CodeMirror/appwrite
1
0
Fork 0
mirror of synced 2024-06-14 08:44:49 +12:00
Code Issues Projects Releases Wiki Activity

Throw 451 exception

Browse source
This commit is contained in:
Khushboo Verma 2024-01-29 16:49:13 +05:30
parent 4cd5999bb3
commit f4426d553c
7 changed files with 24 additions and 16 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
.env
View file

@ -99,4 +99,4 @@ _APP_ASSISTANT_OPENAI_API_KEY=
_APP_MESSAGE_SMS_TEST_DSN=
_APP_MESSAGE_EMAIL_TEST_DSN=
_APP_MESSAGE_PUSH_TEST_DSN=
_APP_RESTRICTED_COUNTRIES=AQ
_APP_COUNTRIES_DENYLIST=AQ

5
app/config/errors.php
View file

@ -114,6 +114,11 @@ return [
'description' => 'Value must be a valid phone number. Format this number with a leading \'+\' and a country code, e.g., +16175551212.',
'code' => 400,
],
Exception::GENERAL_REGION_ACCESS_DENIED => [
'name' => Exception::GENERAL_REGION_ACCESS_DENIED,
'description' => 'Sorry, access from the current region is denied.',
'code' => 451,
],
/** User Errors */
Exception::USER_COUNT_EXCEEDED => [

18
app/controllers/api/users.php
View file

@ -156,7 +156,7 @@ function createUser(string $hash, mixed $hashOptions, string $userId, ?string $e
App::post('/v1/users')
->desc('Create user')
->groups(['api', 'users', 'restrict'])
->groups(['api', 'users'])
->label('event', 'users.[userId].create')
->label('scope', 'users.write')
->label('audits.event', 'user.create')
@ -188,7 +188,7 @@ App::post('/v1/users')
App::post('/v1/users/bcrypt')
->desc('Create user with bcrypt password')
->groups(['api', 'users', 'restrict'])
->groups(['api', 'users'])
->label('event', 'users.[userId].create')
->label('scope', 'users.write')
->label('audits.event', 'user.create')
@ -219,7 +219,7 @@ App::post('/v1/users/bcrypt')
App::post('/v1/users/md5')
->desc('Create user with MD5 password')
->groups(['api', 'users', 'restrict'])
->groups(['api', 'users'])
->label('event', 'users.[userId].create')
->label('scope', 'users.write')
->label('audits.event', 'user.create')
@ -250,7 +250,7 @@ App::post('/v1/users/md5')
App::post('/v1/users/argon2')
->desc('Create user with Argon2 password')
->groups(['api', 'users', 'restrict'])
->groups(['api', 'users'])
->label('event', 'users.[userId].create')
->label('scope', 'users.write')
->label('audits.event', 'user.create')
@ -281,7 +281,7 @@ App::post('/v1/users/argon2')
App::post('/v1/users/sha')
->desc('Create user with SHA password')
->groups(['api', 'users', 'restrict'])
->groups(['api', 'users'])
->label('event', 'users.[userId].create')
->label('scope', 'users.write')
->label('audits.event', 'user.create')
@ -319,7 +319,7 @@ App::post('/v1/users/sha')
App::post('/v1/users/phpass')
->desc('Create user with PHPass password')
->groups(['api', 'users', 'restrict'])
->groups(['api', 'users'])
->label('event', 'users.[userId].create')
->label('scope', 'users.write')
->label('audits.event', 'user.create')
@ -350,7 +350,7 @@ App::post('/v1/users/phpass')
App::post('/v1/users/scrypt')
->desc('Create user with Scrypt password')
->groups(['api', 'users', 'restrict'])
->groups(['api', 'users'])
->label('event', 'users.[userId].create')
->label('scope', 'users.write')
->label('audits.event', 'user.create')
@ -394,7 +394,7 @@ App::post('/v1/users/scrypt')
App::post('/v1/users/scrypt-modified')
->desc('Create user with Scrypt modified password')
->groups(['api', 'users', 'restrict'])
->groups(['api', 'users'])
->label('event', 'users.[userId].create')
->label('scope', 'users.write')
->label('audits.event', 'user.create')
@ -428,7 +428,7 @@ App::post('/v1/users/scrypt-modified')
App::post('/v1/users/:userId/targets')
->desc('Create User Target')
->groups(['api', 'users', 'restrict'])
->groups(['api', 'users'])
->label('audits.event', 'target.create')
->label('audits.resource', 'target/response.$id')
->label('event', 'users.[userId].targets.[targetId].create')

7
app/controllers/shared/api.php
View file

@ -634,13 +634,14 @@ App::init()
->inject('request')
->inject('geodb')
->action(function (Request $request, Reader $geodb) {
if (!empty(app::getEnv('_APP_RESTRICTED_COUNTRIES', ''))) {
$countries = explode(',', App::getEnv('_APP_RESTRICTED_COUNTRIES', ''));
$denylist = App::getEnv('_APP_COUNTRIES_DENYLIST', '');
if (!empty($denylist)) {
$countries = explode(',', $denylist);
$record = $geodb->get($request->getIP());
$country = $record['country']['iso_code'];
$countryName = $record['country']['names']['en'];
if (in_array($country, $countries)) {
throw new Exception(Exception::GENERAL_ACCESS_FORBIDDEN, "Sorry, access from $countryName is restricted");
throw new Exception(Exception::GENERAL_REGION_ACCESS_DENIED);
}
}
});

2
docker-compose.yml
View file

@ -188,7 +188,7 @@ services:
- _APP_MESSAGE_SMS_TEST_DSN
- _APP_MESSAGE_EMAIL_TEST_DSN
- _APP_MESSAGE_PUSH_TEST_DSN
- _APP_RESTRICTED_COUNTRIES
- _APP_COUNTRIES_DENYLIST
appwrite-realtime:
entrypoint: realtime

1
src/Appwrite/Extend/Exception.php
View file

@ -57,6 +57,7 @@ class Exception extends \Exception
public const GENERAL_NOT_IMPLEMENTED = 'general_not_implemented';
public const GENERAL_INVALID_EMAIL = 'general_invalid_email';
public const GENERAL_INVALID_PHONE = 'general_invalid_phone';
public const GENERAL_REGION_ACCESS_DENIED = 'general_region_access_denied';
/** Users */
public const USER_COUNT_EXCEEDED = 'user_count_exceeded';

5
tests/e2e/Services/Account/AccountBase.php
View file

@ -43,11 +43,12 @@ trait AccountBase
/**
* Test for FAILURE
*/
// Deny request from blocked IP
$response = $this->client->call(Client::METHOD_POST, '/account', array_merge([
'origin' => 'http://localhost',
'content-type' => 'application/json',
'x-appwrite-project' => $this->getProject()['$id'],
'x-forwarded-for' => '103.152.127.250'
'x-forwarded-for' => '103.152.127.250' // Test IP for denied access region
]), [
'userId' => ID::unique(),
'email' => $email,
@ -55,7 +56,7 @@ trait AccountBase
'name' => $name,
]);
$this->assertEquals(401, $response['headers']['status-code']);
$this->assertEquals(451, $response['headers']['status-code']);
$response = $this->client->call(Client::METHOD_POST, '/account', array_merge([
'origin' => 'http://localhost',