Leverage auth limit for god feature
This commit is contained in:
Eldad Fux
parent
c5a2a93f96
commit
f7f54c0d2f
|
|
@ -44,10 +44,9 @@ $collections = [
|
|||
'legalCity' => '',
|
||||
'legalAddress' => '',
|
||||
'legalTaxId' => '',
|
||||
'authWhitelistGod' => App::getEnv('_APP_CONSOLE_WHITELIST_GOD', 'enabled'),
|
||||
'authWhitelistEmails' => (!empty(App::getEnv('_APP_CONSOLE_WHITELIST_EMAILS', null))) ? \explode(',', App::getEnv('_APP_CONSOLE_WHITELIST_EMAILS', null)) : [],
|
||||
'authWhitelistIPs' => (!empty(App::getEnv('_APP_CONSOLE_WHITELIST_IPS', null))) ? \explode(',', App::getEnv('_APP_CONSOLE_WHITELIST_IPS', null)) : [],
|
||||
'authWhitelistDomains' => (!empty(App::getEnv('_APP_CONSOLE_WHITELIST_DOMAINS', null))) ? \explode(',', App::getEnv('_APP_CONSOLE_WHITELIST_DOMAINS', null)) : [],
|
||||
'usersAuthLimit' => (App::getEnv('_APP_CONSOLE_WHITELIST_GOD', 'enabled') === 'enabled') ? 1 : 0, // limit signup to 1 user
|
||||
],
|
||||
Database::SYSTEM_COLLECTION_COLLECTIONS => [
|
||||
'$collection' => Database::SYSTEM_COLLECTION_COLLECTIONS,
|
||||
|
|
|
|||
|
|
@ -66,7 +66,7 @@ return [
|
|||
[
|
||||
'name' => '_APP_CONSOLE_WHITELIST_GOD',
|
||||
'description' => 'This option allows you to disable the creation of new users on the Appwrite console. When enabled only 1 user will be able to use the registration form. New users can be added by invting them to your project. By default this option is enabled.',
|
||||
'introduction' => '',
|
||||
'introduction' => '0.8.0',
|
||||
'default' => 'enabled',
|
||||
'required' => false,
|
||||
'question' => '',
|
||||
|
|
|
|||
|
|
@ -59,24 +59,8 @@ App::post('/v1/account')
|
|||
/** @var Appwrite\Event\Event $audits */
|
||||
|
||||
if ('console' === $project->getId()) {
|
||||
$whitlistGod = $project->getAttribute('authWhitelistGod');
|
||||
$whitlistEmails = $project->getAttribute('authWhitelistEmails');
|
||||
$whitlistIPs = $project->getAttribute('authWhitelistIPs');
|
||||
$whitlistDomains = $project->getAttribute('authWhitelistDomains');
|
||||
|
||||
if($whitlistGod !== 'disabled') {
|
||||
$projectDB->getCollection([ // Count users
|
||||
'filters' => [
|
||||
'$collection='.Database::SYSTEM_COLLECTION_USERS,
|
||||
],
|
||||
]);
|
||||
|
||||
$sum = $projectDB->getSum();
|
||||
|
||||
if($sum !== 0) {
|
||||
throw new Exception('Console registration is restricted. Contact your administrator for more information.', 401);
|
||||
}
|
||||
}
|
||||
|
||||
if (!empty($whitlistEmails) && !\in_array($email, $whitlistEmails)) {
|
||||
throw new Exception('Console registration is restricted to specific emails. Contact your administrator for more information.', 401);
|
||||
|
|
@ -85,10 +69,6 @@ App::post('/v1/account')
|
|||
if (!empty($whitlistIPs) && !\in_array($request->getIP(), $whitlistIPs)) {
|
||||
throw new Exception('Console registration is restricted to specific IPs. Contact your administrator for more information.', 401);
|
||||
}
|
||||
|
||||
if (!empty($whitlistDomains) && !\in_array(\substr(\strrchr($email, '@'), 1), $whitlistDomains)) {
|
||||
throw new Exception('Console registration is restricted to specific domains. Contact your administrator for more information.', 401);
|
||||
}
|
||||
}
|
||||
|
||||
$limit = $project->getAttribute('usersAuthLimit', 0);
|
||||
|
|
|
|||
|
|
@ -64,11 +64,9 @@ $cli
|
|||
$authWhitelistGod = App::getEnv('_APP_CONSOLE_WHITELIST_GOD', null);
|
||||
$authWhitelistEmails = App::getEnv('_APP_CONSOLE_WHITELIST_EMAILS', null);
|
||||
$authWhitelistIPs = App::getEnv('_APP_CONSOLE_WHITELIST_IPS', null);
|
||||
$authWhitelistDomains = App::getEnv('_APP_CONSOLE_WHITELIST_DOMAINS', null);
|
||||
|
||||
if(empty($authWhitelistGod)
|
||||
&& empty($authWhitelistEmails)
|
||||
&& empty($authWhitelistDomains)
|
||||
&& empty($authWhitelistIPs)
|
||||
) {
|
||||
Console::log('🔴 Console access limits are disabled');
|
||||
|
|
|
|||
Loading…
Reference in a new issue