diff --git a/app/app.php b/app/app.php index ee1bbe0c4..0c0258aa7 100644 --- a/app/app.php +++ b/app/app.php @@ -15,33 +15,10 @@ use Appwrite\Database\Document; use Appwrite\Database\Validator\Authorization; use Appwrite\Network\Validator\Origin; -Config::setParam('domain', $_SERVER['HTTP_HOST']); +Config::setParam('domain', 'localhost'); Config::setParam('domainVerification', false); -// Config::setParam('domain', $request->getServer('HTTP_HOST', '')); -// Config::setParam('domainVerification', false); - -\define('COOKIE_DOMAIN', - ( - $_SERVER['HTTP_HOST'] === 'localhost' || - $_SERVER['HTTP_HOST'] === 'localhost:'.$request->getPort() || - (\filter_var($request->getHostname(), FILTER_VALIDATE_IP) !== false) - ) - ? null - : '.'.$request->getHostname() - ); -\define('COOKIE_SAMESITE', Response::COOKIE_SAMESITE_NONE); - -// \define('COOKIE_DOMAIN', -// ( -// $request->getServer('HTTP_HOST', null) === 'localhost' || -// $request->getServer('HTTP_HOST', null) === 'localhost:'.$request->getPort() || -// (\filter_var($request->getHostname(), FILTER_VALIDATE_IP) !== false) -// ) -// ? null -// : '.'.$request->getHostname() -// ); -// \define('COOKIE_SAMESITE', Response::COOKIE_SAMESITE_NONE); - +Config::setParam('cookieDomain', 'localhost'); +Config::setParam('cookieSamesite', Response::COOKIE_SAMESITE_NONE); // // Set project mail // $register->get('smtp') @@ -98,10 +75,20 @@ App::init(function ($utopia, $request, $response, $console, $project, $user, $lo $selfDomain = new Domain(Config::getParam('hostname')); $endDomain = new Domain($origin); + Config::setParam('domain', $request->getServer('HTTP_HOST', '')); + Config::setParam('domainVerification', ($selfDomain->getRegisterable() === $endDomain->getRegisterable()) && $endDomain->getRegisterable() !== ''); + Config::setParam('cookieDomain', ( + $request->getServer('HTTP_HOST', null) === 'localhost' || + $request->getServer('HTTP_HOST', null) === 'localhost:'.$request->getPort() || + (\filter_var($request->getHostname(), FILTER_VALIDATE_IP) !== false) + ) + ? null + : '.'.$request->getHostname() + ); /* * Security Headers * diff --git a/app/controllers/api/account.php b/app/controllers/api/account.php index 16e7541d0..84107cb81 100644 --- a/app/controllers/api/account.php +++ b/app/controllers/api/account.php @@ -234,8 +234,8 @@ App::post('/v1/account/sessions') } $response - ->addCookie(Auth::$cookieName.'_legacy', Auth::encodeSession($profile->getId(), $secret), $expiry, '/', COOKIE_DOMAIN, ('https' == $protocol), true, null) - ->addCookie(Auth::$cookieName, Auth::encodeSession($profile->getId(), $secret), $expiry, '/', COOKIE_DOMAIN, ('https' == $protocol), true, COOKIE_SAMESITE) + ->addCookie(Auth::$cookieName.'_legacy', Auth::encodeSession($profile->getId(), $secret), $expiry, '/', Config::getParam('cookieDomain'), ('https' == $protocol), true, null) + ->addCookie(Auth::$cookieName, Auth::encodeSession($profile->getId(), $secret), $expiry, '/', Config::getParam('cookieDomain'), ('https' == $protocol), true, Config::getParam('cookieSamesite')) ->setStatusCode(Response::STATUS_CODE_CREATED) ->json($session->getArrayCopy(['$id', 'type', 'expire'])) ; @@ -526,7 +526,7 @@ App::get('/v1/account/sessions/oauth2/:provider/redirect') $state['success'] = URLParser::parse($state['success']); $query = URLParser::parseQuery($state['success']['query']); $query['project'] = $project->getId(); - $query['domain'] = COOKIE_DOMAIN; + $query['domain'] = Config::getParam('cookieDomain'); $query['key'] = Auth::$cookieName; $query['secret'] = Auth::encodeSession($user->getId(), $secret); $state['success']['query'] = URLParser::unparseQuery($query); @@ -536,8 +536,8 @@ App::get('/v1/account/sessions/oauth2/:provider/redirect') $response ->addHeader('Cache-Control', 'no-store, no-cache, must-revalidate, max-age=0') ->addHeader('Pragma', 'no-cache') - ->addCookie(Auth::$cookieName.'_legacy', Auth::encodeSession($user->getId(), $secret), $expiry, '/', COOKIE_DOMAIN, ('https' == $protocol), true, null) - ->addCookie(Auth::$cookieName, Auth::encodeSession($user->getId(), $secret), $expiry, '/', COOKIE_DOMAIN, ('https' == $protocol), true, COOKIE_SAMESITE) + ->addCookie(Auth::$cookieName.'_legacy', Auth::encodeSession($user->getId(), $secret), $expiry, '/', Config::getParam('cookieDomain'), ('https' == $protocol), true, null) + ->addCookie(Auth::$cookieName, Auth::encodeSession($user->getId(), $secret), $expiry, '/', Config::getParam('cookieDomain'), ('https' == $protocol), true, Config::getParam('cookieSamesite')) ->redirect($state['success']) ; }, ['request', 'response', 'project', 'user', 'projectDB', 'audit']); @@ -975,8 +975,8 @@ App::delete('/v1/account') } $response - ->addCookie(Auth::$cookieName.'_legacy', '', \time() - 3600, '/', COOKIE_DOMAIN, ('https' == $protocol), true, null) - ->addCookie(Auth::$cookieName, '', \time() - 3600, '/', COOKIE_DOMAIN, ('https' == $protocol), true, COOKIE_SAMESITE) + ->addCookie(Auth::$cookieName.'_legacy', '', \time() - 3600, '/', Config::getParam('cookieDomain'), ('https' == $protocol), true, null) + ->addCookie(Auth::$cookieName, '', \time() - 3600, '/', Config::getParam('cookieDomain'), ('https' == $protocol), true, Config::getParam('cookieSamesite')) ->noContent() ; }, ['request', 'response', 'user', 'projectDB', 'audit', 'webhook']); @@ -1034,8 +1034,8 @@ App::delete('/v1/account/sessions/:sessionId') if ($token->getAttribute('secret') == Auth::hash(Auth::$secret)) { // If current session delete the cookies too $response - ->addCookie(Auth::$cookieName.'_legacy', '', \time() - 3600, '/', COOKIE_DOMAIN, ('https' == $protocol), true, null) - ->addCookie(Auth::$cookieName, '', \time() - 3600, '/', COOKIE_DOMAIN, ('https' == $protocol), true, COOKIE_SAMESITE) + ->addCookie(Auth::$cookieName.'_legacy', '', \time() - 3600, '/', Config::getParam('cookieDomain'), ('https' == $protocol), true, null) + ->addCookie(Auth::$cookieName, '', \time() - 3600, '/', Config::getParam('cookieDomain'), ('https' == $protocol), true, Config::getParam('cookieSamesite')) ; } @@ -1093,8 +1093,8 @@ App::delete('/v1/account/sessions') if ($token->getAttribute('secret') == Auth::hash(Auth::$secret)) { // If current session delete the cookies too $response - ->addCookie(Auth::$cookieName.'_legacy', '', \time() - 3600, '/', COOKIE_DOMAIN, ('https' == $protocol), true, null) - ->addCookie(Auth::$cookieName, '', \time() - 3600, '/', COOKIE_DOMAIN, ('https' == $protocol), true, COOKIE_SAMESITE) + ->addCookie(Auth::$cookieName.'_legacy', '', \time() - 3600, '/', Config::getParam('cookieDomain'), ('https' == $protocol), true, null) + ->addCookie(Auth::$cookieName, '', \time() - 3600, '/', Config::getParam('cookieDomain'), ('https' == $protocol), true, Config::getParam('cookieSamesite')) ; } } diff --git a/app/controllers/api/teams.php b/app/controllers/api/teams.php index 4af413f62..6e1c31751 100644 --- a/app/controllers/api/teams.php +++ b/app/controllers/api/teams.php @@ -570,8 +570,8 @@ App::patch('/v1/teams/:teamId/memberships/:inviteId/status') } $response - ->addCookie(Auth::$cookieName.'_legacy', Auth::encodeSession($user->getId(), $secret), $expiry, '/', COOKIE_DOMAIN, ('https' == $protocol), true, null) - ->addCookie(Auth::$cookieName, Auth::encodeSession($user->getId(), $secret), $expiry, '/', COOKIE_DOMAIN, ('https' == $protocol), true, COOKIE_SAMESITE) + ->addCookie(Auth::$cookieName.'_legacy', Auth::encodeSession($user->getId(), $secret), $expiry, '/', Config::getParam('cookieDomain'), ('https' == $protocol), true, null) + ->addCookie(Auth::$cookieName, Auth::encodeSession($user->getId(), $secret), $expiry, '/', Config::getParam('cookieDomain'), ('https' == $protocol), true, Config::getParam('cookieSamesite')) ->json(\array_merge($membership->getArrayCopy([ '$id', 'userId',