://github.com/sebastianbergmann/php-code-coverage/security/policy",
"source": "https://github.com/sebastianbergmann/php-code-coverage/tree/9.2.29" "source": "https://github.com/sebastianbergmann/php-code-coverage/tree/9.2.30"
}, },
"funding": [ "funding": [
{ {
@ -4012,7 +4012,7 @@
"type": "github" "type": "github"
} }
], ],
"time": "2023-09-19T04:57:46+00:00" "time": "2023-12-22T06:47:57+00:00"
}, },
{ {
"name": "phpunit/php-file-iterator", "name": "phpunit/php-file-iterator",
@ -4651,20 +4651,20 @@
}, },
{ {
"name": "sebastian/complexity", "name": "sebastian/complexity",
"version": "2.0.2", "version": "2.0.3",
"source": { "source": {
"type": "git", "type": "git",
"url": "https://github.com/sebastianbergmann/complexity.git", "url": "https://github.com/sebastianbergmann/complexity.git",
"reference": "739b35e53379900cc9ac327b2147867b8b6efd88" "reference": "25f207c40d62b8b7aa32f5ab026c53561964053a"
}, },
"dist": { "dist": {
"type": "zip", "type": "zip",
"url": "https://api.github.com/repos/sebastianbergmann/complexity/zipball/739b35e53379900cc9ac327b2147867b8b6efd88", "url": "https://api.github.com/repos/sebastianbergmann/complexity/zipball/25f207c40d62b8b7aa32f5ab026c53561964053a",
"reference": "739b35e53379900cc9ac327b2147867b8b6efd88", "reference": "25f207c40d62b8b7aa32f5ab026c53561964053a",
"shasum": "" "shasum": ""
}, },
"require": { "require": {
"nikic/php-parser": "^4.7", "nikic/php-parser": "^4.18 || ^5.0",
"php": ">=7.3" "php": ">=7.3"
}, },
"require-dev": { "require-dev": {
@ -4696,7 +4696,7 @@
"homepage": "https://github.com/sebastianbergmann/complexity", "homepage": "https://github.com/sebastianbergmann/complexity",
"support": { "support": {
"issues": "https://github.com/sebastianbergmann/complexity/issues", "issues": "https://github.com/sebastianbergmann/complexity/issues",
"source": "https://github.com/sebastianbergmann/complexity/tree/2.0.2" "source": "https://github.com/sebastianbergmann/complexity/tree/2.0.3"
}, },
"funding": [ "funding": [
{ {
@ -4704,7 +4704,7 @@
"type": "github" "type": "github"
} }
], ],
"time": "2020-10-26T15:52:27+00:00" "time": "2023-12-22T06:19:30+00:00"
}, },
{ {
"name": "sebastian/diff", "name": "sebastian/diff",
@ -4978,20 +4978,20 @@
}, },
{ {
"name": "sebastian/lines-of-code", "name": "sebastian/lines-of-code",
"version": "1.0.3", "version": "1.0.4",
"source": { "source": {
"type": "git", "type": "git",
"url": "https://github.com/sebastianbergmann/lines-of-code.git", "url": "https://github.com/sebastianbergmann/lines-of-code.git",
"reference": "c1c2e997aa3146983ed888ad08b15470a2e22ecc" "reference": "e1e4a170560925c26d424b6a03aed157e7dcc5c5"
}, },
"dist": { "dist": {
"type": "zip", "type": "zip",
"url": "https://api.github.com/repos/sebastianbergmann/lines-of-code/zipball/c1c2e997aa3146983ed888ad08b15470a2e22ecc", "url": "https://api.github.com/repos/sebastianbergmann/lines-of-code/zipball/e1e4a170560925c26d424b6a03aed157e7dcc5c5",
"reference": "c1c2e997aa3146983ed888ad08b15470a2e22ecc", "reference": "e1e4a170560925c26d424b6a03aed157e7dcc5c5",
"shasum": "" "shasum": ""
}, },
"require": { "require": {
"nikic/php-parser": "^4.6", "nikic/php-parser": "^4.18 || ^5.0",
"php": ">=7.3" "php": ">=7.3"
}, },
"require-dev": { "require-dev": {
@ -5023,7 +5023,7 @@
"homepage": "https://github.com/sebastianbergmann/lines-of-code", "homepage": "https://github.com/sebastianbergmann/lines-of-code",
"support": { "support": {
"issues": "https://github.com/sebastianbergmann/lines-of-code/issues", "issues": "https://github.com/sebastianbergmann/lines-of-code/issues",
"source": "https://github.com/sebastianbergmann/lines-of-code/tree/1.0.3" "source": "https://github.com/sebastianbergmann/lines-of-code/tree/1.0.4"
}, },
"funding": [ "funding": [
{ {
@ -5031,7 +5031,7 @@
"type": "github" "type": "github"
} }
], ],
"time": "2020-11-28T06:42:11+00:00" "time": "2023-12-22T06:20:34+00:00"
}, },
{ {
"name": "sebastian/object-enumerator", "name": "sebastian/object-enumerator",