From 88107ee7b3e02497f024c427796a346e92b087dd Mon Sep 17 00:00:00 2001 From: harsh mahajan Date: Mon, 20 Apr 2026 11:57:57 +0530 Subject: [PATCH 01/84] feat: implement custom triggers for VCS builds --- app/config/collections/projects.php | 44 +++++++++++ composer.lock | 15 +++- .../Http/GitHub/Authorize/External/Update.php | 5 +- .../Modules/VCS/Http/GitHub/Deployment.php | 74 +++++++++++++++++++ .../Modules/VCS/Http/GitHub/Events/Create.php | 10 ++- 5 files changed, 140 insertions(+), 8 deletions(-) diff --git a/app/config/collections/projects.php b/app/config/collections/projects.php index 9568c59369..9ac5c562e3 100644 --- a/app/config/collections/projects.php +++ b/app/config/collections/projects.php @@ -841,6 +841,28 @@ return [ 'array' => true, 'filters' => [], ], + [ + '$id' => ID::custom('providerBranches'), + 'type' => Database::VAR_STRING, + 'format' => '', + 'size' => 128, + 'signed' => true, + 'required' => false, + 'default' => [], + 'array' => true, + 'filters' => [], + ], + [ + '$id' => ID::custom('providerPaths'), + 'type' => Database::VAR_STRING, + 'format' => '', + 'size' => 128, + 'signed' => true, + 'required' => false, + 'default' => [], + 'array' => true, + 'filters' => [], + ], ], 'indexes' => [ [ @@ -1320,6 +1342,28 @@ return [ 'array' => false, 'filters' => [], ], + [ + '$id' => ID::custom('providerBranches'), + 'type' => Database::VAR_STRING, + 'format' => '', + 'size' => 128, + 'signed' => true, + 'required' => false, + 'default' => [], + 'array' => true, + 'filters' => [], + ], + [ + '$id' => ID::custom('providerPaths'), + 'type' => Database::VAR_STRING, + 'format' => '', + 'size' => 128, + 'signed' => true, + 'required' => false, + 'default' => [], + 'array' => true, + 'filters' => [], + ], ], 'indexes' => [ [ diff --git a/composer.lock b/composer.lock index d0d69bd0c5..d3d9600e5d 100644 --- a/composer.lock +++ b/composer.lock @@ -8441,9 +8441,18 @@ "time": "2024-11-07T12:36:22+00:00" } ], - "aliases": [], + "aliases": [ + { + "package": "utopia-php/vcs", + "version": "dev-ser-401", + "alias": "3.0.99", + "alias_normalized": "3.0.99.0" + } + ], "minimum-stability": "dev", - "stability-flags": {}, + "stability-flags": { + "utopia-php/vcs": 20 + }, "prefer-stable": true, "prefer-lowest": false, "platform": { @@ -8464,5 +8473,5 @@ "platform-dev": { "ext-fileinfo": "*" }, - "plugin-api-version": "2.9.0" + "plugin-api-version": "2.6.0" } diff --git a/src/Appwrite/Platform/Modules/VCS/Http/GitHub/Authorize/External/Update.php b/src/Appwrite/Platform/Modules/VCS/Http/GitHub/Authorize/External/Update.php index 8b320535e9..b3ff4f96fa 100644 --- a/src/Appwrite/Platform/Modules/VCS/Http/GitHub/Authorize/External/Update.php +++ b/src/Appwrite/Platform/Modules/VCS/Http/GitHub/Authorize/External/Update.php @@ -130,7 +130,10 @@ class Update extends Action $providerCommitAuthor = $commitDetails["commitAuthor"] ?? ''; $providerCommitAuthorUrl = $commitDetails["commitAuthorUrl"] ?? ''; - $this->createGitDeployments($github, $providerInstallationId, $repositories, $providerBranch, $providerBranchUrl, $providerRepositoryName, $providerRepositoryUrl, $providerRepositoryOwner, $providerCommitHash, $providerCommitAuthor, $providerCommitAuthorUrl, $providerCommitMessage, $providerCommitUrl, $providerPullRequestId, true, $dbForPlatform, $authorization, $queueForBuilds, $getProjectDB, $platform); + $prFiles = $github->getPullRequestFiles($owner, $providerRepositoryName, $providerPullRequestId); + $providerAffectedFiles = array_column($prFiles, 'filename'); + + $this->createGitDeployments($github, $providerInstallationId, $repositories, $providerBranch, $providerBranchUrl, $providerRepositoryName, $providerRepositoryUrl, $providerRepositoryOwner, $providerCommitHash, $providerCommitAuthor, $providerCommitAuthorUrl, $providerCommitMessage, $providerCommitUrl, $providerPullRequestId, $providerAffectedFiles, true, $dbForPlatform, $authorization, $queueForBuilds, $getProjectDB, $platform); $response->noContent(); } diff --git a/src/Appwrite/Platform/Modules/VCS/Http/GitHub/Deployment.php b/src/Appwrite/Platform/Modules/VCS/Http/GitHub/Deployment.php index 6e1db12c28..e5c138f575 100644 --- a/src/Appwrite/Platform/Modules/VCS/Http/GitHub/Deployment.php +++ b/src/Appwrite/Platform/Modules/VCS/Http/GitHub/Deployment.php @@ -40,6 +40,7 @@ trait Deployment string $providerCommitMessage, string $providerCommitUrl, string $providerPullRequestId, + array $providerAffectedFiles = [], bool $external, Database $dbForPlatform, Authorization $authorization, @@ -94,6 +95,11 @@ trait Deployment $resource = $authorization->skip(fn () => $dbForProject->getDocument($resourceCollection, $resourceId)); $resourceInternalId = $resource->getSequence(); + if (!$this->isResourceBuildable($resource, $providerBranch, $providerAffectedFiles, $logBase)) { + Span::add("{$logBase}.build.skipped", 'true'); + continue; + } + $deploymentId = ID::unique(); $repositoryId = $repository->getId(); $repositoryInternalId = $repository->getSequence(); @@ -560,4 +566,72 @@ trait Deployment { return System::getEnv('_APP_BUILDS_QUEUE_NAME', Event::BUILDS_QUEUE_NAME); } + + private function isResourceBuildable(Document $resource, string $providerBranch, array $providerAffectedFiles, string $logBase): bool + { + $allowedBranches = $resource->getAttribute('providerBranches', []); + if (!$this->matchesPatterns($providerBranch, $allowedBranches)) { + Span::add("{$logBase}.build.skipped.reason", 'branch'); + return false; + } + + $allowedPaths = $resource->getAttribute('providerPaths', []); + if (!empty($allowedPaths) && !empty($providerAffectedFiles)) { + $pathMatched = false; + foreach ($providerAffectedFiles as $file) { + if ($this->matchesPatterns($file, $allowedPaths)) { + $pathMatched = true; + break; + } + } + if (!$pathMatched) { + Span::add("{$logBase}.build.skipped.reason", 'path'); + return false; + } + } + + return true; + } + + private function matchesPatterns(string $subject, array $patterns): bool + { + if (empty($patterns)) { + return true; + } + + $include = array_filter($patterns, fn ($p) => !str_starts_with($p, '!')); + $exclude = array_filter($patterns, fn ($p) => str_starts_with($p, '!')); + + foreach ($include as $pattern) { + if ($this->matchGlob($subject, $pattern)) { + return true; + } + } + + foreach ($exclude as $pattern) { + if ($this->matchGlob($subject, substr($pattern, 1))) { + return false; + } + } + + return empty($include); + } + + private function matchGlob(string $subject, string $pattern): bool + { + $regex = preg_replace_callback( + '/\*\*|\*|\?|[^*?]+/', + static function (array $m): string { + return match ($m[0]) { + '**' => '.*', + '*' => '[^/]*', + '?' => '[^/]', + default => preg_quote($m[0], '/'), + }; + }, + $pattern + ); + + return (bool) preg_match('/^' . $regex . '$/', $subject); + } } diff --git a/src/Appwrite/Platform/Modules/VCS/Http/GitHub/Events/Create.php b/src/Appwrite/Platform/Modules/VCS/Http/GitHub/Events/Create.php index e3dbcfa0e9..b04a4e7c5e 100644 --- a/src/Appwrite/Platform/Modules/VCS/Http/GitHub/Events/Create.php +++ b/src/Appwrite/Platform/Modules/VCS/Http/GitHub/Events/Create.php @@ -162,9 +162,10 @@ class Create extends Action Query::limit(100), ])); - // Create new deployment only on push (not committed by us) and not when branch is deleted - if ($providerCommitAuthorEmail !== APP_VCS_GITHUB_EMAIL && !$providerBranchDeleted) { - $this->createGitDeployments($github, $providerInstallationId, $repositories, $providerBranch, $providerBranchUrl, $providerRepositoryName, $providerRepositoryUrl, $providerRepositoryOwner, $providerCommitHash, $providerCommitAuthorName, $providerCommitAuthorUrl, $providerCommitMessage, $providerCommitUrl, '', false, $dbForPlatform, $authorization, $queueForBuilds, $getProjectDB, $platform); + // Create new deployment only on push (not committed by us) and not when branch is created or deleted + if ($providerCommitAuthorEmail !== APP_VCS_GITHUB_EMAIL && !$providerBranchCreated && !$providerBranchDeleted) { + $providerAffectedFiles = $parsedPayload['affectedFiles'] ?? []; + $this->createGitDeployments($github, $providerInstallationId, $repositories, $providerBranch, $providerBranchUrl, $providerRepositoryName, $providerRepositoryUrl, $providerRepositoryOwner, $providerCommitHash, $providerCommitAuthorName, $providerCommitAuthorUrl, $providerCommitMessage, $providerCommitUrl, '', $providerAffectedFiles, false, $dbForPlatform, $authorization, $queueForBuilds, $getProjectDB, $platform); } } @@ -216,7 +217,8 @@ class Create extends Action Query::orderDesc('$createdAt') ])); - $this->createGitDeployments($github, $providerInstallationId, $repositories, $providerBranch, $providerBranchUrl, $providerRepositoryName, $providerRepositoryUrl, $providerRepositoryOwner, $providerCommitHash, $providerCommitAuthor, $providerCommitAuthorUrl, $providerCommitMessage, $providerCommitUrl, $providerPullRequestId, $external, $dbForPlatform, $authorization, $queueForBuilds, $getProjectDB, $platform); + $providerAffectedFiles = $parsedPayload['affectedFiles'] ?? []; + $this->createGitDeployments($github, $providerInstallationId, $repositories, $providerBranch, $providerBranchUrl, $providerRepositoryName, $providerRepositoryUrl, $providerRepositoryOwner, $providerCommitHash, $providerCommitAuthor, $providerCommitAuthorUrl, $providerCommitMessage, $providerCommitUrl, $providerPullRequestId, $providerAffectedFiles, $external, $dbForPlatform, $authorization, $queueForBuilds, $getProjectDB, $platform); } elseif ($action == "closed") { // Allowed external contributions cleanup From 076e64886ee5dcac26661f8ee5317183856307d0 Mon Sep 17 00:00:00 2001 From: Hemachandar Date: Tue, 24 Mar 2026 13:03:48 +0530 Subject: [PATCH 02/84] validator pattern --- .../Modules/VCS/Http/GitHub/Deployment.php | 60 ++---------- src/Appwrite/Vcs/Validator/BuildTrigger.php | 91 +++++++++++++++++++ tests/unit/Vcs/Validator/BuildTriggerTest.php | 86 ++++++++++++++++++ 3 files changed, 183 insertions(+), 54 deletions(-) create mode 100644 src/Appwrite/Vcs/Validator/BuildTrigger.php create mode 100644 tests/unit/Vcs/Validator/BuildTriggerTest.php diff --git a/src/Appwrite/Platform/Modules/VCS/Http/GitHub/Deployment.php b/src/Appwrite/Platform/Modules/VCS/Http/GitHub/Deployment.php index e5c138f575..f4c522fb44 100644 --- a/src/Appwrite/Platform/Modules/VCS/Http/GitHub/Deployment.php +++ b/src/Appwrite/Platform/Modules/VCS/Http/GitHub/Deployment.php @@ -7,6 +7,7 @@ use Appwrite\Event\Event; use Appwrite\Extend\Exception; use Appwrite\Filter\BranchDomain as BranchDomainFilter; use Appwrite\Vcs\Comment; +use Appwrite\Vcs\Validator\BuildTrigger; use Utopia\Config\Config; use Utopia\Console; use Utopia\Database\Database; @@ -569,22 +570,15 @@ trait Deployment private function isResourceBuildable(Document $resource, string $providerBranch, array $providerAffectedFiles, string $logBase): bool { - $allowedBranches = $resource->getAttribute('providerBranches', []); - if (!$this->matchesPatterns($providerBranch, $allowedBranches)) { + $branchTrigger = new BuildTrigger($resource->getAttribute('providerBranches', [])); + if (!$branchTrigger->isValid($providerBranch)) { Span::add("{$logBase}.build.skipped.reason", 'branch'); return false; } - $allowedPaths = $resource->getAttribute('providerPaths', []); - if (!empty($allowedPaths) && !empty($providerAffectedFiles)) { - $pathMatched = false; - foreach ($providerAffectedFiles as $file) { - if ($this->matchesPatterns($file, $allowedPaths)) { - $pathMatched = true; - break; - } - } - if (!$pathMatched) { + $pathTrigger = new BuildTrigger($resource->getAttribute('providerPaths', [])); + foreach ($providerAffectedFiles as $file) { + if (!$pathTrigger->isValid($file)) { Span::add("{$logBase}.build.skipped.reason", 'path'); return false; } @@ -592,46 +586,4 @@ trait Deployment return true; } - - private function matchesPatterns(string $subject, array $patterns): bool - { - if (empty($patterns)) { - return true; - } - - $include = array_filter($patterns, fn ($p) => !str_starts_with($p, '!')); - $exclude = array_filter($patterns, fn ($p) => str_starts_with($p, '!')); - - foreach ($include as $pattern) { - if ($this->matchGlob($subject, $pattern)) { - return true; - } - } - - foreach ($exclude as $pattern) { - if ($this->matchGlob($subject, substr($pattern, 1))) { - return false; - } - } - - return empty($include); - } - - private function matchGlob(string $subject, string $pattern): bool - { - $regex = preg_replace_callback( - '/\*\*|\*|\?|[^*?]+/', - static function (array $m): string { - return match ($m[0]) { - '**' => '.*', - '*' => '[^/]*', - '?' => '[^/]', - default => preg_quote($m[0], '/'), - }; - }, - $pattern - ); - - return (bool) preg_match('/^' . $regex . '$/', $subject); - } } diff --git a/src/Appwrite/Vcs/Validator/BuildTrigger.php b/src/Appwrite/Vcs/Validator/BuildTrigger.php new file mode 100644 index 0000000000..44296ae73a --- /dev/null +++ b/src/Appwrite/Vcs/Validator/BuildTrigger.php @@ -0,0 +1,91 @@ +patterns)) { + return true; + } + + $include = array_filter($this->patterns, fn ($p) => !str_starts_with($p, '!')); + $exclude = array_filter($this->patterns, fn ($p) => str_starts_with($p, '!')); + + foreach ($include as $pattern) { + if ($this->matchGlob($value, $pattern)) { + return true; + } + } + + foreach ($exclude as $pattern) { + if ($this->matchGlob($value, substr($pattern, 1))) { + return false; + } + } + + return empty($include); + } + + public function getDescription(): string + { + return 'Value must match at least one inclusion pattern and must not match any exclusion pattern.'; + } + + public function isArray(): bool + { + return false; + } + + public function getType(): string + { + return self::TYPE_STRING; + } + + private function matchGlob(string $subject, string $pattern): bool + { + $regex = ''; + $len = strlen($pattern); + $i = 0; + + while ($i < $len) { + $char = $pattern[$i]; + + if ($char === '*' && isset($pattern[$i + 1]) && $pattern[$i + 1] === '*') { + $prevSlash = $i === 0 || $pattern[$i - 1] === '/'; + $nextSlash = isset($pattern[$i + 2]) && $pattern[$i + 2] === '/'; + + if ($prevSlash && $nextSlash) { + // a/**/b → zero or more intermediate dirs (matches a/b, a/x/b, a/x/y/b) + // **/foo → zero or more leading dirs (matches foo, a/foo, a/b/foo) + $regex .= '(?:.+/)?'; + $i += 3; // consume ** and the trailing / + } else { + // foo/** → everything inside (matches foo/a, foo/a/b) + $regex .= '.*'; + $i += 2; + } + } elseif ($char === '*') { + $regex .= '[^/]*'; // anything except a path separator + $i++; + } elseif ($char === '?') { + $regex .= '[^/]'; // any single character except a path separator + $i++; + } else { + $regex .= preg_quote($char, '~'); + $i++; + } + } + + return (bool) preg_match('~^' . $regex . '$~', $subject); + } +} diff --git a/tests/unit/Vcs/Validator/BuildTriggerTest.php b/tests/unit/Vcs/Validator/BuildTriggerTest.php new file mode 100644 index 0000000000..7dbf4e8204 --- /dev/null +++ b/tests/unit/Vcs/Validator/BuildTriggerTest.php @@ -0,0 +1,86 @@ +assertTrue($validator->isValid('anything')); + $this->assertTrue($validator->isValid('main')); + } + + public function testExactMatch(): void + { + $validator = new BuildTrigger(['main']); + $this->assertTrue($validator->isValid('main')); + $this->assertFalse($validator->isValid('develop')); + } + + public function testSingleWildcard(): void + { + $validator = new BuildTrigger(['feature/*']); + $this->assertTrue($validator->isValid('feature/foo')); + $this->assertFalse($validator->isValid('feature/foo/bar')); // * does not cross / + $this->assertFalse($validator->isValid('main')); + } + + public function testDashInPattern(): void + { + $validator = new BuildTrigger(['feature/test-*']); + $this->assertTrue($validator->isValid('feature/test-1')); + $this->assertTrue($validator->isValid('feature/test-abc')); + $this->assertFalse($validator->isValid('feature/other')); + } + + public function testDoubleWildcardEnd(): void + { + $validator = new BuildTrigger(['src/**']); + $this->assertTrue($validator->isValid('src/foo.js')); + $this->assertTrue($validator->isValid('src/a/b/c.js')); + } + + public function testDoubleWildcardMiddle(): void + { + $validator = new BuildTrigger(['a/**/b']); + $this->assertTrue($validator->isValid('a/b')); // zero intermediate dirs + $this->assertTrue($validator->isValid('a/x/b')); // one + $this->assertTrue($validator->isValid('a/x/y/b')); // two + $this->assertFalse($validator->isValid('a/b/c')); + } + + public function testDoubleWildcardStart(): void + { + $validator = new BuildTrigger(['**/foo']); + $this->assertTrue($validator->isValid('foo')); + $this->assertTrue($validator->isValid('a/foo')); + $this->assertTrue($validator->isValid('a/b/foo')); + $this->assertFalse($validator->isValid('foobar')); + } + + public function testOrSemantics(): void + { + $validator = new BuildTrigger(['main', 'develop']); + $this->assertTrue($validator->isValid('main')); + $this->assertTrue($validator->isValid('develop')); + $this->assertFalse($validator->isValid('feature/x')); + } + + public function testInclusionTakesPrecedenceOverExclusion(): void + { + $validator = new BuildTrigger(['!feature/*', 'feature/abc']); + $this->assertTrue($validator->isValid('feature/abc')); // inclusion wins + $this->assertFalse($validator->isValid('feature/xyz')); // excluded + } + + public function testOnlyExclusions(): void + { + $validator = new BuildTrigger(['!main']); + $this->assertFalse($validator->isValid('main')); + $this->assertTrue($validator->isValid('develop')); // not excluded, passes by default + } +} From abad809a91580ff72b9ce5d9e9f84a880d32f840 Mon Sep 17 00:00:00 2001 From: Hemachandar Date: Tue, 24 Mar 2026 13:23:12 +0530 Subject: [PATCH 03/84] get PR files in Appwrite --- .../Platform/Modules/VCS/Http/GitHub/Events/Create.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/Appwrite/Platform/Modules/VCS/Http/GitHub/Events/Create.php b/src/Appwrite/Platform/Modules/VCS/Http/GitHub/Events/Create.php index b04a4e7c5e..09929cc64c 100644 --- a/src/Appwrite/Platform/Modules/VCS/Http/GitHub/Events/Create.php +++ b/src/Appwrite/Platform/Modules/VCS/Http/GitHub/Events/Create.php @@ -212,12 +212,14 @@ class Create extends Action $providerCommitAuthor = $commitDetails["commitAuthor"] ?? ''; $providerCommitMessage = $commitDetails["commitMessage"] ?? ''; + $prFiles = $github->getPullRequestFiles($providerRepositoryOwner, $providerRepositoryName, $providerPullRequestId); + $providerAffectedFiles = array_column($prFiles, 'filename'); + $repositories = $authorization->skip(fn () => $dbForPlatform->find('repositories', [ Query::equal('providerRepositoryId', [$providerRepositoryId]), Query::orderDesc('$createdAt') ])); - $providerAffectedFiles = $parsedPayload['affectedFiles'] ?? []; $this->createGitDeployments($github, $providerInstallationId, $repositories, $providerBranch, $providerBranchUrl, $providerRepositoryName, $providerRepositoryUrl, $providerRepositoryOwner, $providerCommitHash, $providerCommitAuthor, $providerCommitAuthorUrl, $providerCommitMessage, $providerCommitUrl, $providerPullRequestId, $providerAffectedFiles, $external, $dbForPlatform, $authorization, $queueForBuilds, $getProjectDB, $platform); } elseif ($action == "closed") { // Allowed external contributions cleanup From 772358ff5182587a5c59b1620c96ebbdc092bad4 Mon Sep 17 00:00:00 2001 From: Hemachandar Date: Tue, 24 Mar 2026 13:38:51 +0530 Subject: [PATCH 04/84] more tests --- tests/unit/Vcs/Validator/BuildTriggerTest.php | 186 +++++++++++++++--- 1 file changed, 161 insertions(+), 25 deletions(-) diff --git a/tests/unit/Vcs/Validator/BuildTriggerTest.php b/tests/unit/Vcs/Validator/BuildTriggerTest.php index 7dbf4e8204..61d839cf99 100644 --- a/tests/unit/Vcs/Validator/BuildTriggerTest.php +++ b/tests/unit/Vcs/Validator/BuildTriggerTest.php @@ -7,80 +7,216 @@ use PHPUnit\Framework\TestCase; class BuildTriggerTest extends TestCase { - public function testEmptyPatterns(): void + // ------------------------------------------------------------------------- + // Empty patterns + // ------------------------------------------------------------------------- + + public function testEmptyPatternsAlwaysPass(): void { $validator = new BuildTrigger([]); - $this->assertTrue($validator->isValid('anything')); $this->assertTrue($validator->isValid('main')); + $this->assertTrue($validator->isValid('feature/anything')); + $this->assertTrue($validator->isValid('src/deep/nested/file.php')); } - public function testExactMatch(): void + // ------------------------------------------------------------------------- + // Pure inclusion — OR semantics (any one match is enough) + // ------------------------------------------------------------------------- + + public function testSingleExactInclusion(): void { $validator = new BuildTrigger(['main']); $this->assertTrue($validator->isValid('main')); $this->assertFalse($validator->isValid('develop')); + $this->assertFalse($validator->isValid('main-extra')); } - public function testSingleWildcard(): void + public function testMultipleExactInclusionsOr(): void + { + $validator = new BuildTrigger(['main', 'develop', 'staging']); + $this->assertTrue($validator->isValid('main')); + $this->assertTrue($validator->isValid('develop')); + $this->assertTrue($validator->isValid('staging')); + $this->assertFalse($validator->isValid('feature/foo')); + $this->assertFalse($validator->isValid('production')); + } + + public function testSingleWildcardInclusion(): void { $validator = new BuildTrigger(['feature/*']); $this->assertTrue($validator->isValid('feature/foo')); + $this->assertTrue($validator->isValid('feature/bar')); $this->assertFalse($validator->isValid('feature/foo/bar')); // * does not cross / $this->assertFalse($validator->isValid('main')); } - public function testDashInPattern(): void + public function testWildcardWithDash(): void { $validator = new BuildTrigger(['feature/test-*']); $this->assertTrue($validator->isValid('feature/test-1')); $this->assertTrue($validator->isValid('feature/test-abc')); $this->assertFalse($validator->isValid('feature/other')); + $this->assertFalse($validator->isValid('feature/test')); } - public function testDoubleWildcardEnd(): void + public function testDoubleWildcardAtEnd(): void { $validator = new BuildTrigger(['src/**']); $this->assertTrue($validator->isValid('src/foo.js')); $this->assertTrue($validator->isValid('src/a/b/c.js')); + $this->assertTrue($validator->isValid('src/deep/nested/file.php')); + $this->assertFalse($validator->isValid('lib/foo.js')); } - public function testDoubleWildcardMiddle(): void + public function testDoubleWildcardInMiddle(): void { $validator = new BuildTrigger(['a/**/b']); - $this->assertTrue($validator->isValid('a/b')); // zero intermediate dirs - $this->assertTrue($validator->isValid('a/x/b')); // one + $this->assertTrue($validator->isValid('a/b')); // zero intermediate dirs + $this->assertTrue($validator->isValid('a/x/b')); // one $this->assertTrue($validator->isValid('a/x/y/b')); // two $this->assertFalse($validator->isValid('a/b/c')); + $this->assertFalse($validator->isValid('x/a/b')); } - public function testDoubleWildcardStart(): void + public function testDoubleWildcardAtStart(): void { $validator = new BuildTrigger(['**/foo']); - $this->assertTrue($validator->isValid('foo')); - $this->assertTrue($validator->isValid('a/foo')); - $this->assertTrue($validator->isValid('a/b/foo')); + $this->assertTrue($validator->isValid('foo')); // zero leading dirs + $this->assertTrue($validator->isValid('a/foo')); // one + $this->assertTrue($validator->isValid('a/b/foo')); // two $this->assertFalse($validator->isValid('foobar')); + $this->assertFalse($validator->isValid('a/foobar')); } - public function testOrSemantics(): void + public function testMixedExactAndWildcardInclusions(): void { - $validator = new BuildTrigger(['main', 'develop']); + $validator = new BuildTrigger(['main', 'feature/*']); $this->assertTrue($validator->isValid('main')); - $this->assertTrue($validator->isValid('develop')); - $this->assertFalse($validator->isValid('feature/x')); + $this->assertTrue($validator->isValid('feature/foo')); + $this->assertFalse($validator->isValid('develop')); + $this->assertFalse($validator->isValid('feature/foo/bar')); } - public function testInclusionTakesPrecedenceOverExclusion(): void - { - $validator = new BuildTrigger(['!feature/*', 'feature/abc']); - $this->assertTrue($validator->isValid('feature/abc')); // inclusion wins - $this->assertFalse($validator->isValid('feature/xyz')); // excluded - } + // ------------------------------------------------------------------------- + // Pure exclusion — AND semantics (must not match any exclusion) + // ------------------------------------------------------------------------- - public function testOnlyExclusions(): void + public function testSingleExactExclusion(): void { $validator = new BuildTrigger(['!main']); $this->assertFalse($validator->isValid('main')); - $this->assertTrue($validator->isValid('develop')); // not excluded, passes by default + $this->assertTrue($validator->isValid('develop')); + $this->assertTrue($validator->isValid('feature/foo')); + } + + public function testMultipleExactExclusionsAnd(): void + { + $validator = new BuildTrigger(['!main', '!develop']); + $this->assertFalse($validator->isValid('main')); + $this->assertFalse($validator->isValid('develop')); + $this->assertTrue($validator->isValid('staging')); // neither excluded + $this->assertTrue($validator->isValid('feature/foo')); + } + + public function testWildcardExclusion(): void + { + $validator = new BuildTrigger(['!feature/*']); + $this->assertFalse($validator->isValid('feature/foo')); + $this->assertFalse($validator->isValid('feature/bar')); + $this->assertTrue($validator->isValid('main')); + $this->assertTrue($validator->isValid('hotfix/urgent')); // not matched by feature/* + } + + public function testDoubleWildcardExclusion(): void + { + $validator = new BuildTrigger(['!src/**']); + $this->assertFalse($validator->isValid('src/foo.js')); + $this->assertFalse($validator->isValid('src/a/b/c.js')); + $this->assertTrue($validator->isValid('lib/foo.js')); + $this->assertTrue($validator->isValid('main')); + } + + // ------------------------------------------------------------------------- + // Mixed inclusion + exclusion + // ------------------------------------------------------------------------- + + public function testInclusionTakesPrecedenceWhenBothMatch(): void + { + // feature/abc matches both '!feature/*' (exclusion) and 'feature/abc' (inclusion) + // Inclusion is checked first, so it wins + $validator = new BuildTrigger(['!feature/*', 'feature/abc']); + $this->assertTrue($validator->isValid('feature/abc')); // inclusion wins + $this->assertFalse($validator->isValid('feature/xyz')); // only exclusion matches + $this->assertFalse($validator->isValid('main')); // no inclusion matches + } + + public function testInclusionWithNoMatchFails(): void + { + // Inclusions exist but none match — exclusion is irrelevant + $validator = new BuildTrigger(['main', '!develop']); + $this->assertTrue($validator->isValid('main')); + $this->assertFalse($validator->isValid('develop')); // excluded even if inclusion didn't match + $this->assertFalse($validator->isValid('staging')); // no inclusion match + } + + public function testExclusionBlocksWhenInclusionDoesNotMatch(): void + { + $validator = new BuildTrigger(['feature/*', '!hotfix/*']); + $this->assertTrue($validator->isValid('feature/foo')); // matches inclusion + $this->assertFalse($validator->isValid('hotfix/urgent')); // no inclusion match, also excluded + $this->assertFalse($validator->isValid('main')); // no inclusion match + } + + public function testMultipleInclusionsWithSingleExclusion(): void + { + // feature/wip matches the inclusion feature/* → true (exclusion !feature/wip is never reached) + $validator = new BuildTrigger(['main', 'develop', 'feature/*', '!feature/wip']); + $this->assertTrue($validator->isValid('main')); + $this->assertTrue($validator->isValid('develop')); + $this->assertTrue($validator->isValid('feature/foo')); + $this->assertTrue($validator->isValid('feature/wip')); // inclusion wins + $this->assertFalse($validator->isValid('hotfix/urgent')); // no inclusion match + } + + public function testSingleInclusionWithMultipleExclusions(): void + { + // feature/wip and feature/experimental both match the inclusion feature/** → true + $validator = new BuildTrigger(['feature/**', '!feature/wip', '!feature/experimental']); + $this->assertTrue($validator->isValid('feature/foo')); + $this->assertTrue($validator->isValid('feature/a/b')); + $this->assertTrue($validator->isValid('feature/wip')); // inclusion wins + $this->assertTrue($validator->isValid('feature/experimental')); // inclusion wins + $this->assertFalse($validator->isValid('main')); // no inclusion match + } + + public function testMultipleInclusionsWithMultipleExclusions(): void + { + // feature/wip and feature/experimental both match the inclusion feature/** → true + $validator = new BuildTrigger(['main', 'feature/**', '!feature/wip', '!feature/experimental']); + $this->assertTrue($validator->isValid('main')); + $this->assertTrue($validator->isValid('feature/foo')); + $this->assertTrue($validator->isValid('feature/a/b')); + $this->assertTrue($validator->isValid('feature/wip')); // inclusion wins + $this->assertTrue($validator->isValid('feature/experimental')); // inclusion wins + $this->assertFalse($validator->isValid('develop')); // no inclusion match + } + + public function testSpecificInclusionOverridesWildcardExclusion(): void + { + // Narrow allowlist with a carve-out: exclude all of feature/* except feature/hotfix/critical + $validator = new BuildTrigger(['feature/hotfix/critical', '!feature/**']); + $this->assertTrue($validator->isValid('feature/hotfix/critical')); // inclusion wins + $this->assertFalse($validator->isValid('feature/foo')); // excluded + $this->assertFalse($validator->isValid('feature/hotfix/other')); // excluded + $this->assertFalse($validator->isValid('main')); // no inclusion match + } + + public function testOnlyExclusionsDefaultToTrueUnlessExcluded(): void + { + $validator = new BuildTrigger(['!main', '!develop']); + $this->assertFalse($validator->isValid('main')); + $this->assertFalse($validator->isValid('develop')); + $this->assertTrue($validator->isValid('staging')); // passes — no inclusions required + $this->assertTrue($validator->isValid('feature/foo')); } } From 175fcb51a8eb289cb2d5362b6d2474d06a0846a9 Mon Sep 17 00:00:00 2001 From: Hemachandar Date: Tue, 24 Mar 2026 13:41:52 +0530 Subject: [PATCH 05/84] remove default --- src/Appwrite/Platform/Modules/VCS/Http/GitHub/Deployment.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Appwrite/Platform/Modules/VCS/Http/GitHub/Deployment.php b/src/Appwrite/Platform/Modules/VCS/Http/GitHub/Deployment.php index f4c522fb44..3f39ac9018 100644 --- a/src/Appwrite/Platform/Modules/VCS/Http/GitHub/Deployment.php +++ b/src/Appwrite/Platform/Modules/VCS/Http/GitHub/Deployment.php @@ -41,7 +41,7 @@ trait Deployment string $providerCommitMessage, string $providerCommitUrl, string $providerPullRequestId, - array $providerAffectedFiles = [], + array $providerAffectedFiles, bool $external, Database $dbForPlatform, Authorization $authorization, From a4f174ea7ed47eff656b953325d69c66c4fb6ecd Mon Sep 17 00:00:00 2001 From: Hemachandar Date: Tue, 24 Mar 2026 14:21:32 +0530 Subject: [PATCH 06/84] update VCS --- composer.lock | 13 ++----------- 1 file changed, 2 insertions(+), 11 deletions(-) diff --git a/composer.lock b/composer.lock index d3d9600e5d..cdbf3c535d 100644 --- a/composer.lock +++ b/composer.lock @@ -8441,18 +8441,9 @@ "time": "2024-11-07T12:36:22+00:00" } ], - "aliases": [ - { - "package": "utopia-php/vcs", - "version": "dev-ser-401", - "alias": "3.0.99", - "alias_normalized": "3.0.99.0" - } - ], + "aliases": [], "minimum-stability": "dev", - "stability-flags": { - "utopia-php/vcs": 20 - }, + "stability-flags": {}, "prefer-stable": true, "prefer-lowest": false, "platform": { From e17cdc2bd47602f3942ff23e9a5c0e2aaba290fa Mon Sep 17 00:00:00 2001 From: Hemachandar Date: Tue, 24 Mar 2026 16:31:42 +0530 Subject: [PATCH 07/84] fix pattern logic --- src/Appwrite/Vcs/Validator/BuildTrigger.php | 32 ++++++++++-- tests/unit/Vcs/Validator/BuildTriggerTest.php | 50 +++++++++++++++---- 2 files changed, 67 insertions(+), 15 deletions(-) diff --git a/src/Appwrite/Vcs/Validator/BuildTrigger.php b/src/Appwrite/Vcs/Validator/BuildTrigger.php index 44296ae73a..0cad312e7b 100644 --- a/src/Appwrite/Vcs/Validator/BuildTrigger.php +++ b/src/Appwrite/Vcs/Validator/BuildTrigger.php @@ -21,24 +21,48 @@ class BuildTrigger extends Validator $include = array_filter($this->patterns, fn ($p) => !str_starts_with($p, '!')); $exclude = array_filter($this->patterns, fn ($p) => str_starts_with($p, '!')); + if (empty($include)) { + // Only exclusions: pass everything unless excluded. + foreach ($exclude as $pattern) { + if ($this->matchGlob($value, substr($pattern, 1))) { + return false; + } + } + return true; + } + + // A pattern is "specific" when it contains no wildcard characters. + $isSpecific = fn($p) => !str_contains($p, '*') && !str_contains($p, '?'); + + // 1. Specific inclusion always wins — an explicit exact match is never blocked. foreach ($include as $pattern) { - if ($this->matchGlob($value, $pattern)) { + if ($isSpecific($pattern) && $this->matchGlob($value, $pattern)) { return true; } } + // 2. Specific exclusion overrides a wildcard inclusion — refines broad patterns. foreach ($exclude as $pattern) { - if ($this->matchGlob($value, substr($pattern, 1))) { + $raw = substr($pattern, 1); + if ($isSpecific($raw) && $this->matchGlob($value, $raw)) { return false; } } - return empty($include); + // 3. Wildcard inclusion wins over any remaining wildcard exclusion. + foreach ($include as $pattern) { + if (!$isSpecific($pattern) && $this->matchGlob($value, $pattern)) { + return true; + } + } + + // No inclusion matched. + return false; } public function getDescription(): string { - return 'Value must match at least one inclusion pattern and must not match any exclusion pattern.'; + return 'Value must match a specific inclusion, or a wildcard inclusion not overridden by a specific exclusion.'; } public function isArray(): bool diff --git a/tests/unit/Vcs/Validator/BuildTriggerTest.php b/tests/unit/Vcs/Validator/BuildTriggerTest.php index 61d839cf99..a359a570ac 100644 --- a/tests/unit/Vcs/Validator/BuildTriggerTest.php +++ b/tests/unit/Vcs/Validator/BuildTriggerTest.php @@ -59,6 +59,34 @@ class BuildTriggerTest extends TestCase $this->assertFalse($validator->isValid('feature/test')); } + public function testQuestionMarkWildcard(): void + { + $validator = new BuildTrigger(['v?.?']); + $this->assertTrue($validator->isValid('v1.0')); + $this->assertTrue($validator->isValid('v2.5')); + $this->assertFalse($validator->isValid('v10.0')); // ? matches exactly one char, not two + $this->assertFalse($validator->isValid('v1/0')); // ? does not cross / + } + + public function testQuestionMarkDoesNotCrossSlash(): void + { + $validator = new BuildTrigger(['feature/?']); + $this->assertTrue($validator->isValid('feature/a')); + $this->assertTrue($validator->isValid('feature/z')); + $this->assertFalse($validator->isValid('feature/ab')); // ? matches only one char + $this->assertFalse($validator->isValid('feature/a/b')); // ? does not cross / + $this->assertFalse($validator->isValid('feature/')); + } + + public function testQuestionMarkMixedWithStar(): void + { + $validator = new BuildTrigger(['fix-?.*']); + $this->assertTrue($validator->isValid('fix-1.php')); + $this->assertTrue($validator->isValid('fix-a.js')); + $this->assertFalse($validator->isValid('fix-12.php')); // ? matches only one char + $this->assertFalse($validator->isValid('fix-.php')); // ? requires exactly one char + } + public function testDoubleWildcardAtEnd(): void { $validator = new BuildTrigger(['src/**']); @@ -169,36 +197,36 @@ class BuildTriggerTest extends TestCase public function testMultipleInclusionsWithSingleExclusion(): void { - // feature/wip matches the inclusion feature/* → true (exclusion !feature/wip is never reached) + // feature/wip matches wildcard inclusion feature/* but specific exclusion !feature/wip overrides it $validator = new BuildTrigger(['main', 'develop', 'feature/*', '!feature/wip']); $this->assertTrue($validator->isValid('main')); $this->assertTrue($validator->isValid('develop')); $this->assertTrue($validator->isValid('feature/foo')); - $this->assertTrue($validator->isValid('feature/wip')); // inclusion wins + $this->assertFalse($validator->isValid('feature/wip')); // specific exclusion overrides wildcard inclusion $this->assertFalse($validator->isValid('hotfix/urgent')); // no inclusion match } public function testSingleInclusionWithMultipleExclusions(): void { - // feature/wip and feature/experimental both match the inclusion feature/** → true + // specific exclusions !feature/wip and !feature/experimental override wildcard inclusion feature/** $validator = new BuildTrigger(['feature/**', '!feature/wip', '!feature/experimental']); $this->assertTrue($validator->isValid('feature/foo')); $this->assertTrue($validator->isValid('feature/a/b')); - $this->assertTrue($validator->isValid('feature/wip')); // inclusion wins - $this->assertTrue($validator->isValid('feature/experimental')); // inclusion wins - $this->assertFalse($validator->isValid('main')); // no inclusion match + $this->assertFalse($validator->isValid('feature/wip')); // specific exclusion wins + $this->assertFalse($validator->isValid('feature/experimental')); // specific exclusion wins + $this->assertFalse($validator->isValid('main')); // no inclusion match } public function testMultipleInclusionsWithMultipleExclusions(): void { - // feature/wip and feature/experimental both match the inclusion feature/** → true + // specific exclusions override the wildcard inclusion; specific inclusion 'main' is unaffected $validator = new BuildTrigger(['main', 'feature/**', '!feature/wip', '!feature/experimental']); - $this->assertTrue($validator->isValid('main')); + $this->assertTrue($validator->isValid('main')); // specific inclusion wins regardless $this->assertTrue($validator->isValid('feature/foo')); $this->assertTrue($validator->isValid('feature/a/b')); - $this->assertTrue($validator->isValid('feature/wip')); // inclusion wins - $this->assertTrue($validator->isValid('feature/experimental')); // inclusion wins - $this->assertFalse($validator->isValid('develop')); // no inclusion match + $this->assertFalse($validator->isValid('feature/wip')); // specific exclusion wins + $this->assertFalse($validator->isValid('feature/experimental')); // specific exclusion wins + $this->assertFalse($validator->isValid('develop')); // no inclusion match } public function testSpecificInclusionOverridesWildcardExclusion(): void From a70d241da049abead910561f0b9bff06fca68e65 Mon Sep 17 00:00:00 2001 From: Hemachandar Date: Tue, 24 Mar 2026 16:37:31 +0530 Subject: [PATCH 08/84] fix path trigger --- .../Modules/VCS/Http/GitHub/Deployment.php | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/src/Appwrite/Platform/Modules/VCS/Http/GitHub/Deployment.php b/src/Appwrite/Platform/Modules/VCS/Http/GitHub/Deployment.php index 3f39ac9018..c30f960262 100644 --- a/src/Appwrite/Platform/Modules/VCS/Http/GitHub/Deployment.php +++ b/src/Appwrite/Platform/Modules/VCS/Http/GitHub/Deployment.php @@ -576,9 +576,17 @@ trait Deployment return false; } - $pathTrigger = new BuildTrigger($resource->getAttribute('providerPaths', [])); - foreach ($providerAffectedFiles as $file) { - if (!$pathTrigger->isValid($file)) { + $providerPaths = $resource->getAttribute('providerPaths', []); + if (!empty($providerPaths) && !empty($providerAffectedFiles)) { + $pathTrigger = new BuildTrigger($providerPaths); + $pathMatched = false; + foreach ($providerAffectedFiles as $file) { + if ($pathTrigger->isValid($file)) { + $pathMatched = true; + break; + } + } + if (!$pathMatched) { Span::add("{$logBase}.build.skipped.reason", 'path'); return false; } From 87f29c688932426a587520d1104199a7dccaee21 Mon Sep 17 00:00:00 2001 From: Hemachandar Date: Tue, 24 Mar 2026 16:48:37 +0530 Subject: [PATCH 09/84] include previous_filename --- .../Modules/VCS/Http/GitHub/Authorize/External/Update.php | 5 ++++- .../Platform/Modules/VCS/Http/GitHub/Events/Create.php | 5 ++++- src/Appwrite/Vcs/Validator/BuildTrigger.php | 6 ++++-- 3 files changed, 12 insertions(+), 4 deletions(-) diff --git a/src/Appwrite/Platform/Modules/VCS/Http/GitHub/Authorize/External/Update.php b/src/Appwrite/Platform/Modules/VCS/Http/GitHub/Authorize/External/Update.php index b3ff4f96fa..56230b7de3 100644 --- a/src/Appwrite/Platform/Modules/VCS/Http/GitHub/Authorize/External/Update.php +++ b/src/Appwrite/Platform/Modules/VCS/Http/GitHub/Authorize/External/Update.php @@ -131,7 +131,10 @@ class Update extends Action $providerCommitAuthorUrl = $commitDetails["commitAuthorUrl"] ?? ''; $prFiles = $github->getPullRequestFiles($owner, $providerRepositoryName, $providerPullRequestId); - $providerAffectedFiles = array_column($prFiles, 'filename'); + $providerAffectedFiles = [ + ...array_column($prFiles, 'filename'), + ...array_column($prFiles, 'previous_filename') + ]; $this->createGitDeployments($github, $providerInstallationId, $repositories, $providerBranch, $providerBranchUrl, $providerRepositoryName, $providerRepositoryUrl, $providerRepositoryOwner, $providerCommitHash, $providerCommitAuthor, $providerCommitAuthorUrl, $providerCommitMessage, $providerCommitUrl, $providerPullRequestId, $providerAffectedFiles, true, $dbForPlatform, $authorization, $queueForBuilds, $getProjectDB, $platform); diff --git a/src/Appwrite/Platform/Modules/VCS/Http/GitHub/Events/Create.php b/src/Appwrite/Platform/Modules/VCS/Http/GitHub/Events/Create.php index 09929cc64c..28aeb8c140 100644 --- a/src/Appwrite/Platform/Modules/VCS/Http/GitHub/Events/Create.php +++ b/src/Appwrite/Platform/Modules/VCS/Http/GitHub/Events/Create.php @@ -213,7 +213,10 @@ class Create extends Action $providerCommitMessage = $commitDetails["commitMessage"] ?? ''; $prFiles = $github->getPullRequestFiles($providerRepositoryOwner, $providerRepositoryName, $providerPullRequestId); - $providerAffectedFiles = array_column($prFiles, 'filename'); + $providerAffectedFiles = [ + ...array_column($prFiles, 'filename'), + ...array_column($prFiles, 'previous_filename') + ]; $repositories = $authorization->skip(fn () => $dbForPlatform->find('repositories', [ Query::equal('providerRepositoryId', [$providerRepositoryId]), diff --git a/src/Appwrite/Vcs/Validator/BuildTrigger.php b/src/Appwrite/Vcs/Validator/BuildTrigger.php index 0cad312e7b..842d81a455 100644 --- a/src/Appwrite/Vcs/Validator/BuildTrigger.php +++ b/src/Appwrite/Vcs/Validator/BuildTrigger.php @@ -6,7 +6,9 @@ use Utopia\Validator; class BuildTrigger extends Validator { - public function __construct(private readonly array $patterns) {} + public function __construct(private readonly array $patterns) + { + } public function isValid($value): bool { @@ -32,7 +34,7 @@ class BuildTrigger extends Validator } // A pattern is "specific" when it contains no wildcard characters. - $isSpecific = fn($p) => !str_contains($p, '*') && !str_contains($p, '?'); + $isSpecific = fn ($p) => !str_contains($p, '*') && !str_contains($p, '?'); // 1. Specific inclusion always wins — an explicit exact match is never blocked. foreach ($include as $pattern) { From e802102c8f08419720c1ee0599367c22a2723ba0 Mon Sep 17 00:00:00 2001 From: Hemachandar Date: Tue, 24 Mar 2026 17:09:38 +0530 Subject: [PATCH 10/84] fix exclusion sub-directory --- src/Appwrite/Vcs/Validator/BuildTrigger.php | 11 +++++------ tests/unit/Vcs/Validator/BuildTriggerTest.php | 11 +++++++++++ 2 files changed, 16 insertions(+), 6 deletions(-) diff --git a/src/Appwrite/Vcs/Validator/BuildTrigger.php b/src/Appwrite/Vcs/Validator/BuildTrigger.php index 842d81a455..22037c8907 100644 --- a/src/Appwrite/Vcs/Validator/BuildTrigger.php +++ b/src/Appwrite/Vcs/Validator/BuildTrigger.php @@ -34,7 +34,7 @@ class BuildTrigger extends Validator } // A pattern is "specific" when it contains no wildcard characters. - $isSpecific = fn ($p) => !str_contains($p, '*') && !str_contains($p, '?'); + $isSpecific = fn ($pattern) => !str_contains($pattern, '*') && !str_contains($pattern, '?'); // 1. Specific inclusion always wins — an explicit exact match is never blocked. foreach ($include as $pattern) { @@ -43,15 +43,14 @@ class BuildTrigger extends Validator } } - // 2. Specific exclusion overrides a wildcard inclusion — refines broad patterns. + // 2. Any exclusion (specific or wildcard) overrides a wildcard inclusion — refines broad patterns. foreach ($exclude as $pattern) { - $raw = substr($pattern, 1); - if ($isSpecific($raw) && $this->matchGlob($value, $raw)) { + if ($this->matchGlob($value, substr($pattern, 1))) { return false; } } - // 3. Wildcard inclusion wins over any remaining wildcard exclusion. + // 3. Wildcard inclusion — no exclusion blocked it. foreach ($include as $pattern) { if (!$isSpecific($pattern) && $this->matchGlob($value, $pattern)) { return true; @@ -64,7 +63,7 @@ class BuildTrigger extends Validator public function getDescription(): string { - return 'Value must match a specific inclusion, or a wildcard inclusion not overridden by a specific exclusion.'; + return 'Value must match a specific inclusion, or a wildcard inclusion not overridden by any exclusion.'; } public function isArray(): bool diff --git a/tests/unit/Vcs/Validator/BuildTriggerTest.php b/tests/unit/Vcs/Validator/BuildTriggerTest.php index a359a570ac..b26033b20b 100644 --- a/tests/unit/Vcs/Validator/BuildTriggerTest.php +++ b/tests/unit/Vcs/Validator/BuildTriggerTest.php @@ -229,6 +229,17 @@ class BuildTriggerTest extends TestCase $this->assertFalse($validator->isValid('develop')); // no inclusion match } + public function testWildcardExclusionOverridesWildcardInclusion(): void + { + // src/** is a broad inclusion; !src/generated/** carves out the generated subtree + $validator = new BuildTrigger(['src/**', '!src/generated/**']); + $this->assertTrue($validator->isValid('src/components/Button.php')); + $this->assertTrue($validator->isValid('src/utils/helper.js')); + $this->assertFalse($validator->isValid('src/generated/Foo.php')); // wildcard exclusion wins + $this->assertFalse($validator->isValid('src/generated/bar/Baz.php')); // wildcard exclusion wins + $this->assertFalse($validator->isValid('lib/other.php')); // no inclusion match + } + public function testSpecificInclusionOverridesWildcardExclusion(): void { // Narrow allowlist with a carve-out: exclude all of feature/* except feature/hotfix/critical From 60e51548e8983f4e719ba0e2261df8c3adfbff5b Mon Sep 17 00:00:00 2001 From: Hemachandar Date: Tue, 24 Mar 2026 17:09:45 +0530 Subject: [PATCH 11/84] more tests --- tests/unit/Vcs/Validator/BuildTriggerTest.php | 205 ++++++++++++++++++ 1 file changed, 205 insertions(+) diff --git a/tests/unit/Vcs/Validator/BuildTriggerTest.php b/tests/unit/Vcs/Validator/BuildTriggerTest.php index b26033b20b..66aa94abed 100644 --- a/tests/unit/Vcs/Validator/BuildTriggerTest.php +++ b/tests/unit/Vcs/Validator/BuildTriggerTest.php @@ -258,4 +258,209 @@ class BuildTriggerTest extends TestCase $this->assertTrue($validator->isValid('staging')); // passes — no inclusions required $this->assertTrue($validator->isValid('feature/foo')); } + + // ------------------------------------------------------------------------- + // Standalone wildcards + // ------------------------------------------------------------------------- + + public function testStarAloneMatchesSingleSegmentOnly(): void + { + // * → ^[^/]*$ — matches any single segment; the [^/]* guard prevents crossing / + $validator = new BuildTrigger(['*']); + $this->assertTrue($validator->isValid('main')); + $this->assertTrue($validator->isValid('develop')); + $this->assertFalse($validator->isValid('feature/foo')); // * cannot cross / + $this->assertFalse($validator->isValid('a/b/c')); + } + + public function testDoubleStarAloneMatchesEverything(): void + { + // ** alone → ^.*$ — matches any string including paths with separators + $validator = new BuildTrigger(['**']); + $this->assertTrue($validator->isValid('main')); + $this->assertTrue($validator->isValid('feature/foo')); + $this->assertTrue($validator->isValid('src/a/b/c/d/file.php')); + } + + // ------------------------------------------------------------------------- + // Extension patterns — * scope vs. ** scope + // ------------------------------------------------------------------------- + + public function testStarDotExtMatchesRootLevelOnly(): void + { + // *.php → ^[^/]*\.php$ — root-level only; * cannot cross / + $validator = new BuildTrigger(['*.php']); + $this->assertTrue($validator->isValid('Foo.php')); + $this->assertTrue($validator->isValid('index.php')); + $this->assertFalse($validator->isValid('src/Foo.php')); // * does not cross / + $this->assertFalse($validator->isValid('a/b/Foo.php')); + $this->assertFalse($validator->isValid('Foo.js')); + } + + public function testDoubleStarSlashExtMatchesAnyDepth(): void + { + // **/*.php → ^(?:.+/)?[^/]*\.php$ — (?:.+/)? is optional so root also matches + $validator = new BuildTrigger(['**/*.php']); + $this->assertTrue($validator->isValid('Foo.php')); // root — zero leading dirs + $this->assertTrue($validator->isValid('src/Foo.php')); + $this->assertTrue($validator->isValid('src/components/Foo.php')); + $this->assertTrue($validator->isValid('a/b/c/d/Foo.php')); // four levels deep + $this->assertFalse($validator->isValid('Foo.js')); + $this->assertFalse($validator->isValid('src/Foo.js')); + } + + public function testDirPrefixDoubleStarExtPattern(): void + { + // src/**/*.php → ^src/(?:.+/)?[^/]*\.php$ — scoped to src/ at any depth + $validator = new BuildTrigger(['src/**/*.php']); + $this->assertTrue($validator->isValid('src/Foo.php')); + $this->assertTrue($validator->isValid('src/components/Foo.php')); + $this->assertTrue($validator->isValid('src/a/b/c/Foo.php')); + $this->assertFalse($validator->isValid('Foo.php')); // outside src/ + $this->assertFalse($validator->isValid('lib/Foo.php')); + $this->assertFalse($validator->isValid('src/Foo.js')); + } + + // ------------------------------------------------------------------------- + // Dots as literal characters + // ------------------------------------------------------------------------- + + public function testDotsInPatternAreLiteral(): void + { + // preg_quote escapes . to \. — dots are never regex wildcards + $validator = new BuildTrigger(['release-1.0.0']); + $this->assertTrue($validator->isValid('release-1.0.0')); + $this->assertFalse($validator->isValid('release-1X0Y0')); // X/Y must not satisfy a literal dot + $this->assertFalse($validator->isValid('release-1.0.0-hotfix')); // extra suffix rejected by $ anchor + } + + public function testVersionWildcardBranchPattern(): void + { + // v*.*.* → ^v[^/]*\.[^/]*\.[^/]*$ — dots literal; [^/]* is greedy and can consume dots, + // so v1.2.3.4 also matches (first [^/]* eats "1.2") — documents current behavior + $validator = new BuildTrigger(['v*.*.*']); + $this->assertTrue($validator->isValid('v1.2.3')); + $this->assertTrue($validator->isValid('v10.20.30')); + $this->assertTrue($validator->isValid('v1.2.3.4')); // greedy match — first [^/]* eats "1.2" + $this->assertFalse($validator->isValid('v1.2')); // only two dot-segments; third \.[^/]* fails + $this->assertFalse($validator->isValid('1.2.3')); // missing leading v + $this->assertFalse($validator->isValid('v1/2/3')); // [^/]* cannot cross / + } + + public function testDottedFilenamePattern(): void + { + // *.test.js → ^[^/]*\.test\.js$ — both dots literal; * stays in root segment + $validator = new BuildTrigger(['*.test.js']); + $this->assertTrue($validator->isValid('Button.test.js')); + $this->assertTrue($validator->isValid('App.test.js')); + $this->assertFalse($validator->isValid('ButtonXtestYjs')); // dots must be literal + $this->assertFalse($validator->isValid('src/Button.test.js')); // * does not cross / + $this->assertFalse($validator->isValid('Button.test.ts')); + } + + // ------------------------------------------------------------------------- + // Prefix wildcard + // ------------------------------------------------------------------------- + + public function testPrefixWildcardBranchPattern(): void + { + // main* → ^main[^/]*$ — suffix wildcard; [^/]* cannot cross / + $validator = new BuildTrigger(['main*']); + $this->assertTrue($validator->isValid('main')); // zero trailing chars + $this->assertTrue($validator->isValid('main-extra')); + $this->assertTrue($validator->isValid('mainline')); + $this->assertFalse($validator->isValid('main/branch')); // [^/]* cannot cross / + $this->assertFalse($validator->isValid('develop')); + } + + // ------------------------------------------------------------------------- + // Deep nesting + // ------------------------------------------------------------------------- + + public function testDoubleWildcardInMiddleDeepNesting(): void + { + // a/**/b → ^a/(?:.+/)?b$ — .+ inside (?:.+/)? matches any chars including /, + // so it handles arbitrarily many intermediate directories + $validator = new BuildTrigger(['a/**/b']); + $this->assertTrue($validator->isValid('a/x/y/z/b')); // three intermediate dirs + $this->assertTrue($validator->isValid('a/p/q/r/s/b')); // four intermediate dirs + $this->assertTrue($validator->isValid('a/1/2/3/4/5/b')); // five intermediate dirs + $this->assertFalse($validator->isValid('a/x/y/z/b/extra')); // trailing segment rejected + $this->assertFalse($validator->isValid('prefix/a/x/b')); // leading segment rejected + } + + public function testDoubleWildcardAtStartDeepNesting(): void + { + // **/README.md → ^(?:.+/)?README\.md$ — matches at any depth; $ anchor prevents suffixes + $validator = new BuildTrigger(['**/README.md']); + $this->assertTrue($validator->isValid('README.md')); // zero leading dirs + $this->assertTrue($validator->isValid('docs/README.md')); + $this->assertTrue($validator->isValid('a/b/c/d/README.md')); // four levels deep + $this->assertTrue($validator->isValid('x/y/z/w/v/README.md')); // five levels deep + $this->assertFalse($validator->isValid('a/b/c/README.md.bak')); // $ anchor — no suffix + $this->assertFalse($validator->isValid('a/b/c/README.md/extra')); // trailing segment rejected + } + + // ------------------------------------------------------------------------- + // Real-world path patterns + // ------------------------------------------------------------------------- + + public function testGeneratedFilesAnywhereExclusion(): void + { + // !**/generated/** → ^(?:.+/)?generated/.*$ — excludes generated/ at any depth + $validator = new BuildTrigger(['!**/generated/**']); + $this->assertFalse($validator->isValid('generated/Foo.php')); // root generated/ + $this->assertFalse($validator->isValid('src/generated/Foo.php')); + $this->assertFalse($validator->isValid('src/api/generated/Bar.php')); // deep generated/ + $this->assertFalse($validator->isValid('generated/sub/deep/File.php')); // deep inside root generated/ + $this->assertTrue($validator->isValid('src/components/Button.php')); // not under generated/ + $this->assertTrue($validator->isValid('main')); + } + + public function testMultipleExtensionInclusions(): void + { + // OR semantics: any PHP or JS file triggers; other extensions do not + $validator = new BuildTrigger(['**/*.php', '**/*.js']); + $this->assertTrue($validator->isValid('index.php')); + $this->assertTrue($validator->isValid('src/App.php')); + $this->assertTrue($validator->isValid('index.js')); + $this->assertTrue($validator->isValid('src/components/App.js')); + $this->assertFalse($validator->isValid('styles.css')); + $this->assertFalse($validator->isValid('src/styles.css')); + $this->assertFalse($validator->isValid('README.md')); + } + + // ------------------------------------------------------------------------- + // Named-prefix single-level branch + // ------------------------------------------------------------------------- + + public function testReleaseBranchPattern(): void + { + // release/* → ^release/[^/]*$ — one level only; * stops at the next / + $validator = new BuildTrigger(['release/*']); + $this->assertTrue($validator->isValid('release/1.0')); + $this->assertTrue($validator->isValid('release/hotfix')); + $this->assertTrue($validator->isValid('release/2024-01-15')); + $this->assertFalse($validator->isValid('release/1.0/patch')); // * stops at / + $this->assertFalse($validator->isValid('release')); // missing the /* segment + $this->assertFalse($validator->isValid('main')); + } + + // ------------------------------------------------------------------------- + // Case sensitivity + // ------------------------------------------------------------------------- + + public function testPatternMatchingIsCaseSensitive(): void + { + // preg_match is used without the i flag — matching is always case-sensitive + $branchValidator = new BuildTrigger(['main']); + $this->assertTrue($branchValidator->isValid('main')); + $this->assertFalse($branchValidator->isValid('Main')); + $this->assertFalse($branchValidator->isValid('MAIN')); + + $wildcardValidator = new BuildTrigger(['feature/*']); + $this->assertTrue($wildcardValidator->isValid('feature/foo')); + $this->assertFalse($wildcardValidator->isValid('Feature/foo')); + $this->assertFalse($wildcardValidator->isValid('FEATURE/foo')); + } } From aa5543ac0afd259848fa1ded7345a884dd0dd338 Mon Sep 17 00:00:00 2001 From: Hemachandar Date: Tue, 24 Mar 2026 17:31:48 +0530 Subject: [PATCH 12/84] filter out null values --- .../Modules/VCS/Http/GitHub/Authorize/External/Update.php | 2 +- src/Appwrite/Platform/Modules/VCS/Http/GitHub/Events/Create.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/Appwrite/Platform/Modules/VCS/Http/GitHub/Authorize/External/Update.php b/src/Appwrite/Platform/Modules/VCS/Http/GitHub/Authorize/External/Update.php index 56230b7de3..99f0e0cadd 100644 --- a/src/Appwrite/Platform/Modules/VCS/Http/GitHub/Authorize/External/Update.php +++ b/src/Appwrite/Platform/Modules/VCS/Http/GitHub/Authorize/External/Update.php @@ -133,7 +133,7 @@ class Update extends Action $prFiles = $github->getPullRequestFiles($owner, $providerRepositoryName, $providerPullRequestId); $providerAffectedFiles = [ ...array_column($prFiles, 'filename'), - ...array_column($prFiles, 'previous_filename') + ...array_filter(array_column($prFiles, 'previous_filename')) // Filter out null values ]; $this->createGitDeployments($github, $providerInstallationId, $repositories, $providerBranch, $providerBranchUrl, $providerRepositoryName, $providerRepositoryUrl, $providerRepositoryOwner, $providerCommitHash, $providerCommitAuthor, $providerCommitAuthorUrl, $providerCommitMessage, $providerCommitUrl, $providerPullRequestId, $providerAffectedFiles, true, $dbForPlatform, $authorization, $queueForBuilds, $getProjectDB, $platform); diff --git a/src/Appwrite/Platform/Modules/VCS/Http/GitHub/Events/Create.php b/src/Appwrite/Platform/Modules/VCS/Http/GitHub/Events/Create.php index 28aeb8c140..4c75515aaa 100644 --- a/src/Appwrite/Platform/Modules/VCS/Http/GitHub/Events/Create.php +++ b/src/Appwrite/Platform/Modules/VCS/Http/GitHub/Events/Create.php @@ -215,7 +215,7 @@ class Create extends Action $prFiles = $github->getPullRequestFiles($providerRepositoryOwner, $providerRepositoryName, $providerPullRequestId); $providerAffectedFiles = [ ...array_column($prFiles, 'filename'), - ...array_column($prFiles, 'previous_filename') + ...array_filter(array_column($prFiles, 'previous_filename')) // Filter out null values ]; $repositories = $authorization->skip(fn () => $dbForPlatform->find('repositories', [ From 63f04f893ddfff7c672495ccc5e3ff6131caa2c2 Mon Sep 17 00:00:00 2001 From: harsh mahajan Date: Mon, 20 Apr 2026 12:18:26 +0530 Subject: [PATCH 13/84] fix composer --- composer.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/composer.lock b/composer.lock index cdbf3c535d..d0d69bd0c5 100644 --- a/composer.lock +++ b/composer.lock @@ -8464,5 +8464,5 @@ "platform-dev": { "ext-fileinfo": "*" }, - "plugin-api-version": "2.6.0" + "plugin-api-version": "2.9.0" } From 2d3c1086ae0e15ac60b38a0af6ae9a8d13265926 Mon Sep 17 00:00:00 2001 From: harsh mahajan Date: Wed, 29 Apr 2026 13:50:40 +0530 Subject: [PATCH 14/84] add endpoints --- .../Platform/Modules/Functions/Http/Functions/Create.php | 6 ++++++ .../Platform/Modules/Functions/Http/Functions/Update.php | 6 ++++++ src/Appwrite/Platform/Modules/Sites/Http/Sites/Create.php | 7 +++++++ src/Appwrite/Platform/Modules/Sites/Http/Sites/Update.php | 7 +++++++ 4 files changed, 26 insertions(+) diff --git a/src/Appwrite/Platform/Modules/Functions/Http/Functions/Create.php b/src/Appwrite/Platform/Modules/Functions/Http/Functions/Create.php index 7b294f3f90..f25c48937b 100644 --- a/src/Appwrite/Platform/Modules/Functions/Http/Functions/Create.php +++ b/src/Appwrite/Platform/Modules/Functions/Http/Functions/Create.php @@ -93,6 +93,8 @@ class Create extends Base ->param('providerBranch', '', new Text(128, 0), 'Production branch for the repo linked to the function.', true) ->param('providerSilentMode', false, new Boolean(), 'Is the VCS (Version Control System) connection in silent mode for the repo linked to the function? In silent mode, comments will not be made on commits and pull requests.', true) ->param('providerRootDirectory', '', new Text(128, 0), 'Path to function code in the linked repo.', true) + ->param('providerBranches', [], new ArrayList(new Text(128), APP_LIMIT_ARRAY_PARAMS_SIZE), 'List of branch name patterns to trigger automatic deployments. Supports wildcards. Leave empty to deploy on all branches.', true) + ->param('providerPaths', [], new ArrayList(new Text(128), APP_LIMIT_ARRAY_PARAMS_SIZE), 'List of file path patterns to trigger automatic deployments. Supports wildcards. Leave empty to deploy on all file changes.', true) ->param('buildSpecification', fn (array $plan) => $this->getDefaultSpecification($plan), fn (array $plan) => new Specification( $plan, Config::getParam('specifications', []), @@ -145,6 +147,8 @@ class Create extends Base string $providerBranch, bool $providerSilentMode, string $providerRootDirectory, + array $providerBranches, + array $providerPaths, string $buildSpecification, string $runtimeSpecification, string $templateRepository, @@ -246,6 +250,8 @@ class Create extends Base 'providerBranch' => $providerBranch, 'providerRootDirectory' => $providerRootDirectory, 'providerSilentMode' => $providerSilentMode, + 'providerBranches' => $providerBranches, + 'providerPaths' => $providerPaths, 'buildSpecification' => $buildSpecification, 'runtimeSpecification' => $runtimeSpecification, ])); diff --git a/src/Appwrite/Platform/Modules/Functions/Http/Functions/Update.php b/src/Appwrite/Platform/Modules/Functions/Http/Functions/Update.php index 7d6572d336..5c5d312ae8 100644 --- a/src/Appwrite/Platform/Modules/Functions/Http/Functions/Update.php +++ b/src/Appwrite/Platform/Modules/Functions/Http/Functions/Update.php @@ -87,6 +87,8 @@ class Update extends Base ->param('providerBranch', '', new Text(128, 0), 'Production branch for the repo linked to the function', true) ->param('providerSilentMode', false, new Boolean(), 'Is the VCS (Version Control System) connection in silent mode for the repo linked to the function? In silent mode, comments will not be made on commits and pull requests.', true) ->param('providerRootDirectory', '', new Text(128, 0), 'Path to function code in the linked repo.', true) + ->param('providerBranches', [], new ArrayList(new Text(128), APP_LIMIT_ARRAY_PARAMS_SIZE), 'List of branch name patterns to trigger automatic deployments. Supports wildcards. Leave empty to deploy on all branches.', true) + ->param('providerPaths', [], new ArrayList(new Text(128), APP_LIMIT_ARRAY_PARAMS_SIZE), 'List of file path patterns to trigger automatic deployments. Supports wildcards. Leave empty to deploy on all file changes.', true) ->param('buildSpecification', fn (array $plan) => $this->getDefaultSpecification($plan), fn (array $plan) => new Specification( $plan, Config::getParam('specifications', []), @@ -131,6 +133,8 @@ class Update extends Base string $providerBranch, bool $providerSilentMode, string $providerRootDirectory, + array $providerBranches, + array $providerPaths, string $buildSpecification, string $runtimeSpecification, int $deploymentRetention, @@ -274,6 +278,8 @@ class Update extends Base 'providerBranch' => $providerBranch, 'providerRootDirectory' => $providerRootDirectory, 'providerSilentMode' => $providerSilentMode, + 'providerBranches' => $providerBranches, + 'providerPaths' => $providerPaths, 'buildSpecification' => $buildSpecification, 'runtimeSpecification' => $runtimeSpecification, 'search' => implode(' ', [$functionId, $name, $runtime]), diff --git a/src/Appwrite/Platform/Modules/Sites/Http/Sites/Create.php b/src/Appwrite/Platform/Modules/Sites/Http/Sites/Create.php index d01d0d8ca7..9f3d46ffd0 100644 --- a/src/Appwrite/Platform/Modules/Sites/Http/Sites/Create.php +++ b/src/Appwrite/Platform/Modules/Sites/Http/Sites/Create.php @@ -19,6 +19,7 @@ use Utopia\Database\Helpers\ID; use Utopia\Platform\Action; use Utopia\Platform\Scope\HTTP; use Utopia\System\System; +use Utopia\Validator\ArrayList; use Utopia\Validator\Boolean; use Utopia\Validator\Range; use Utopia\Validator\Text; @@ -78,6 +79,8 @@ class Create extends Base ->param('providerBranch', '', new Text(128, 0), 'Production branch for the repo linked to the site.', true) ->param('providerSilentMode', false, new Boolean(), 'Is the VCS (Version Control System) connection in silent mode for the repo linked to the site? In silent mode, comments will not be made on commits and pull requests.', true) ->param('providerRootDirectory', '', new Text(128, 0), 'Path to site code in the linked repo.', true) + ->param('providerBranches', [], new ArrayList(new Text(128), APP_LIMIT_ARRAY_PARAMS_SIZE), 'List of branch name patterns to trigger automatic deployments. Supports wildcards. Leave empty to deploy on all branches.', true) + ->param('providerPaths', [], new ArrayList(new Text(128), APP_LIMIT_ARRAY_PARAMS_SIZE), 'List of file path patterns to trigger automatic deployments. Supports wildcards. Leave empty to deploy on all file changes.', true) ->param('buildSpecification', fn (array $plan) => $this->getDefaultSpecification($plan), fn (array $plan) => new Specification( $plan, Config::getParam('specifications', []), @@ -118,6 +121,8 @@ class Create extends Base string $providerBranch, bool $providerSilentMode, string $providerRootDirectory, + array $providerBranches, + array $providerPaths, string $buildSpecification, string $runtimeSpecification, int $deploymentRetention, @@ -173,6 +178,8 @@ class Create extends Base 'providerBranch' => $providerBranch, 'providerRootDirectory' => $providerRootDirectory, 'providerSilentMode' => $providerSilentMode, + 'providerBranches' => $providerBranches, + 'providerPaths' => $providerPaths, 'buildSpecification' => $buildSpecification, 'runtimeSpecification' => $runtimeSpecification, 'buildRuntime' => $buildRuntime, diff --git a/src/Appwrite/Platform/Modules/Sites/Http/Sites/Update.php b/src/Appwrite/Platform/Modules/Sites/Http/Sites/Update.php index 3c0d090b7b..32443d2250 100644 --- a/src/Appwrite/Platform/Modules/Sites/Http/Sites/Update.php +++ b/src/Appwrite/Platform/Modules/Sites/Http/Sites/Update.php @@ -22,6 +22,7 @@ use Utopia\Http\Adapter\Swoole\Request; use Utopia\Platform\Action; use Utopia\Platform\Scope\HTTP; use Utopia\System\System; +use Utopia\Validator\ArrayList; use Utopia\Validator\Boolean; use Utopia\Validator\Range; use Utopia\Validator\Text; @@ -81,6 +82,8 @@ class Update extends Base ->param('providerBranch', '', new Text(128, 0), 'Production branch for the repo linked to the site.', true) ->param('providerSilentMode', false, new Boolean(), 'Is the VCS (Version Control System) connection in silent mode for the repo linked to the site? In silent mode, comments will not be made on commits and pull requests.', true) ->param('providerRootDirectory', '', new Text(128, 0), 'Path to site code in the linked repo.', true) + ->param('providerBranches', [], new ArrayList(new Text(128), APP_LIMIT_ARRAY_PARAMS_SIZE), 'List of branch name patterns to trigger automatic deployments. Supports wildcards. Leave empty to deploy on all branches.', true) + ->param('providerPaths', [], new ArrayList(new Text(128), APP_LIMIT_ARRAY_PARAMS_SIZE), 'List of file path patterns to trigger automatic deployments. Supports wildcards. Leave empty to deploy on all file changes.', true) ->param('buildSpecification', fn (array $plan) => $this->getDefaultSpecification($plan), fn (array $plan) => new Specification( $plan, Config::getParam('specifications', []), @@ -125,6 +128,8 @@ class Update extends Base string $providerBranch, bool $providerSilentMode, string $providerRootDirectory, + array $providerBranches, + array $providerPaths, string $buildSpecification, string $runtimeSpecification, int $deploymentRetention, @@ -269,6 +274,8 @@ class Update extends Base 'providerBranch' => $providerBranch, 'providerRootDirectory' => $providerRootDirectory, 'providerSilentMode' => $providerSilentMode, + 'providerBranches' => $providerBranches, + 'providerPaths' => $providerPaths, 'buildSpecification' => $buildSpecification, 'runtimeSpecification' => $runtimeSpecification, 'search' => implode(' ', [$siteId, $name, $framework]), From e7405b439362f2471e20916c5dbbe9ecd9b4dc57 Mon Sep 17 00:00:00 2001 From: harsh mahajan Date: Thu, 30 Apr 2026 13:01:00 +0530 Subject: [PATCH 15/84] addressed comments --- .../Modules/Functions/Http/Functions/Update.php | 12 ++++++------ .../Platform/Modules/Sites/Http/Sites/Update.php | 13 +++++++------ 2 files changed, 13 insertions(+), 12 deletions(-) diff --git a/src/Appwrite/Platform/Modules/Functions/Http/Functions/Update.php b/src/Appwrite/Platform/Modules/Functions/Http/Functions/Update.php index 5c5d312ae8..b165026688 100644 --- a/src/Appwrite/Platform/Modules/Functions/Http/Functions/Update.php +++ b/src/Appwrite/Platform/Modules/Functions/Http/Functions/Update.php @@ -87,8 +87,8 @@ class Update extends Base ->param('providerBranch', '', new Text(128, 0), 'Production branch for the repo linked to the function', true) ->param('providerSilentMode', false, new Boolean(), 'Is the VCS (Version Control System) connection in silent mode for the repo linked to the function? In silent mode, comments will not be made on commits and pull requests.', true) ->param('providerRootDirectory', '', new Text(128, 0), 'Path to function code in the linked repo.', true) - ->param('providerBranches', [], new ArrayList(new Text(128), APP_LIMIT_ARRAY_PARAMS_SIZE), 'List of branch name patterns to trigger automatic deployments. Supports wildcards. Leave empty to deploy on all branches.', true) - ->param('providerPaths', [], new ArrayList(new Text(128), APP_LIMIT_ARRAY_PARAMS_SIZE), 'List of file path patterns to trigger automatic deployments. Supports wildcards. Leave empty to deploy on all file changes.', true) + ->param('providerBranches', null, new Nullable(new ArrayList(new Text(128), APP_LIMIT_ARRAY_PARAMS_SIZE)), 'List of branch name patterns to trigger automatic deployments. Supports wildcards. Leave empty to deploy on all branches.', true) + ->param('providerPaths', null, new Nullable(new ArrayList(new Text(128), APP_LIMIT_ARRAY_PARAMS_SIZE)), 'List of file path patterns to trigger automatic deployments. Supports wildcards. Leave empty to deploy on all file changes.', true) ->param('buildSpecification', fn (array $plan) => $this->getDefaultSpecification($plan), fn (array $plan) => new Specification( $plan, Config::getParam('specifications', []), @@ -133,8 +133,8 @@ class Update extends Base string $providerBranch, bool $providerSilentMode, string $providerRootDirectory, - array $providerBranches, - array $providerPaths, + ?array $providerBranches, + ?array $providerPaths, string $buildSpecification, string $runtimeSpecification, int $deploymentRetention, @@ -278,8 +278,8 @@ class Update extends Base 'providerBranch' => $providerBranch, 'providerRootDirectory' => $providerRootDirectory, 'providerSilentMode' => $providerSilentMode, - 'providerBranches' => $providerBranches, - 'providerPaths' => $providerPaths, + 'providerBranches' => $providerBranches ?? $function->getAttribute('providerBranches', []), + 'providerPaths' => $providerPaths ?? $function->getAttribute('providerPaths', []), 'buildSpecification' => $buildSpecification, 'runtimeSpecification' => $runtimeSpecification, 'search' => implode(' ', [$functionId, $name, $runtime]), diff --git a/src/Appwrite/Platform/Modules/Sites/Http/Sites/Update.php b/src/Appwrite/Platform/Modules/Sites/Http/Sites/Update.php index 32443d2250..fd079fcda8 100644 --- a/src/Appwrite/Platform/Modules/Sites/Http/Sites/Update.php +++ b/src/Appwrite/Platform/Modules/Sites/Http/Sites/Update.php @@ -24,6 +24,7 @@ use Utopia\Platform\Scope\HTTP; use Utopia\System\System; use Utopia\Validator\ArrayList; use Utopia\Validator\Boolean; +use Utopia\Validator\Nullable; use Utopia\Validator\Range; use Utopia\Validator\Text; use Utopia\Validator\WhiteList; @@ -82,8 +83,8 @@ class Update extends Base ->param('providerBranch', '', new Text(128, 0), 'Production branch for the repo linked to the site.', true) ->param('providerSilentMode', false, new Boolean(), 'Is the VCS (Version Control System) connection in silent mode for the repo linked to the site? In silent mode, comments will not be made on commits and pull requests.', true) ->param('providerRootDirectory', '', new Text(128, 0), 'Path to site code in the linked repo.', true) - ->param('providerBranches', [], new ArrayList(new Text(128), APP_LIMIT_ARRAY_PARAMS_SIZE), 'List of branch name patterns to trigger automatic deployments. Supports wildcards. Leave empty to deploy on all branches.', true) - ->param('providerPaths', [], new ArrayList(new Text(128), APP_LIMIT_ARRAY_PARAMS_SIZE), 'List of file path patterns to trigger automatic deployments. Supports wildcards. Leave empty to deploy on all file changes.', true) + ->param('providerBranches', null, new Nullable(new ArrayList(new Text(128), APP_LIMIT_ARRAY_PARAMS_SIZE)), 'List of branch name patterns to trigger automatic deployments. Supports wildcards. Leave empty to deploy on all branches.', true) + ->param('providerPaths', null, new Nullable(new ArrayList(new Text(128), APP_LIMIT_ARRAY_PARAMS_SIZE)), 'List of file path patterns to trigger automatic deployments. Supports wildcards. Leave empty to deploy on all file changes.', true) ->param('buildSpecification', fn (array $plan) => $this->getDefaultSpecification($plan), fn (array $plan) => new Specification( $plan, Config::getParam('specifications', []), @@ -128,8 +129,8 @@ class Update extends Base string $providerBranch, bool $providerSilentMode, string $providerRootDirectory, - array $providerBranches, - array $providerPaths, + ?array $providerBranches, + ?array $providerPaths, string $buildSpecification, string $runtimeSpecification, int $deploymentRetention, @@ -274,8 +275,8 @@ class Update extends Base 'providerBranch' => $providerBranch, 'providerRootDirectory' => $providerRootDirectory, 'providerSilentMode' => $providerSilentMode, - 'providerBranches' => $providerBranches, - 'providerPaths' => $providerPaths, + 'providerBranches' => $providerBranches ?? $site->getAttribute('providerBranches', []), + 'providerPaths' => $providerPaths ?? $site->getAttribute('providerPaths', []), 'buildSpecification' => $buildSpecification, 'runtimeSpecification' => $runtimeSpecification, 'search' => implode(' ', [$siteId, $name, $framework]), From 40c2e1a1faff5468983b30d7ffafb1d84bd1efac Mon Sep 17 00:00:00 2001 From: harsh mahajan Date: Mon, 4 May 2026 13:09:38 +0530 Subject: [PATCH 16/84] feat: skip deployment on commit message pattern match Add providerCommitSkipPatterns array field to functions and sites. Any commit message containing one of the patterns (case-insensitive substring) skips the VCS-triggered deployment. Co-Authored-By: Claude Sonnet 4.6 --- app/config/collections/projects.php | 22 +++ .../Modules/VCS/Http/GitHub/Deployment.php | 11 +- .../Vcs/Validator/CommitSkipPatterns.php | 50 +++++++ .../Vcs/Validator/CommitSkipPatternsTest.php | 141 ++++++++++++++++++ 4 files changed, 222 insertions(+), 2 deletions(-) create mode 100644 src/Appwrite/Vcs/Validator/CommitSkipPatterns.php create mode 100644 tests/unit/Vcs/Validator/CommitSkipPatternsTest.php diff --git a/app/config/collections/projects.php b/app/config/collections/projects.php index 9ac5c562e3..72daf91688 100644 --- a/app/config/collections/projects.php +++ b/app/config/collections/projects.php @@ -863,6 +863,17 @@ return [ 'array' => true, 'filters' => [], ], + [ + '$id' => ID::custom('providerCommitSkipPatterns'), + 'type' => Database::VAR_STRING, + 'format' => '', + 'size' => 128, + 'signed' => true, + 'required' => false, + 'default' => [], + 'array' => true, + 'filters' => [], + ], ], 'indexes' => [ [ @@ -1364,6 +1375,17 @@ return [ 'array' => true, 'filters' => [], ], + [ + '$id' => ID::custom('providerCommitSkipPatterns'), + 'type' => Database::VAR_STRING, + 'format' => '', + 'size' => 128, + 'signed' => true, + 'required' => false, + 'default' => [], + 'array' => true, + 'filters' => [], + ], ], 'indexes' => [ [ diff --git a/src/Appwrite/Platform/Modules/VCS/Http/GitHub/Deployment.php b/src/Appwrite/Platform/Modules/VCS/Http/GitHub/Deployment.php index 6c59d3c80a..d2b2511a43 100644 --- a/src/Appwrite/Platform/Modules/VCS/Http/GitHub/Deployment.php +++ b/src/Appwrite/Platform/Modules/VCS/Http/GitHub/Deployment.php @@ -8,6 +8,7 @@ use Appwrite\Extend\Exception; use Appwrite\Filter\BranchDomain as BranchDomainFilter; use Appwrite\Vcs\Comment; use Appwrite\Vcs\Validator\BuildTrigger; +use Appwrite\Vcs\Validator\CommitSkipPatterns; use Utopia\Config\Config; use Utopia\Console; use Utopia\Database\Database; @@ -96,7 +97,7 @@ trait Deployment $resource = $authorization->skip(fn () => $dbForProject->getDocument($resourceCollection, $resourceId)); $resourceInternalId = $resource->getSequence(); - if (!$this->isResourceBuildable($resource, $providerBranch, $providerAffectedFiles, $logBase)) { + if (!$this->isResourceBuildable($resource, $providerBranch, $providerAffectedFiles, $logBase, $providerCommitMessage)) { Span::add("{$logBase}.build.skipped", 'true'); continue; } @@ -568,7 +569,7 @@ trait Deployment return System::getEnv('_APP_BUILDS_QUEUE_NAME', Event::BUILDS_QUEUE_NAME); } - private function isResourceBuildable(Document $resource, string $providerBranch, array $providerAffectedFiles, string $logBase): bool + private function isResourceBuildable(Document $resource, string $providerBranch, array $providerAffectedFiles, string $logBase, string $providerCommitMessage = ''): bool { $branchTrigger = new BuildTrigger($resource->getAttribute('providerBranches', [])); if (!$branchTrigger->isValid($providerBranch)) { @@ -592,6 +593,12 @@ trait Deployment } } + $commitSkip = new CommitSkipPatterns($resource->getAttribute('providerCommitSkipPatterns', [])); + if (!$commitSkip->isValid($providerCommitMessage)) { + Span::add("{$logBase}.build.skipped.reason", 'commitMessage'); + return false; + } + return true; } } diff --git a/src/Appwrite/Vcs/Validator/CommitSkipPatterns.php b/src/Appwrite/Vcs/Validator/CommitSkipPatterns.php new file mode 100644 index 0000000000..76c04e5417 --- /dev/null +++ b/src/Appwrite/Vcs/Validator/CommitSkipPatterns.php @@ -0,0 +1,50 @@ +patterns as $pattern) { + if (!is_string($pattern) || $pattern === '') { + continue; + } + if (stripos($value, $pattern) !== false) { + return false; + } + } + + return true; + } + + public function getDescription(): string + { + return 'Commit message must not contain any of the configured skip patterns.'; + } + + public function isArray(): bool + { + return false; + } + + public function getType(): string + { + return self::TYPE_STRING; + } +} diff --git a/tests/unit/Vcs/Validator/CommitSkipPatternsTest.php b/tests/unit/Vcs/Validator/CommitSkipPatternsTest.php new file mode 100644 index 0000000000..3725c643bc --- /dev/null +++ b/tests/unit/Vcs/Validator/CommitSkipPatternsTest.php @@ -0,0 +1,141 @@ +assertTrue($validator->isValid('fix: update readme')); + $this->assertTrue($validator->isValid('[skip deploy] docs only')); + $this->assertTrue($validator->isValid('')); + } + + // ------------------------------------------------------------------------- + // Single pattern — exact substring + // ------------------------------------------------------------------------- + + public function testSinglePatternMatchSkips(): void + { + $validator = new CommitSkipPatterns(['[skip deploy]']); + $this->assertFalse($validator->isValid('[skip deploy] docs only')); + $this->assertFalse($validator->isValid('chore: update deps [skip deploy]')); + $this->assertFalse($validator->isValid('prefix [skip deploy] suffix')); + } + + public function testSinglePatternNoMatchProceeds(): void + { + $validator = new CommitSkipPatterns(['[skip deploy]']); + $this->assertTrue($validator->isValid('fix: real bug fix')); + $this->assertTrue($validator->isValid('feat: add new feature')); + $this->assertTrue($validator->isValid('skip deploy without brackets')); + } + + // ------------------------------------------------------------------------- + // Case insensitivity + // ------------------------------------------------------------------------- + + public function testCaseInsensitiveMatch(): void + { + $validator = new CommitSkipPatterns(['[skip deploy]']); + $this->assertFalse($validator->isValid('[SKIP DEPLOY] uppercase')); + $this->assertFalse($validator->isValid('[Skip Deploy] mixed case')); + $this->assertFalse($validator->isValid('[skip DEPLOY] partial upper')); + } + + public function testPatternItselfCaseInsensitive(): void + { + $validator = new CommitSkipPatterns(['[SKIP DEPLOY]']); + $this->assertFalse($validator->isValid('[skip deploy] lowercase message')); + $this->assertFalse($validator->isValid('[Skip Deploy] mixed message')); + } + + // ------------------------------------------------------------------------- + // Array of patterns — any match skips (OR semantics) + // ------------------------------------------------------------------------- + + public function testMultiplePatternsFirstMatches(): void + { + $validator = new CommitSkipPatterns(['[skip deploy]', '[skip ci]', '[no deploy]']); + $this->assertFalse($validator->isValid('[skip deploy] docs only')); + } + + public function testMultiplePatternsSecondMatches(): void + { + $validator = new CommitSkipPatterns(['[skip deploy]', '[skip ci]', '[no deploy]']); + $this->assertFalse($validator->isValid('chore: update readme [skip ci]')); + } + + public function testMultiplePatternsThirdMatches(): void + { + $validator = new CommitSkipPatterns(['[skip deploy]', '[skip ci]', '[no deploy]']); + $this->assertFalse($validator->isValid('[no deploy] just docs')); + } + + public function testMultiplePatternsNoneMatchProceeds(): void + { + $validator = new CommitSkipPatterns(['[skip deploy]', '[skip ci]', '[no deploy]']); + $this->assertTrue($validator->isValid('feat: completely new feature')); + $this->assertTrue($validator->isValid('fix: important bug fix')); + } + + // ------------------------------------------------------------------------- + // Common real-world skip conventions + // ------------------------------------------------------------------------- + + public function testCommonSkipCiPattern(): void + { + $validator = new CommitSkipPatterns(['[skip ci]']); + $this->assertFalse($validator->isValid('[skip ci] update changelog')); + $this->assertFalse($validator->isValid('[SKIP CI]')); + $this->assertTrue($validator->isValid('feat: something real')); + } + + public function testNoDeployPattern(): void + { + $validator = new CommitSkipPatterns(['[no deploy]']); + $this->assertFalse($validator->isValid('[no deploy] tweak docs')); + $this->assertTrue($validator->isValid('deploy this please')); + } + + // ------------------------------------------------------------------------- + // Edge cases + // ------------------------------------------------------------------------- + + public function testEmptyCommitMessageNeverSkipsWithPatterns(): void + { + $validator = new CommitSkipPatterns(['[skip deploy]']); + $this->assertTrue($validator->isValid('')); + } + + public function testBlankPatternsInArrayAreIgnored(): void + { + $validator = new CommitSkipPatterns(['', ' ', '[skip deploy]']); + // empty/whitespace-only patterns must not cause a false positive on empty messages + $this->assertTrue($validator->isValid('normal commit message')); + // but the real pattern still works + $this->assertFalse($validator->isValid('[skip deploy] docs')); + } + + public function testPatternAsSubstringOfLongerWord(): void + { + // "skip" is a substring of "skippy" — should NOT accidentally skip + $validator = new CommitSkipPatterns(['[skip deploy]']); + $this->assertTrue($validator->isValid('skippy the kangaroo')); + } + + public function testMultilineCommitMessage(): void + { + $validator = new CommitSkipPatterns(['[skip deploy]']); + $msg = "feat: add new stuff\n\nMore detail here.\n\n[skip deploy]"; + $this->assertFalse($validator->isValid($msg)); + } +} From 61cee5892afdb89e8a629b365991f0b09255da57 Mon Sep 17 00:00:00 2001 From: harsh mahajan Date: Tue, 5 May 2026 18:23:14 +0530 Subject: [PATCH 17/84] fix: tighten commit skip directive matching --- .../Vcs/Validator/CommitSkipPatterns.php | 74 +++++++++++++++++-- .../Vcs/Validator/CommitSkipPatternsTest.php | 23 ++++-- 2 files changed, 86 insertions(+), 11 deletions(-) diff --git a/src/Appwrite/Vcs/Validator/CommitSkipPatterns.php b/src/Appwrite/Vcs/Validator/CommitSkipPatterns.php index 76c04e5417..7243808bf8 100644 --- a/src/Appwrite/Vcs/Validator/CommitSkipPatterns.php +++ b/src/Appwrite/Vcs/Validator/CommitSkipPatterns.php @@ -12,7 +12,7 @@ class CommitSkipPatterns extends Validator /** * Returns false (skip deployment) when the commit message contains any of the - * configured patterns (case-insensitive substring match). + * configured skip directives. * Returns true (proceed) when no patterns are configured or none match. */ public function isValid($value): bool @@ -21,11 +21,13 @@ class CommitSkipPatterns extends Validator return false; } - foreach ($this->patterns as $pattern) { - if (!is_string($pattern) || $pattern === '') { - continue; - } - if (stripos($value, $pattern) !== false) { + $patterns = $this->normalizePatterns($this->patterns); + if (empty($patterns)) { + return true; + } + + foreach ($this->extractDirectives($value) as $directive) { + if (isset($patterns[$directive])) { return false; } } @@ -47,4 +49,64 @@ class CommitSkipPatterns extends Validator { return self::TYPE_STRING; } + + /** + * @param array $patterns + * @return array + */ + private function normalizePatterns(array $patterns): array + { + $normalized = []; + + foreach ($patterns as $pattern) { + if (!\is_string($pattern)) { + continue; + } + + $pattern = $this->normalizeDirective($pattern); + if ($pattern === '') { + continue; + } + + $normalized[$pattern] = true; + } + + return $normalized; + } + + /** + * @return array + */ + private function extractDirectives(string $message): array + { + $directives = []; + + if (\preg_match_all('/\[[^\]\r\n]+\]/u', $message, $matches) > 0) { + foreach ($matches[0] as $match) { + $directives[] = $this->normalizeDirective($match); + } + } + + foreach (\preg_split("/\r\n|\n|\r/", $message) ?: [] as $line) { + $line = \trim($line); + if ($line === '' || !\str_contains($line, ':')) { + continue; + } + + $directives[] = $this->normalizeDirective($line); + } + + return \array_values(\array_filter(\array_unique($directives))); + } + + private function normalizeDirective(string $value): string + { + $value = \trim($value); + if ($value === '') { + return ''; + } + + $value = (string) \preg_replace('/\s+/u', ' ', $value); + return \mb_strtolower($value); + } } diff --git a/tests/unit/Vcs/Validator/CommitSkipPatternsTest.php b/tests/unit/Vcs/Validator/CommitSkipPatternsTest.php index 3725c643bc..efc88bbf6a 100644 --- a/tests/unit/Vcs/Validator/CommitSkipPatternsTest.php +++ b/tests/unit/Vcs/Validator/CommitSkipPatternsTest.php @@ -20,7 +20,7 @@ class CommitSkipPatternsTest extends TestCase } // ------------------------------------------------------------------------- - // Single pattern — exact substring + // Single pattern — directive match // ------------------------------------------------------------------------- public function testSinglePatternMatchSkips(): void @@ -37,6 +37,7 @@ class CommitSkipPatternsTest extends TestCase $this->assertTrue($validator->isValid('fix: real bug fix')); $this->assertTrue($validator->isValid('feat: add new feature')); $this->assertTrue($validator->isValid('skip deploy without brackets')); + $this->assertTrue($validator->isValid('prefix[skip deploy]suffix')); } // ------------------------------------------------------------------------- @@ -119,17 +120,15 @@ class CommitSkipPatternsTest extends TestCase public function testBlankPatternsInArrayAreIgnored(): void { $validator = new CommitSkipPatterns(['', ' ', '[skip deploy]']); - // empty/whitespace-only patterns must not cause a false positive on empty messages $this->assertTrue($validator->isValid('normal commit message')); - // but the real pattern still works $this->assertFalse($validator->isValid('[skip deploy] docs')); } - public function testPatternAsSubstringOfLongerWord(): void + public function testPatternMustBeStandaloneDirective(): void { - // "skip" is a substring of "skippy" — should NOT accidentally skip $validator = new CommitSkipPatterns(['[skip deploy]']); $this->assertTrue($validator->isValid('skippy the kangaroo')); + $this->assertTrue($validator->isValid('prefix[skip deploy]suffix')); } public function testMultilineCommitMessage(): void @@ -138,4 +137,18 @@ class CommitSkipPatternsTest extends TestCase $msg = "feat: add new stuff\n\nMore detail here.\n\n[skip deploy]"; $this->assertFalse($validator->isValid($msg)); } + + public function testWhitespaceInsideDirectiveIsNormalized(): void + { + $validator = new CommitSkipPatterns([' [skip deploy] ']); + $this->assertFalse($validator->isValid('[skip deploy] docs only')); + $this->assertFalse($validator->isValid('[SKIP DEPLOY] docs only')); + } + + public function testTrailerDirectiveCanSkip(): void + { + $validator = new CommitSkipPatterns(['skip-checks: true']); + $msg = "feat: add new stuff\n\nMore detail here.\n\nskip-checks:true"; + $this->assertFalse($validator->isValid($msg)); + } } From 90f5f9b30be6f1263d9675c4ca80006361c2bd39 Mon Sep 17 00:00:00 2001 From: harsh mahajan Date: Thu, 7 May 2026 18:25:39 +0530 Subject: [PATCH 18/84] refactor: standalone regex matching for commit skip patterns Replace directive-extraction approach with word-boundary regex matching so plain-word patterns like "skip appwrite" and "appwrite skip" work alongside bracket directives. Use \s+ between word tokens (required space) and \s* only after ":" tokens (git trailer flexibility). Add tests for "skip appwrite" and "appwrite skip" with case insensitivity. Co-Authored-By: Claude Sonnet 4.6 --- .../Vcs/Validator/CommitSkipPatterns.php | 107 +++++++----------- .../Vcs/Validator/CommitSkipPatternsTest.php | 61 ++++++++++ 2 files changed, 101 insertions(+), 67 deletions(-) diff --git a/src/Appwrite/Vcs/Validator/CommitSkipPatterns.php b/src/Appwrite/Vcs/Validator/CommitSkipPatterns.php index 7243808bf8..9dbe45ba83 100644 --- a/src/Appwrite/Vcs/Validator/CommitSkipPatterns.php +++ b/src/Appwrite/Vcs/Validator/CommitSkipPatterns.php @@ -12,8 +12,16 @@ class CommitSkipPatterns extends Validator /** * Returns false (skip deployment) when the commit message contains any of the - * configured skip directives. + * configured patterns as a standalone directive (case-insensitive). * Returns true (proceed) when no patterns are configured or none match. + * + * Matching rules: + * - Case-insensitive + * - The directive must be surrounded by whitespace or string boundaries, so + * "prefix[skip deploy]suffix" does NOT accidentally skip + * - Internal whitespace in the pattern is normalised: tokens are split on \s+ + * and rejoined with \s* in the regex, so "[skip deploy]" matches + * "[skip deploy]" and "skip-checks: true" matches "skip-checks:true" */ public function isValid($value): bool { @@ -21,13 +29,38 @@ class CommitSkipPatterns extends Validator return false; } - $patterns = $this->normalizePatterns($this->patterns); - if (empty($patterns)) { - return true; - } + foreach ($this->patterns as $pattern) { + if (!is_string($pattern)) { + continue; + } - foreach ($this->extractDirectives($value) as $directive) { - if (isset($patterns[$directive])) { + $pattern = trim($pattern); + if ($pattern === '') { + continue; + } + + // Split on whitespace; each token is regex-quoted. Tokens are rejoined + // with \s+ (required space) so that "skipappwrite" does NOT match the + // pattern "skip appwrite". The only exception: when the preceding token + // ends with ":" (git trailer style), \s* is used so that + // "skip-checks:true" still matches the pattern "skip-checks: true". + $tokens = preg_split('/\s+/', $pattern); + $regexParts = []; + $count = count($tokens); + for ($i = 0; $i < $count; $i++) { + $regexParts[] = preg_quote($tokens[$i], '~'); + if ($i < $count - 1) { + $regexParts[] = str_ends_with($tokens[$i], ':') ? '\s*' : '\s+'; + } + } + $regexBody = implode('', $regexParts); + + // (? $patterns - * @return array - */ - private function normalizePatterns(array $patterns): array - { - $normalized = []; - - foreach ($patterns as $pattern) { - if (!\is_string($pattern)) { - continue; - } - - $pattern = $this->normalizeDirective($pattern); - if ($pattern === '') { - continue; - } - - $normalized[$pattern] = true; - } - - return $normalized; - } - - /** - * @return array - */ - private function extractDirectives(string $message): array - { - $directives = []; - - if (\preg_match_all('/\[[^\]\r\n]+\]/u', $message, $matches) > 0) { - foreach ($matches[0] as $match) { - $directives[] = $this->normalizeDirective($match); - } - } - - foreach (\preg_split("/\r\n|\n|\r/", $message) ?: [] as $line) { - $line = \trim($line); - if ($line === '' || !\str_contains($line, ':')) { - continue; - } - - $directives[] = $this->normalizeDirective($line); - } - - return \array_values(\array_filter(\array_unique($directives))); - } - - private function normalizeDirective(string $value): string - { - $value = \trim($value); - if ($value === '') { - return ''; - } - - $value = (string) \preg_replace('/\s+/u', ' ', $value); - return \mb_strtolower($value); - } } diff --git a/tests/unit/Vcs/Validator/CommitSkipPatternsTest.php b/tests/unit/Vcs/Validator/CommitSkipPatternsTest.php index efc88bbf6a..b546199d22 100644 --- a/tests/unit/Vcs/Validator/CommitSkipPatternsTest.php +++ b/tests/unit/Vcs/Validator/CommitSkipPatternsTest.php @@ -151,4 +151,65 @@ class CommitSkipPatternsTest extends TestCase $msg = "feat: add new stuff\n\nMore detail here.\n\nskip-checks:true"; $this->assertFalse($validator->isValid($msg)); } + + // ------------------------------------------------------------------------- + // Plain-word patterns: "skip appwrite" and "appwrite skip" + // ------------------------------------------------------------------------- + + public function testSkipAppwritePatternSkips(): void + { + $validator = new CommitSkipPatterns(['skip appwrite']); + $this->assertFalse($validator->isValid('docs: update readme skip appwrite')); + $this->assertFalse($validator->isValid('skip appwrite')); + } + + public function testSkipAppwritePatternCaseInsensitive(): void + { + $validator = new CommitSkipPatterns(['skip appwrite']); + $this->assertFalse($validator->isValid('SKIP APPWRITE')); + $this->assertFalse($validator->isValid('Skip Appwrite')); + $this->assertFalse($validator->isValid('SKIP appwrite')); + } + + public function testSkipAppwritePatternNoMatchProceeds(): void + { + $validator = new CommitSkipPatterns(['skip appwrite']); + $this->assertTrue($validator->isValid('feat: real feature')); + $this->assertTrue($validator->isValid('skipappwrite')); // no space — not standalone + $this->assertTrue($validator->isValid('appwrite is great')); + } + + public function testAppwriteSkipPatternSkips(): void + { + $validator = new CommitSkipPatterns(['appwrite skip']); + $this->assertFalse($validator->isValid('appwrite skip ci')); + $this->assertFalse($validator->isValid('docs appwrite skip')); + $this->assertFalse($validator->isValid('appwrite skip')); + } + + public function testAppwriteSkipPatternCaseInsensitive(): void + { + $validator = new CommitSkipPatterns(['appwrite skip']); + $this->assertFalse($validator->isValid('APPWRITE SKIP')); + $this->assertFalse($validator->isValid('Appwrite Skip')); + $this->assertFalse($validator->isValid('appwrite SKIP')); + } + + public function testAppwriteSkipPatternNoMatchProceeds(): void + { + $validator = new CommitSkipPatterns(['appwrite skip']); + $this->assertTrue($validator->isValid('feat: deploy appwrite changes')); + $this->assertTrue($validator->isValid('appwriteskip')); // no space — not standalone + $this->assertTrue($validator->isValid('skip the appwrite stuff')); + } + + public function testBothAppwritePatternsInArray(): void + { + $validator = new CommitSkipPatterns(['skip appwrite', 'appwrite skip']); + $this->assertFalse($validator->isValid('skip appwrite')); + $this->assertFalse($validator->isValid('appwrite skip')); + $this->assertFalse($validator->isValid('SKIP APPWRITE')); + $this->assertFalse($validator->isValid('APPWRITE SKIP')); + $this->assertTrue($validator->isValid('feat: deploy appwrite changes')); + } } From 8b4c90e6033f288f6cc7c25c2d465775e02adc25 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Matej=20Ba=C4=8Do?= Date: Thu, 14 May 2026 11:47:46 +0200 Subject: [PATCH 19/84] Introduce organization endpoints --- src/Appwrite/Platform/Appwrite.php | 2 + .../Organization/Http/Projects/Action.php | 11 + .../Organization/Http/Projects/Create.php | 238 ++++++++++++++++++ .../Organization/Http/Projects/Get.php | 79 ++++++ .../Organization/Http/Projects/Update.php | 100 ++++++++ .../Organization/Http/Projects/XList.php | 201 +++++++++++++++ .../Platform/Modules/Organization/Module.php | 14 ++ .../Modules/Organization/Services/Http.php | 22 ++ 8 files changed, 667 insertions(+) create mode 100644 src/Appwrite/Platform/Modules/Organization/Http/Projects/Action.php create mode 100644 src/Appwrite/Platform/Modules/Organization/Http/Projects/Create.php create mode 100644 src/Appwrite/Platform/Modules/Organization/Http/Projects/Get.php create mode 100644 src/Appwrite/Platform/Modules/Organization/Http/Projects/Update.php create mode 100644 src/Appwrite/Platform/Modules/Organization/Http/Projects/XList.php create mode 100644 src/Appwrite/Platform/Modules/Organization/Module.php create mode 100644 src/Appwrite/Platform/Modules/Organization/Services/Http.php diff --git a/src/Appwrite/Platform/Appwrite.php b/src/Appwrite/Platform/Appwrite.php index a9cd1a8e2f..e41d508522 100644 --- a/src/Appwrite/Platform/Appwrite.php +++ b/src/Appwrite/Platform/Appwrite.php @@ -11,6 +11,7 @@ use Appwrite\Platform\Modules\Databases; use Appwrite\Platform\Modules\Functions; use Appwrite\Platform\Modules\Health; use Appwrite\Platform\Modules\Migrations; +use Appwrite\Platform\Modules\Organization; use Appwrite\Platform\Modules\Project; use Appwrite\Platform\Modules\Projects; use Appwrite\Platform\Modules\Proxy; @@ -42,6 +43,7 @@ class Appwrite extends Platform $this->addModule(new VCS\Module()); $this->addModule(new Webhooks\Module()); $this->addModule(new Migrations\Module()); + $this->addModule(new Organization\Module()); $this->addModule(new Project\Module()); $this->addModule(new Advisor\Module()); } diff --git a/src/Appwrite/Platform/Modules/Organization/Http/Projects/Action.php b/src/Appwrite/Platform/Modules/Organization/Http/Projects/Action.php new file mode 100644 index 0000000000..0160e2aa04 --- /dev/null +++ b/src/Appwrite/Platform/Modules/Organization/Http/Projects/Action.php @@ -0,0 +1,11 @@ +setHttpMethod(Action::HTTP_REQUEST_METHOD_POST) + ->setHttpPath('/v1/organizations/:organizationId/projects') + ->desc('Create project') + ->groups(['api', 'projects']) + ->label('audits.event', 'projects.create') + ->label('audits.resource', 'project/{response.$id}') + ->label('scope', 'projects.write') + ->label('sdk', new Method( + namespace: 'projects', + group: 'projects', + name: 'create', + description: '/docs/references/projects/create.md', + auth: [AuthType::ADMIN], + responses: [ + new SDKResponse( + code: Response::STATUS_CODE_CREATED, + model: Response::MODEL_PROJECT, + ) + ] + )) + ->param('organizationId', '', new UID(), 'Organization unique ID.') + ->param('projectId', '', new ProjectId(), 'Unique Id. Choose a custom ID or generate a random ID with `ID.unique()`. Valid chars are a-z, and hyphen. Can\'t start with a special char. Max length is 36 chars.') + ->param('name', null, new Text(128), 'Project name. Max length: 128 chars.') + ->param('region', System::getEnv('_APP_REGION', 'default'), new WhiteList(array_keys(array_filter(Config::getParam('regions'), fn ($config) => !$config['disabled']))), 'Project Region.', true) + ->inject('request') + ->inject('response') + ->inject('dbForPlatform') + ->inject('cache') + ->inject('pools') + ->inject('hooks') + ->callback($this->action(...)); + } + + public function action(string $organizationId, string $projectId, string $name, string $region, Request $request, Response $response, Database $dbForPlatform, Cache $cache, Group $pools, Hooks $hooks) + { + $team = $dbForPlatform->getDocument('teams', $organizationId); + + if ($team->isEmpty()) { + throw new Exception(Exception::TEAM_NOT_FOUND); + } + + $allowList = \array_filter(\explode(',', System::getEnv('_APP_PROJECT_REGIONS', ''))); + + if (!empty($allowList) && !\in_array($region, $allowList)) { + throw new Exception(Exception::PROJECT_REGION_UNSUPPORTED, 'Region "' . $region . '" is not supported'); + } + + $auth = Config::getParam('auth', []); + $auths = [ + 'limit' => 0, + 'maxSessions' => 0, + 'passwordHistory' => 0, + 'passwordDictionary' => false, + 'duration' => TOKEN_EXPIRATION_LOGIN_LONG, + 'personalDataCheck' => false, + 'disposableEmails' => false, + 'canonicalEmails' => false, + 'freeEmails' => false, + 'mockNumbers' => [], + 'sessionAlerts' => false, + 'membershipsUserName' => false, + 'membershipsUserEmail' => false, + 'membershipsMfa' => false, + 'membershipsUserId' => false, + 'membershipsUserPhone' => false, + 'invalidateSessions' => true + ]; + + foreach ($auth as $method) { + $auths[$method['key'] ?? ''] = true; + } + + $projectId = ($projectId == 'unique()') ? ID::unique() : $projectId; + + if ($projectId === 'console') { + throw new Exception(Exception::PROJECT_RESERVED_PROJECT, "'console' is a reserved project."); + } + + $databases = Config::getParam('pools-database', []); + + if ($region !== 'default') { + $databaseKeys = System::getEnv('_APP_DATABASE_KEYS', ''); + $keys = explode(',', $databaseKeys); + $databases = array_filter($keys, function ($value) use ($region) { + return str_contains($value, $region); + }); + } + + $databaseOverride = System::getEnv('_APP_DATABASE_OVERRIDE'); + $index = \array_search($databaseOverride, $databases); + if ($index !== false) { + $dsn = $databases[$index]; + } else { + $dsn = $databases[array_rand($databases)]; + } + + // TODO: Temporary until all projects are using shared tables. + $sharedTables = \explode(',', System::getEnv('_APP_DATABASE_SHARED_TABLES', '')); + + if (\in_array($dsn, $sharedTables)) { + $schema = 'appwrite'; + $database = 'appwrite'; + $namespace = System::getEnv('_APP_DATABASE_SHARED_NAMESPACE', ''); + $dsn = $schema . '://' . $dsn . '?database=' . $database; + + if (!empty($namespace)) { + $dsn .= '&namespace=' . $namespace; + } + } + + try { + $project = $dbForPlatform->createDocument('projects', new Document([ + '$id' => $projectId, + '$permissions' => $this->getPermissions($organizationId, $projectId), + 'name' => $name, + 'teamInternalId' => $team->getSequence(), + 'teamId' => $team->getId(), + 'region' => $region, + 'version' => APP_VERSION_STABLE, + 'services' => new \stdClass(), + 'platforms' => null, + 'oAuthProviders' => [], + 'webhooks' => null, + 'keys' => null, + 'auths' => $auths, + 'accessedAt' => DateTime::now(), + 'search' => implode(' ', [$projectId, $name]), + 'database' => $dsn, + 'labels' => [], + 'status' => PROJECT_STATUS_ACTIVE, + ])); + } catch (Duplicate) { + throw new Exception(Exception::PROJECT_ALREADY_EXISTS); + } + + try { + $dsn = new DSN($dsn); + } catch (\InvalidArgumentException) { + // TODO: Temporary until all projects are using shared tables + $dsn = new DSN('mysql://' . $dsn); + } + + $sharedTables = \explode(',', System::getEnv('_APP_DATABASE_SHARED_TABLES', '')); + $projectTables = !\in_array($dsn->getHost(), $sharedTables); + + if ($projectTables) { + $adapter = new DatabasePool($pools->get($dsn->getHost())); + $dbForProject = new Database($adapter, $cache); + $dbForProject + ->setDatabase(APP_DATABASE) + ->setSharedTables(false) + ->setTenant(null) + ->setNamespace('_' . $project->getSequence()); + + $create = true; + + try { + $dbForProject->create(); + } catch (Duplicate) { + $create = false; + } + + $adapter = new AdapterDatabase($dbForProject); + $audit = new Audit($adapter); + $audit->setup(); + + if ($create) { + /** @var array $collections */ + $collections = Config::getParam('collections', [])['projects'] ?? []; + + foreach ($collections as $key => $collection) { + if (($collection['$collection'] ?? '') !== Database::METADATA) { + continue; + } + + $attributes = \array_map(fn ($attribute) => new Document($attribute), $collection['attributes']); + $indexes = \array_map(fn (array $index) => new Document($index), $collection['indexes']); + + try { + $dbForProject->createCollection($key, $attributes, $indexes); + } catch (Duplicate) { + // Collection already exists + } + } + } + } + + // Hook allowing instant project mirroring during migration + // Outside of migration, hook is not registered and has no effect + $hooks->trigger('afterProjectCreation', [$project, $pools, $cache]); + + $response + ->setStatusCode(Response::STATUS_CODE_CREATED) + ->dynamic($project, Response::MODEL_PROJECT); + } +} diff --git a/src/Appwrite/Platform/Modules/Organization/Http/Projects/Get.php b/src/Appwrite/Platform/Modules/Organization/Http/Projects/Get.php new file mode 100644 index 0000000000..012f223ae5 --- /dev/null +++ b/src/Appwrite/Platform/Modules/Organization/Http/Projects/Get.php @@ -0,0 +1,79 @@ +setHttpMethod(Action::HTTP_REQUEST_METHOD_GET) + ->setHttpPath('/v1/organizations/:organizationId/projects/:projectId') + ->desc('Get project') + ->groups(['api', 'project']) + ->label('scope', 'projects.read') + ->label('sdk', new Method( + namespace: 'project', + group: null, + name: 'get', + description: <<param('organizationId', '', new UID(), 'Organization unique ID.') + ->param('projectId', '', new UID(), 'Project unique ID.') + ->inject('response') + ->inject('dbForPlatform') + ->callback($this->action(...)); + } + + public function action( + string $organizationId, + string $projectId, + Response $response, + Database $dbForPlatform, + ) { + $team = $dbForPlatform->getDocument('teams', $organizationId); + + if ($team->isEmpty()) { + throw new Exception(Exception::TEAM_NOT_FOUND); + } + + $project = $dbForPlatform->getDocument('projects', $projectId); + + if ($project->isEmpty()) { + throw new Exception(Exception::PROJECT_NOT_FOUND); + } + + if ($project->getAttribute('teamInternalId') !== $team->getSequence()) { + throw new Exception(Exception::PROJECT_NOT_FOUND); + } + + $response->dynamic($project, Response::MODEL_PROJECT); + } +} diff --git a/src/Appwrite/Platform/Modules/Organization/Http/Projects/Update.php b/src/Appwrite/Platform/Modules/Organization/Http/Projects/Update.php new file mode 100644 index 0000000000..883e8e4626 --- /dev/null +++ b/src/Appwrite/Platform/Modules/Organization/Http/Projects/Update.php @@ -0,0 +1,100 @@ +setHttpMethod(Action::HTTP_REQUEST_METHOD_PATCH) + ->setHttpPath('/v1/organizations/:organizationId/projects/:projectId') + ->desc('Update project') + ->groups(['api', 'projects']) + ->label('scope', 'projects.write') + ->label('audits.event', 'projects.update') + ->label('audits.resource', 'project/{request.projectId}') + ->label('sdk', new Method( + namespace: 'projects', + group: 'projects', + name: 'update', + description: '/docs/references/projects/update.md', + auth: [AuthType::ADMIN], + responses: [ + new SDKResponse( + code: Response::STATUS_CODE_OK, + model: Response::MODEL_PROJECT, + ) + ] + )) + ->param('organizationId', '', new UID(), 'Organization unique ID.') + ->param('projectId', '', new UID(), 'Project unique ID.') + ->param('name', null, new Text(128), 'Project name. Max length: 128 chars.') + ->param('description', '', new Text(256), 'Project description. Max length: 256 chars.', true) + ->param('logo', '', new Text(1024), 'Project logo.', true) + ->param('url', '', new URL(), 'Project URL.', true) + ->param('legalName', '', new Text(256), 'Project legal name. Max length: 256 chars.', true) + ->param('legalCountry', '', new Text(256), 'Project legal country. Max length: 256 chars.', true) + ->param('legalState', '', new Text(256), 'Project legal state. Max length: 256 chars.', true) + ->param('legalCity', '', new Text(256), 'Project legal city. Max length: 256 chars.', true) + ->param('legalAddress', '', new Text(256), 'Project legal address. Max length: 256 chars.', true) + ->param('legalTaxId', '', new Text(256), 'Project legal tax ID. Max length: 256 chars.', true) + ->inject('response') + ->inject('dbForPlatform') + ->callback($this->action(...)); + } + + public function action(string $organizationId, string $projectId, string $name, string $description, string $logo, string $url, string $legalName, string $legalCountry, string $legalState, string $legalCity, string $legalAddress, string $legalTaxId, Response $response, Database $dbForPlatform) + { + $team = $dbForPlatform->getDocument('teams', $organizationId); + + if ($team->isEmpty()) { + throw new Exception(Exception::TEAM_NOT_FOUND); + } + + $project = $dbForPlatform->getDocument('projects', $projectId); + + if ($project->isEmpty()) { + throw new Exception(Exception::PROJECT_NOT_FOUND); + } + + if ($project->getAttribute('teamInternalId') !== $team->getSequence()) { + throw new Exception(Exception::PROJECT_NOT_FOUND); + } + + $project = $dbForPlatform->updateDocument('projects', $project->getId(), new Document([ + 'name' => $name, + 'description' => $description, + 'logo' => $logo, + 'url' => $url, + 'legalName' => $legalName, + 'legalCountry' => $legalCountry, + 'legalState' => $legalState, + 'legalCity' => $legalCity, + 'legalAddress' => $legalAddress, + 'legalTaxId' => $legalTaxId, + 'search' => implode(' ', [$projectId, $name]), + ])); + + $response->dynamic($project, Response::MODEL_PROJECT); + } +} diff --git a/src/Appwrite/Platform/Modules/Organization/Http/Projects/XList.php b/src/Appwrite/Platform/Modules/Organization/Http/Projects/XList.php new file mode 100644 index 0000000000..cd2c194289 --- /dev/null +++ b/src/Appwrite/Platform/Modules/Organization/Http/Projects/XList.php @@ -0,0 +1,201 @@ +setHttpMethod(Action::HTTP_REQUEST_METHOD_GET) + ->setHttpPath('/v1/organizations/:organizationId/projects') + ->desc('List projects') + ->groups(['api', 'projects']) + ->label('scope', 'projects.read') + ->label('sdk', new Method( + namespace: 'projects', + group: 'projects', + name: 'list', + description: <<param('organizationId', '', new UID(), 'Organization unique ID.') + ->param('queries', [], $this->getQueriesValidator(), 'Array of query strings generated using the Query class provided by the SDK. [Learn more about queries](https://appwrite.io/docs/queries). Maximum of ' . APP_LIMIT_ARRAY_PARAMS_SIZE . ' queries are allowed, each ' . APP_LIMIT_ARRAY_ELEMENT_SIZE . ' characters long. You may filter on the following attributes: ' . implode(', ', Projects::ALLOWED_ATTRIBUTES), true) + ->param('search', '', new Text(256), 'Search term to filter your list results. Max length: 256 chars.', true) + ->param('total', true, new Boolean(true), 'When set to false, the total count returned will be 0 and will not be calculated.', true) + ->inject('response') + ->inject('dbForPlatform') + ->callback($this->action(...)); + } + + public function action(string $organizationId, array $queries, string $search, bool $includeTotal, Response $response, Database $dbForPlatform) + { + $team = $dbForPlatform->getDocument('teams', $organizationId); + + if ($team->isEmpty()) { + throw new Exception(Exception::TEAM_NOT_FOUND); + } + + try { + $queries = Query::parseQueries($queries); + } catch (QueryException $e) { + throw new Exception(Exception::GENERAL_QUERY_INVALID, $e->getMessage()); + } + + if (!empty($search)) { + $queries[] = Query::search('search', $search); + } + + $queries[] = Query::equal('teamInternalId', [$team->getSequence()]); + + $cursor = Query::getCursorQueries($queries, false); + $cursor = \reset($cursor); + + if ($cursor !== false) { + $validator = new Cursor(); + if (!$validator->isValid($cursor)) { + throw new Exception(Exception::GENERAL_QUERY_INVALID, $validator->getDescription()); + } + + $projectId = $cursor->getValue(); + $cursorDocument = $dbForPlatform->getDocument('projects', $projectId); + + if ($cursorDocument->isEmpty()) { + throw new Exception(Exception::GENERAL_CURSOR_NOT_FOUND, "Project '{$projectId}' for the 'cursor' value not found."); + } + + $cursor->setValue($cursorDocument); + } + + try { + $selectQueries = Query::groupByType($queries)['selections']; + $filterQueries = Query::groupByType($queries)['filters']; + + $projects = $this->find($dbForPlatform, $queries, $selectQueries); + $total = $includeTotal ? $dbForPlatform->count('projects', $filterQueries, APP_LIMIT_COUNT) : 0; + } catch (Order $e) { + throw new Exception(Exception::DATABASE_QUERY_ORDER_NULL, "The order attribute '{$e->getAttribute()}' had a null value. Cursor pagination requires all documents order attribute values are non-null."); + } + + $response->addFilter(new ListSelection($selectQueries, 'projects')); + + $response->dynamic(new Document([ + 'projects' => $projects, + 'total' => $total, + ]), Response::MODEL_PROJECT_LIST); + } + + // Build mapping of columns to their subQuery filters + private static function getAttributeToSubQueryFilters(): array + { + if (self::$attributeToSubQueryFilters !== null) { + return self::$attributeToSubQueryFilters; + } + + self::$attributeToSubQueryFilters = []; + + $collections = Config::getParam('collections', []); + $projectAttributes = $collections['platform']['projects']['attributes'] ?? []; + + foreach ($projectAttributes as $attribute) { + $attributeId = $attribute['$id'] ?? null; + $filters = $attribute['filters'] ?? []; + + if ($attributeId === null || empty($filters)) { + continue; + } + + // extract only subQuery filters + $subQueryFilters = \array_filter($filters, function ($filter) { + return \str_starts_with($filter, 'subQuery'); + }); + + if (!empty($subQueryFilters)) { + self::$attributeToSubQueryFilters[$attributeId] = \array_values($subQueryFilters); + } + } + + return self::$attributeToSubQueryFilters; + } + + private function find(Database $dbForPlatform, array $queries, array $selectQueries): array + { + if (empty($selectQueries)) { + return $dbForPlatform->find('projects', $queries); + } + + $selectedAttributes = []; + foreach ($selectQueries as $query) { + foreach ($query->getValues() as $value) { + $selectedAttributes[] = $value; + } + } + + if (\in_array('*', $selectedAttributes)) { + return $dbForPlatform->find('projects', $queries); + } + + $filtersToSkipMap = []; + $selectedAttributesMap = \array_flip($selectedAttributes); + $attributeToSubQueryFilters = self::getAttributeToSubQueryFilters(); + + foreach ($attributeToSubQueryFilters as $attributeName => $subQueryFilters) { + if (!isset($selectedAttributesMap[$attributeName])) { + foreach ($subQueryFilters as $filter) { + $filtersToSkipMap[$filter] = true; + } + } + } + + $filtersToSkip = \array_keys($filtersToSkipMap); + + return empty($filtersToSkip) + ? $dbForPlatform->find('projects', $queries) + : $dbForPlatform->skipFilters(fn () => $dbForPlatform->find('projects', $queries), $filtersToSkip); + } +} diff --git a/src/Appwrite/Platform/Modules/Organization/Module.php b/src/Appwrite/Platform/Modules/Organization/Module.php new file mode 100644 index 0000000000..eb7a2dc433 --- /dev/null +++ b/src/Appwrite/Platform/Modules/Organization/Module.php @@ -0,0 +1,14 @@ +addService('http', new Http()); + } +} diff --git a/src/Appwrite/Platform/Modules/Organization/Services/Http.php b/src/Appwrite/Platform/Modules/Organization/Services/Http.php new file mode 100644 index 0000000000..030bff9fac --- /dev/null +++ b/src/Appwrite/Platform/Modules/Organization/Services/Http.php @@ -0,0 +1,22 @@ +type = Service::TYPE_HTTP; + + $this->addAction(CreateProject::getName(), new CreateProject()); + $this->addAction(ListProjects::getName(), new ListProjects()); + $this->addAction(GetProject::getName(), new GetProject()); + $this->addAction(UpdateProject::getName(), new UpdateProject()); + } +} From 275a6fe078b8fafec4c5655f4cbdecb5c1ba6199 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Matej=20Ba=C4=8Do?= Date: Thu, 14 May 2026 12:01:51 +0200 Subject: [PATCH 20/84] merge endpoints as aliases --- .../Organization/Http/Projects/Create.php | 11 +- .../Organization/Http/Projects/Update.php | 11 +- .../Organization/Http/Projects/XList.php | 11 +- .../Modules/Projects/Http/Projects/Create.php | 245 ------------------ .../Modules/Projects/Http/Projects/Update.php | 94 ------- .../Modules/Projects/Http/Projects/XList.php | 197 -------------- .../Modules/Projects/Services/Http.php | 6 - 7 files changed, 30 insertions(+), 545 deletions(-) delete mode 100644 src/Appwrite/Platform/Modules/Projects/Http/Projects/Create.php delete mode 100644 src/Appwrite/Platform/Modules/Projects/Http/Projects/Update.php delete mode 100644 src/Appwrite/Platform/Modules/Projects/Http/Projects/XList.php diff --git a/src/Appwrite/Platform/Modules/Organization/Http/Projects/Create.php b/src/Appwrite/Platform/Modules/Organization/Http/Projects/Create.php index 6ad8a25e9f..aebf228380 100644 --- a/src/Appwrite/Platform/Modules/Organization/Http/Projects/Create.php +++ b/src/Appwrite/Platform/Modules/Organization/Http/Projects/Create.php @@ -42,6 +42,7 @@ class Create extends Action $this ->setHttpMethod(Action::HTTP_REQUEST_METHOD_POST) ->setHttpPath('/v1/organizations/:organizationId/projects') + ->httpAlias('/v1/projects') ->desc('Create project') ->groups(['api', 'projects']) ->label('audits.event', 'projects.create') @@ -70,11 +71,19 @@ class Create extends Action ->inject('cache') ->inject('pools') ->inject('hooks') + ->inject('team') ->callback($this->action(...)); } - public function action(string $organizationId, string $projectId, string $name, string $region, Request $request, Response $response, Database $dbForPlatform, Cache $cache, Group $pools, Hooks $hooks) + public function action(string $organizationId, string $projectId, string $name, string $region, Request $request, Response $response, Database $dbForPlatform, Cache $cache, Group $pools, Hooks $hooks, Document $team) { + if (empty($organizationId)) { + if ($team->isEmpty()) { + throw new Exception(Exception::TEAM_NOT_FOUND); + } + $organizationId = $team->getId(); + } + $team = $dbForPlatform->getDocument('teams', $organizationId); if ($team->isEmpty()) { diff --git a/src/Appwrite/Platform/Modules/Organization/Http/Projects/Update.php b/src/Appwrite/Platform/Modules/Organization/Http/Projects/Update.php index 883e8e4626..36009a9512 100644 --- a/src/Appwrite/Platform/Modules/Organization/Http/Projects/Update.php +++ b/src/Appwrite/Platform/Modules/Organization/Http/Projects/Update.php @@ -28,6 +28,7 @@ class Update extends Action $this ->setHttpMethod(Action::HTTP_REQUEST_METHOD_PATCH) ->setHttpPath('/v1/organizations/:organizationId/projects/:projectId') + ->httpAlias('/v1/projects/:projectId') ->desc('Update project') ->groups(['api', 'projects']) ->label('scope', 'projects.write') @@ -60,11 +61,19 @@ class Update extends Action ->param('legalTaxId', '', new Text(256), 'Project legal tax ID. Max length: 256 chars.', true) ->inject('response') ->inject('dbForPlatform') + ->inject('team') ->callback($this->action(...)); } - public function action(string $organizationId, string $projectId, string $name, string $description, string $logo, string $url, string $legalName, string $legalCountry, string $legalState, string $legalCity, string $legalAddress, string $legalTaxId, Response $response, Database $dbForPlatform) + public function action(string $organizationId, string $projectId, string $name, string $description, string $logo, string $url, string $legalName, string $legalCountry, string $legalState, string $legalCity, string $legalAddress, string $legalTaxId, Response $response, Database $dbForPlatform, Document $team) { + if (empty($organizationId)) { + if ($team->isEmpty()) { + throw new Exception(Exception::TEAM_NOT_FOUND); + } + $organizationId = $team->getId(); + } + $team = $dbForPlatform->getDocument('teams', $organizationId); if ($team->isEmpty()) { diff --git a/src/Appwrite/Platform/Modules/Organization/Http/Projects/XList.php b/src/Appwrite/Platform/Modules/Organization/Http/Projects/XList.php index cd2c194289..837cbff9e5 100644 --- a/src/Appwrite/Platform/Modules/Organization/Http/Projects/XList.php +++ b/src/Appwrite/Platform/Modules/Organization/Http/Projects/XList.php @@ -45,6 +45,7 @@ class XList extends Action $this ->setHttpMethod(Action::HTTP_REQUEST_METHOD_GET) ->setHttpPath('/v1/organizations/:organizationId/projects') + ->httpAlias('/v1/projects') ->desc('List projects') ->groups(['api', 'projects']) ->label('scope', 'projects.read') @@ -70,11 +71,19 @@ class XList extends Action ->param('total', true, new Boolean(true), 'When set to false, the total count returned will be 0 and will not be calculated.', true) ->inject('response') ->inject('dbForPlatform') + ->inject('team') ->callback($this->action(...)); } - public function action(string $organizationId, array $queries, string $search, bool $includeTotal, Response $response, Database $dbForPlatform) + public function action(string $organizationId, array $queries, string $search, bool $includeTotal, Response $response, Database $dbForPlatform, Document $team) { + if (empty($organizationId)) { + if ($team->isEmpty()) { + throw new Exception(Exception::TEAM_NOT_FOUND); + } + $organizationId = $team->getId(); + } + $team = $dbForPlatform->getDocument('teams', $organizationId); if ($team->isEmpty()) { diff --git a/src/Appwrite/Platform/Modules/Projects/Http/Projects/Create.php b/src/Appwrite/Platform/Modules/Projects/Http/Projects/Create.php deleted file mode 100644 index d2c92fc65c..0000000000 --- a/src/Appwrite/Platform/Modules/Projects/Http/Projects/Create.php +++ /dev/null @@ -1,245 +0,0 @@ -setHttpMethod(Action::HTTP_REQUEST_METHOD_POST) - ->setHttpPath('/v1/projects') - ->desc('Create project') - ->groups(['api', 'projects']) - ->label('audits.event', 'projects.create') - ->label('audits.resource', 'project/{response.$id}') - ->label('scope', 'projects.write') - ->label('sdk', new Method( - namespace: 'projects', - group: 'projects', - name: 'create', - description: '/docs/references/projects/create.md', - auth: [AuthType::ADMIN], - responses: [ - new SDKResponse( - code: Response::STATUS_CODE_CREATED, - model: Response::MODEL_PROJECT, - ) - ] - )) - ->param('projectId', '', new ProjectId(), 'Unique Id. Choose a custom ID or generate a random ID with `ID.unique()`. Valid chars are a-z, and hyphen. Can\'t start with a special char. Max length is 36 chars.') - ->param('name', null, new Text(128), 'Project name. Max length: 128 chars.') - ->param('teamId', '', new UID(), 'Team unique ID.') - ->param('region', System::getEnv('_APP_REGION', 'default'), new WhiteList(array_keys(array_filter(Config::getParam('regions'), fn ($config) => !$config['disabled']))), 'Project Region.', true) - ->inject('request') - ->inject('response') - ->inject('dbForPlatform') - ->inject('cache') - ->inject('pools') - ->inject('hooks') - ->callback($this->action(...)); - } - - public function action(string $projectId, string $name, string $teamId, string $region, Request $request, Response $response, Database $dbForPlatform, Cache $cache, Group $pools, Hooks $hooks) - { - $team = $dbForPlatform->getDocument('teams', $teamId); - - if ($team->isEmpty()) { - throw new Exception(Exception::TEAM_NOT_FOUND); - } - - $allowList = \array_filter(\explode(',', System::getEnv('_APP_PROJECT_REGIONS', ''))); - - if (!empty($allowList) && !\in_array($region, $allowList)) { - throw new Exception(Exception::PROJECT_REGION_UNSUPPORTED, 'Region "' . $region . '" is not supported'); - } - - $auth = Config::getParam('auth', []); - $auths = [ - 'limit' => 0, - 'maxSessions' => 0, - 'passwordHistory' => 0, - 'passwordDictionary' => false, - 'duration' => TOKEN_EXPIRATION_LOGIN_LONG, - 'personalDataCheck' => false, - 'disposableEmails' => false, - 'canonicalEmails' => false, - 'freeEmails' => false, - 'mockNumbers' => [], - 'sessionAlerts' => false, - 'membershipsUserName' => false, - 'membershipsUserEmail' => false, - 'membershipsMfa' => false, - 'membershipsUserId' => false, - 'membershipsUserPhone' => false, - 'invalidateSessions' => true - ]; - - foreach ($auth as $method) { - $auths[$method['key'] ?? ''] = true; - } - - $projectId = ($projectId == 'unique()') ? ID::unique() : $projectId; - - if ($projectId === 'console') { - throw new Exception(Exception::PROJECT_RESERVED_PROJECT, "'console' is a reserved project."); - } - - $databases = Config::getParam('pools-database', []); - - if ($region !== 'default') { - $databaseKeys = System::getEnv('_APP_DATABASE_KEYS', ''); - $keys = explode(',', $databaseKeys); - $databases = array_filter($keys, function ($value) use ($region) { - return str_contains($value, $region); - }); - } - - $databaseOverride = System::getEnv('_APP_DATABASE_OVERRIDE'); - $index = \array_search($databaseOverride, $databases); - if ($index !== false) { - $dsn = $databases[$index]; - } else { - $dsn = $databases[array_rand($databases)]; - } - - // TODO: Temporary until all projects are using shared tables. - $sharedTables = \explode(',', System::getEnv('_APP_DATABASE_SHARED_TABLES', '')); - - if (\in_array($dsn, $sharedTables)) { - $schema = 'appwrite'; - $database = 'appwrite'; - $namespace = System::getEnv('_APP_DATABASE_SHARED_NAMESPACE', ''); - $dsn = $schema . '://' . $dsn . '?database=' . $database; - - if (!empty($namespace)) { - $dsn .= '&namespace=' . $namespace; - } - } - - try { - $project = $dbForPlatform->createDocument('projects', new Document([ - '$id' => $projectId, - '$permissions' => $this->getPermissions($teamId, $projectId), - 'name' => $name, - 'teamInternalId' => $team->getSequence(), - 'teamId' => $team->getId(), - 'region' => $region, - 'version' => APP_VERSION_STABLE, - 'services' => new \stdClass(), - 'platforms' => null, - 'oAuthProviders' => [], - 'webhooks' => null, - 'keys' => null, - 'auths' => $auths, - 'accessedAt' => DateTime::now(), - 'search' => implode(' ', [$projectId, $name]), - 'database' => $dsn, - 'labels' => [], - 'status' => PROJECT_STATUS_ACTIVE, - ])); - } catch (Duplicate) { - throw new Exception(Exception::PROJECT_ALREADY_EXISTS); - } - - try { - $dsn = new DSN($dsn); - } catch (\InvalidArgumentException) { - // TODO: Temporary until all projects are using shared tables - $dsn = new DSN('mysql://' . $dsn); - } - - $sharedTables = \explode(',', System::getEnv('_APP_DATABASE_SHARED_TABLES', '')); - $projectTables = !\in_array($dsn->getHost(), $sharedTables); - - if ($projectTables) { - $adapter = new DatabasePool($pools->get($dsn->getHost())); - $dbForProject = new Database($adapter, $cache); - $dbForProject - ->setDatabase(APP_DATABASE) - ->setSharedTables(false) - ->setTenant(null) - ->setNamespace('_' . $project->getSequence()); - - $create = true; - - try { - $dbForProject->create(); - } catch (Duplicate) { - $create = false; - } - - $adapter = new AdapterDatabase($dbForProject); - $audit = new Audit($adapter); - $audit->setup(); - - if ($create) { - /** @var array $collections */ - $collections = Config::getParam('collections', [])['projects'] ?? []; - - foreach ($collections as $key => $collection) { - if (($collection['$collection'] ?? '') !== Database::METADATA) { - continue; - } - - $attributes = \array_map(fn ($attribute) => new Document($attribute), $collection['attributes']); - $indexes = \array_map(fn (array $index) => new Document($index), $collection['indexes']); - - try { - $dbForProject->createCollection($key, $attributes, $indexes); - } catch (Duplicate) { - // Collection already exists - } - } - } - } - - // Hook allowing instant project mirroring during migration - // Outside of migration, hook is not registered and has no effect - $hooks->trigger('afterProjectCreation', [$project, $pools, $cache]); - - $response - ->setStatusCode(Response::STATUS_CODE_CREATED) - ->dynamic($project, Response::MODEL_PROJECT); - } -} diff --git a/src/Appwrite/Platform/Modules/Projects/Http/Projects/Update.php b/src/Appwrite/Platform/Modules/Projects/Http/Projects/Update.php deleted file mode 100644 index 29c26b33ea..0000000000 --- a/src/Appwrite/Platform/Modules/Projects/Http/Projects/Update.php +++ /dev/null @@ -1,94 +0,0 @@ -setHttpMethod(Action::HTTP_REQUEST_METHOD_PATCH) - ->setHttpPath('/v1/projects/:projectId') - ->desc('Update project') - ->groups(['api', 'projects']) - ->label('scope', 'projects.write') - ->label('audits.event', 'projects.update') - ->label('audits.resource', 'project/{request.projectId}') - ->label('sdk', new Method( - namespace: 'projects', - group: 'projects', - name: 'update', - description: '/docs/references/projects/update.md', - auth: [AuthType::ADMIN], - responses: [ - new SDKResponse( - code: Response::STATUS_CODE_OK, - model: Response::MODEL_PROJECT, - ) - ] - )) - ->param('projectId', '', new UID(), 'Project unique ID.') - ->param('name', null, new Text(128), 'Project name. Max length: 128 chars.') - ->param('description', '', new Text(256), 'Project description. Max length: 256 chars.', true) - ->param('logo', '', new Text(1024), 'Project logo.', true) - ->param('url', '', new URL(), 'Project URL.', true) - ->param('legalName', '', new Text(256), 'Project legal name. Max length: 256 chars.', true) - ->param('legalCountry', '', new Text(256), 'Project legal country. Max length: 256 chars.', true) - ->param('legalState', '', new Text(256), 'Project legal state. Max length: 256 chars.', true) - ->param('legalCity', '', new Text(256), 'Project legal city. Max length: 256 chars.', true) - ->param('legalAddress', '', new Text(256), 'Project legal address. Max length: 256 chars.', true) - ->param('legalTaxId', '', new Text(256), 'Project legal tax ID. Max length: 256 chars.', true) - ->inject('response') - ->inject('dbForPlatform') - ->callback($this->action(...)); - } - - public function action(string $projectId, string $name, string $description, string $logo, string $url, string $legalName, string $legalCountry, string $legalState, string $legalCity, string $legalAddress, string $legalTaxId, Response $response, Database $dbForPlatform) - { - $project = $dbForPlatform->getDocument('projects', $projectId); - - if ($project->isEmpty()) { - throw new Exception(Exception::PROJECT_NOT_FOUND); - } - - $project = $dbForPlatform->updateDocument('projects', $project->getId(), $project - ->setAttribute('name', $name) - ->setAttribute('description', $description) - ->setAttribute('logo', $logo) - ->setAttribute('url', $url) - ->setAttribute('legalName', $legalName) - ->setAttribute('legalCountry', $legalCountry) - ->setAttribute('legalState', $legalState) - ->setAttribute('legalCity', $legalCity) - ->setAttribute('legalAddress', $legalAddress) - ->setAttribute('legalTaxId', $legalTaxId) - ->setAttribute('search', implode(' ', [$projectId, $name]))); - - $response->dynamic($project, Response::MODEL_PROJECT); - } -} diff --git a/src/Appwrite/Platform/Modules/Projects/Http/Projects/XList.php b/src/Appwrite/Platform/Modules/Projects/Http/Projects/XList.php deleted file mode 100644 index 0d2a951388..0000000000 --- a/src/Appwrite/Platform/Modules/Projects/Http/Projects/XList.php +++ /dev/null @@ -1,197 +0,0 @@ -setHttpMethod(Action::HTTP_REQUEST_METHOD_GET) - ->setHttpPath('/v1/projects') - ->desc('List projects') - ->groups(['api', 'projects']) - ->label('scope', 'projects.read') - ->label('sdk', new Method( - namespace: 'projects', - group: 'projects', - name: 'list', - description: <<param('queries', [], $this->getQueriesValidator(), 'Array of query strings generated using the Query class provided by the SDK. [Learn more about queries](https://appwrite.io/docs/queries). Maximum of ' . APP_LIMIT_ARRAY_PARAMS_SIZE . ' queries are allowed, each ' . APP_LIMIT_ARRAY_ELEMENT_SIZE . ' characters long. You may filter on the following attributes: ' . implode(', ', Projects::ALLOWED_ATTRIBUTES), true) - ->param('search', '', new Text(256), 'Search term to filter your list results. Max length: 256 chars.', true) - ->param('total', true, new Boolean(true), 'When set to false, the total count returned will be 0 and will not be calculated.', true) - ->inject('response') - ->inject('dbForPlatform') - ->inject('team') - ->callback($this->action(...)); - } - - public function action(array $queries, string $search, bool $includeTotal, Response $response, Database $dbForPlatform, Document $team) - { - try { - $queries = Query::parseQueries($queries); - } catch (QueryException $e) { - throw new Exception(Exception::GENERAL_QUERY_INVALID, $e->getMessage()); - } - - if (!empty($search)) { - $queries[] = Query::search('search', $search); - } - - if (!$team->isEmpty()) { - $queries[] = Query::equal('teamInternalId', [$team->getSequence()]); - } - - $cursor = Query::getCursorQueries($queries, false); - $cursor = \reset($cursor); - - if ($cursor !== false) { - $validator = new Cursor(); - if (!$validator->isValid($cursor)) { - throw new Exception(Exception::GENERAL_QUERY_INVALID, $validator->getDescription()); - } - - $projectId = $cursor->getValue(); - $cursorDocument = $dbForPlatform->getDocument('projects', $projectId); - - if ($cursorDocument->isEmpty()) { - throw new Exception(Exception::GENERAL_CURSOR_NOT_FOUND, "Project '{$projectId}' for the 'cursor' value not found."); - } - - $cursor->setValue($cursorDocument); - } - - try { - $selectQueries = Query::groupByType($queries)['selections']; - $filterQueries = Query::groupByType($queries)['filters']; - - $projects = $this->find($dbForPlatform, $queries, $selectQueries); - $total = $includeTotal ? $dbForPlatform->count('projects', $filterQueries, APP_LIMIT_COUNT) : 0; - } catch (Order $e) { - throw new Exception(Exception::DATABASE_QUERY_ORDER_NULL, "The order attribute '{$e->getAttribute()}' had a null value. Cursor pagination requires all documents order attribute values are non-null."); - } - - $response->addFilter(new ListSelection($selectQueries, 'projects')); - - $response->dynamic(new Document([ - 'projects' => $projects, - 'total' => $total, - ]), Response::MODEL_PROJECT_LIST); - } - - // Build mapping of columns to their subQuery filters - private static function getAttributeToSubQueryFilters(): array - { - if (self::$attributeToSubQueryFilters !== null) { - return self::$attributeToSubQueryFilters; - } - - self::$attributeToSubQueryFilters = []; - - $collections = Config::getParam('collections', []); - $projectAttributes = $collections['platform']['projects']['attributes'] ?? []; - - foreach ($projectAttributes as $attribute) { - $attributeId = $attribute['$id'] ?? null; - $filters = $attribute['filters'] ?? []; - - if ($attributeId === null || empty($filters)) { - continue; - } - - // extract only subQuery filters - $subQueryFilters = \array_filter($filters, function ($filter) { - return \str_starts_with($filter, 'subQuery'); - }); - - if (!empty($subQueryFilters)) { - self::$attributeToSubQueryFilters[$attributeId] = \array_values($subQueryFilters); - } - } - - return self::$attributeToSubQueryFilters; - } - - private function find(Database $dbForPlatform, array $queries, array $selectQueries): array - { - if (empty($selectQueries)) { - return $dbForPlatform->find('projects', $queries); - } - - $selectedAttributes = []; - foreach ($selectQueries as $query) { - foreach ($query->getValues() as $value) { - $selectedAttributes[] = $value; - } - } - - if (\in_array('*', $selectedAttributes)) { - return $dbForPlatform->find('projects', $queries); - } - - $filtersToSkipMap = []; - $selectedAttributesMap = \array_flip($selectedAttributes); - $attributeToSubQueryFilters = self::getAttributeToSubQueryFilters(); - - foreach ($attributeToSubQueryFilters as $attributeName => $subQueryFilters) { - if (!isset($selectedAttributesMap[$attributeName])) { - foreach ($subQueryFilters as $filter) { - $filtersToSkipMap[$filter] = true; - } - } - } - - $filtersToSkip = \array_keys($filtersToSkipMap); - - return empty($filtersToSkip) - ? $dbForPlatform->find('projects', $queries) - : $dbForPlatform->skipFilters(fn () => $dbForPlatform->find('projects', $queries), $filtersToSkip); - } -} diff --git a/src/Appwrite/Platform/Modules/Projects/Services/Http.php b/src/Appwrite/Platform/Modules/Projects/Services/Http.php index 8275e664d5..b1662cef31 100644 --- a/src/Appwrite/Platform/Modules/Projects/Services/Http.php +++ b/src/Appwrite/Platform/Modules/Projects/Services/Http.php @@ -7,10 +7,7 @@ use Appwrite\Platform\Modules\Projects\Http\DevKeys\Delete as DeleteDevKey; use Appwrite\Platform\Modules\Projects\Http\DevKeys\Get as GetDevKey; use Appwrite\Platform\Modules\Projects\Http\DevKeys\Update as UpdateDevKey; use Appwrite\Platform\Modules\Projects\Http\DevKeys\XList as ListDevKeys; -use Appwrite\Platform\Modules\Projects\Http\Projects\Create as CreateProject; use Appwrite\Platform\Modules\Projects\Http\Projects\Team\Update as UpdateProjectTeam; -use Appwrite\Platform\Modules\Projects\Http\Projects\Update as UpdateProject; -use Appwrite\Platform\Modules\Projects\Http\Projects\XList as ListProjects; use Appwrite\Platform\Modules\Projects\Http\Schedules\Create as CreateSchedule; use Appwrite\Platform\Modules\Projects\Http\Schedules\Get as GetSchedule; use Appwrite\Platform\Modules\Projects\Http\Schedules\XList as ListSchedules; @@ -27,9 +24,6 @@ class Http extends Service $this->addAction(ListDevKeys::getName(), new ListDevKeys()); $this->addAction(DeleteDevKey::getName(), new DeleteDevKey()); - $this->addAction(CreateProject::getName(), new CreateProject()); - $this->addAction(UpdateProject::getName(), new UpdateProject()); - $this->addAction(ListProjects::getName(), new ListProjects()); $this->addAction(UpdateProjectTeam::getName(), new UpdateProjectTeam()); $this->addAction(CreateSchedule::getName(), new CreateSchedule()); From b524b9f9340caa35f2bc337a9ba573df0d0a134b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Matej=20Ba=C4=8Do?= Date: Thu, 14 May 2026 12:18:09 +0200 Subject: [PATCH 21/84] Fix scopes --- app/config/roles.php | 2 ++ app/config/scopes/organization.php | 4 ++-- .../Platform/Modules/Organization/Http/Projects/Create.php | 2 +- .../Platform/Modules/Organization/Http/Projects/Get.php | 2 +- .../Platform/Modules/Organization/Http/Projects/Update.php | 2 +- .../Platform/Modules/Organization/Http/Projects/XList.php | 2 +- 6 files changed, 8 insertions(+), 6 deletions(-) diff --git a/app/config/roles.php b/app/config/roles.php index cb4b178a29..fd3b9d887d 100644 --- a/app/config/roles.php +++ b/app/config/roles.php @@ -19,6 +19,7 @@ $member = [ 'files.read', 'files.write', 'projects.read', + 'organization.projects.read', 'locale.read', 'avatars.read', 'executions.read', @@ -64,6 +65,7 @@ $admins = [ 'templates.read', 'templates.write', 'projects.write', + 'organization.projects.write', 'keys.read', 'keys.write', 'devKeys.read', diff --git a/app/config/scopes/organization.php b/app/config/scopes/organization.php index 228a1437f2..f531975353 100644 --- a/app/config/scopes/organization.php +++ b/app/config/scopes/organization.php @@ -3,10 +3,10 @@ // List of scopes for organization (teams) API keys return [ - "projects.read" => [ + "organization.projects.read" => [ "description" => 'Access to read organization\'s projects', ], - "projects.write" => [ + "organization.projects.write" => [ "description" => "Access to create, update, and delete projects in organization", ], diff --git a/src/Appwrite/Platform/Modules/Organization/Http/Projects/Create.php b/src/Appwrite/Platform/Modules/Organization/Http/Projects/Create.php index aebf228380..f7cc3c4203 100644 --- a/src/Appwrite/Platform/Modules/Organization/Http/Projects/Create.php +++ b/src/Appwrite/Platform/Modules/Organization/Http/Projects/Create.php @@ -47,7 +47,7 @@ class Create extends Action ->groups(['api', 'projects']) ->label('audits.event', 'projects.create') ->label('audits.resource', 'project/{response.$id}') - ->label('scope', 'projects.write') + ->label('scope', 'organization.projects.write') ->label('sdk', new Method( namespace: 'projects', group: 'projects', diff --git a/src/Appwrite/Platform/Modules/Organization/Http/Projects/Get.php b/src/Appwrite/Platform/Modules/Organization/Http/Projects/Get.php index 012f223ae5..333d8711d6 100644 --- a/src/Appwrite/Platform/Modules/Organization/Http/Projects/Get.php +++ b/src/Appwrite/Platform/Modules/Organization/Http/Projects/Get.php @@ -28,7 +28,7 @@ class Get extends Action ->setHttpPath('/v1/organizations/:organizationId/projects/:projectId') ->desc('Get project') ->groups(['api', 'project']) - ->label('scope', 'projects.read') + ->label('scope', 'organization.projects.read') ->label('sdk', new Method( namespace: 'project', group: null, diff --git a/src/Appwrite/Platform/Modules/Organization/Http/Projects/Update.php b/src/Appwrite/Platform/Modules/Organization/Http/Projects/Update.php index 36009a9512..a21921413e 100644 --- a/src/Appwrite/Platform/Modules/Organization/Http/Projects/Update.php +++ b/src/Appwrite/Platform/Modules/Organization/Http/Projects/Update.php @@ -31,7 +31,7 @@ class Update extends Action ->httpAlias('/v1/projects/:projectId') ->desc('Update project') ->groups(['api', 'projects']) - ->label('scope', 'projects.write') + ->label('scope', 'organization.projects.write') ->label('audits.event', 'projects.update') ->label('audits.resource', 'project/{request.projectId}') ->label('sdk', new Method( diff --git a/src/Appwrite/Platform/Modules/Organization/Http/Projects/XList.php b/src/Appwrite/Platform/Modules/Organization/Http/Projects/XList.php index 837cbff9e5..646b6ec968 100644 --- a/src/Appwrite/Platform/Modules/Organization/Http/Projects/XList.php +++ b/src/Appwrite/Platform/Modules/Organization/Http/Projects/XList.php @@ -48,7 +48,7 @@ class XList extends Action ->httpAlias('/v1/projects') ->desc('List projects') ->groups(['api', 'projects']) - ->label('scope', 'projects.read') + ->label('scope', 'organization.projects.read') ->label('sdk', new Method( namespace: 'projects', group: 'projects', From 8a4a6d83d402fa8d33a9eb1e0927e2b7008e3ee1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Matej=20Ba=C4=8Do?= Date: Thu, 14 May 2026 13:06:39 +0200 Subject: [PATCH 22/84] Manual migration fixes --- .../Modules/Organization/Http/Init.php | 28 ++++++++++ .../Organization/Http/Projects/Create.php | 36 ++++--------- .../Organization/Http/Projects/Get.php | 23 ++++----- .../Organization/Http/Projects/Update.php | 51 ++++--------------- .../Organization/Http/Projects/XList.php | 29 +++-------- .../Modules/Organization/Services/Http.php | 5 ++ 6 files changed, 70 insertions(+), 102 deletions(-) create mode 100644 src/Appwrite/Platform/Modules/Organization/Http/Init.php diff --git a/src/Appwrite/Platform/Modules/Organization/Http/Init.php b/src/Appwrite/Platform/Modules/Organization/Http/Init.php new file mode 100644 index 0000000000..56eb6db3a0 --- /dev/null +++ b/src/Appwrite/Platform/Modules/Organization/Http/Init.php @@ -0,0 +1,28 @@ +setType(Action::TYPE_INIT) + ->groups(['organization']) + ->inject('team') + ->callback(function (Document $team) { + if ($team->isEmpty()) { + throw new Exception(Exception::TEAM_NOT_FOUND); + } + }); + } +} diff --git a/src/Appwrite/Platform/Modules/Organization/Http/Projects/Create.php b/src/Appwrite/Platform/Modules/Organization/Http/Projects/Create.php index f7cc3c4203..5f4575a300 100644 --- a/src/Appwrite/Platform/Modules/Organization/Http/Projects/Create.php +++ b/src/Appwrite/Platform/Modules/Organization/Http/Projects/Create.php @@ -20,7 +20,6 @@ use Utopia\Database\DateTime; use Utopia\Database\Document; use Utopia\Database\Exception\Duplicate; use Utopia\Database\Helpers\ID; -use Utopia\Database\Validator\UID; use Utopia\DSN\DSN; use Utopia\Platform\Scope\HTTP; use Utopia\Pools\Group; @@ -41,19 +40,21 @@ class Create extends Action { $this ->setHttpMethod(Action::HTTP_REQUEST_METHOD_POST) - ->setHttpPath('/v1/organizations/:organizationId/projects') + ->setHttpPath('/v1/organization/projects') ->httpAlias('/v1/projects') - ->desc('Create project') - ->groups(['api', 'projects']) + ->desc('Create organization project') + ->groups(['api', 'organization']) ->label('audits.event', 'projects.create') ->label('audits.resource', 'project/{response.$id}') ->label('scope', 'organization.projects.write') ->label('sdk', new Method( - namespace: 'projects', + namespace: 'organization', group: 'projects', - name: 'create', - description: '/docs/references/projects/create.md', - auth: [AuthType::ADMIN], + name: 'createProject', + description: <<param('organizationId', '', new UID(), 'Organization unique ID.') ->param('projectId', '', new ProjectId(), 'Unique Id. Choose a custom ID or generate a random ID with `ID.unique()`. Valid chars are a-z, and hyphen. Can\'t start with a special char. Max length is 36 chars.') ->param('name', null, new Text(128), 'Project name. Max length: 128 chars.') ->param('region', System::getEnv('_APP_REGION', 'default'), new WhiteList(array_keys(array_filter(Config::getParam('regions'), fn ($config) => !$config['disabled']))), 'Project Region.', true) - ->inject('request') ->inject('response') ->inject('dbForPlatform') ->inject('cache') @@ -75,21 +74,8 @@ class Create extends Action ->callback($this->action(...)); } - public function action(string $organizationId, string $projectId, string $name, string $region, Request $request, Response $response, Database $dbForPlatform, Cache $cache, Group $pools, Hooks $hooks, Document $team) + public function action(string $projectId, string $name, string $region, Response $response, Database $dbForPlatform, Cache $cache, Group $pools, Hooks $hooks, Document $team) { - if (empty($organizationId)) { - if ($team->isEmpty()) { - throw new Exception(Exception::TEAM_NOT_FOUND); - } - $organizationId = $team->getId(); - } - - $team = $dbForPlatform->getDocument('teams', $organizationId); - - if ($team->isEmpty()) { - throw new Exception(Exception::TEAM_NOT_FOUND); - } - $allowList = \array_filter(\explode(',', System::getEnv('_APP_PROJECT_REGIONS', ''))); if (!empty($allowList) && !\in_array($region, $allowList)) { @@ -162,7 +148,7 @@ class Create extends Action try { $project = $dbForPlatform->createDocument('projects', new Document([ '$id' => $projectId, - '$permissions' => $this->getPermissions($organizationId, $projectId), + '$permissions' => $this->getPermissions($team->getId(), $projectId), 'name' => $name, 'teamInternalId' => $team->getSequence(), 'teamId' => $team->getId(), diff --git a/src/Appwrite/Platform/Modules/Organization/Http/Projects/Get.php b/src/Appwrite/Platform/Modules/Organization/Http/Projects/Get.php index 333d8711d6..d75356704d 100644 --- a/src/Appwrite/Platform/Modules/Organization/Http/Projects/Get.php +++ b/src/Appwrite/Platform/Modules/Organization/Http/Projects/Get.php @@ -9,6 +9,7 @@ use Appwrite\SDK\Method; use Appwrite\SDK\Response as SDKResponse; use Appwrite\Utopia\Response; use Utopia\Database\Database; +use Utopia\Database\Document; use Utopia\Database\Validator\UID; use Utopia\Platform\Scope\HTTP; @@ -25,14 +26,14 @@ class Get extends Action { $this ->setHttpMethod(Action::HTTP_REQUEST_METHOD_GET) - ->setHttpPath('/v1/organizations/:organizationId/projects/:projectId') - ->desc('Get project') - ->groups(['api', 'project']) + ->setHttpPath('/v1/organization/projects/:projectId') + ->desc('Get organization project') + ->groups(['api', 'organization']) ->label('scope', 'organization.projects.read') ->label('sdk', new Method( - namespace: 'project', - group: null, - name: 'get', + namespace: 'organization', + group: 'projects', + name: 'getProject', description: <<param('organizationId', '', new UID(), 'Organization unique ID.') ->param('projectId', '', new UID(), 'Project unique ID.') ->inject('response') ->inject('dbForPlatform') + ->inject('team') ->callback($this->action(...)); } public function action( - string $organizationId, string $projectId, Response $response, Database $dbForPlatform, + Document $team, ) { - $team = $dbForPlatform->getDocument('teams', $organizationId); - - if ($team->isEmpty()) { - throw new Exception(Exception::TEAM_NOT_FOUND); - } - $project = $dbForPlatform->getDocument('projects', $projectId); if ($project->isEmpty()) { diff --git a/src/Appwrite/Platform/Modules/Organization/Http/Projects/Update.php b/src/Appwrite/Platform/Modules/Organization/Http/Projects/Update.php index a21921413e..1cb70a6aaf 100644 --- a/src/Appwrite/Platform/Modules/Organization/Http/Projects/Update.php +++ b/src/Appwrite/Platform/Modules/Organization/Http/Projects/Update.php @@ -12,7 +12,6 @@ use Utopia\Database\Document; use Utopia\Database\Validator\UID; use Utopia\Platform\Scope\HTTP; use Utopia\Validator\Text; -use Utopia\Validator\URL; class Update extends Action { @@ -27,19 +26,21 @@ class Update extends Action { $this ->setHttpMethod(Action::HTTP_REQUEST_METHOD_PATCH) - ->setHttpPath('/v1/organizations/:organizationId/projects/:projectId') + ->setHttpPath('/v1/organization/projects/:projectId') ->httpAlias('/v1/projects/:projectId') - ->desc('Update project') - ->groups(['api', 'projects']) + ->desc('Update organization project') + ->groups(['api', 'organization']) ->label('scope', 'organization.projects.write') ->label('audits.event', 'projects.update') ->label('audits.resource', 'project/{request.projectId}') ->label('sdk', new Method( - namespace: 'projects', + namespace: 'organization', group: 'projects', - name: 'update', - description: '/docs/references/projects/update.md', - auth: [AuthType::ADMIN], + name: 'updateProject', + description: <<param('organizationId', '', new UID(), 'Organization unique ID.') ->param('projectId', '', new UID(), 'Project unique ID.') ->param('name', null, new Text(128), 'Project name. Max length: 128 chars.') - ->param('description', '', new Text(256), 'Project description. Max length: 256 chars.', true) - ->param('logo', '', new Text(1024), 'Project logo.', true) - ->param('url', '', new URL(), 'Project URL.', true) - ->param('legalName', '', new Text(256), 'Project legal name. Max length: 256 chars.', true) - ->param('legalCountry', '', new Text(256), 'Project legal country. Max length: 256 chars.', true) - ->param('legalState', '', new Text(256), 'Project legal state. Max length: 256 chars.', true) - ->param('legalCity', '', new Text(256), 'Project legal city. Max length: 256 chars.', true) - ->param('legalAddress', '', new Text(256), 'Project legal address. Max length: 256 chars.', true) - ->param('legalTaxId', '', new Text(256), 'Project legal tax ID. Max length: 256 chars.', true) ->inject('response') ->inject('dbForPlatform') ->inject('team') ->callback($this->action(...)); } - public function action(string $organizationId, string $projectId, string $name, string $description, string $logo, string $url, string $legalName, string $legalCountry, string $legalState, string $legalCity, string $legalAddress, string $legalTaxId, Response $response, Database $dbForPlatform, Document $team) + public function action(string $projectId, string $name, Response $response, Database $dbForPlatform, Document $team) { - if (empty($organizationId)) { - if ($team->isEmpty()) { - throw new Exception(Exception::TEAM_NOT_FOUND); - } - $organizationId = $team->getId(); - } - - $team = $dbForPlatform->getDocument('teams', $organizationId); - - if ($team->isEmpty()) { - throw new Exception(Exception::TEAM_NOT_FOUND); - } - $project = $dbForPlatform->getDocument('projects', $projectId); if ($project->isEmpty()) { @@ -92,15 +70,6 @@ class Update extends Action $project = $dbForPlatform->updateDocument('projects', $project->getId(), new Document([ 'name' => $name, - 'description' => $description, - 'logo' => $logo, - 'url' => $url, - 'legalName' => $legalName, - 'legalCountry' => $legalCountry, - 'legalState' => $legalState, - 'legalCity' => $legalCity, - 'legalAddress' => $legalAddress, - 'legalTaxId' => $legalTaxId, 'search' => implode(' ', [$projectId, $name]), ])); diff --git a/src/Appwrite/Platform/Modules/Organization/Http/Projects/XList.php b/src/Appwrite/Platform/Modules/Organization/Http/Projects/XList.php index 646b6ec968..2c2b480ef5 100644 --- a/src/Appwrite/Platform/Modules/Organization/Http/Projects/XList.php +++ b/src/Appwrite/Platform/Modules/Organization/Http/Projects/XList.php @@ -17,7 +17,6 @@ use Utopia\Database\Exception\Order; use Utopia\Database\Exception\Query as QueryException; use Utopia\Database\Query; use Utopia\Database\Validator\Query\Cursor; -use Utopia\Database\Validator\UID; use Utopia\Platform\Scope\HTTP; use Utopia\Validator; use Utopia\Validator\Boolean; @@ -44,19 +43,19 @@ class XList extends Action { $this ->setHttpMethod(Action::HTTP_REQUEST_METHOD_GET) - ->setHttpPath('/v1/organizations/:organizationId/projects') + ->setHttpPath('/v1/organization/projects') ->httpAlias('/v1/projects') - ->desc('List projects') - ->groups(['api', 'projects']) + ->desc('List organization projects') + ->groups(['api', 'organization']) ->label('scope', 'organization.projects.read') ->label('sdk', new Method( - namespace: 'projects', + namespace: 'organization', group: 'projects', - name: 'list', + name: 'listProjects', description: <<param('organizationId', '', new UID(), 'Organization unique ID.') ->param('queries', [], $this->getQueriesValidator(), 'Array of query strings generated using the Query class provided by the SDK. [Learn more about queries](https://appwrite.io/docs/queries). Maximum of ' . APP_LIMIT_ARRAY_PARAMS_SIZE . ' queries are allowed, each ' . APP_LIMIT_ARRAY_ELEMENT_SIZE . ' characters long. You may filter on the following attributes: ' . implode(', ', Projects::ALLOWED_ATTRIBUTES), true) ->param('search', '', new Text(256), 'Search term to filter your list results. Max length: 256 chars.', true) ->param('total', true, new Boolean(true), 'When set to false, the total count returned will be 0 and will not be calculated.', true) @@ -75,21 +73,8 @@ class XList extends Action ->callback($this->action(...)); } - public function action(string $organizationId, array $queries, string $search, bool $includeTotal, Response $response, Database $dbForPlatform, Document $team) + public function action(array $queries, string $search, bool $includeTotal, Response $response, Database $dbForPlatform, Document $team) { - if (empty($organizationId)) { - if ($team->isEmpty()) { - throw new Exception(Exception::TEAM_NOT_FOUND); - } - $organizationId = $team->getId(); - } - - $team = $dbForPlatform->getDocument('teams', $organizationId); - - if ($team->isEmpty()) { - throw new Exception(Exception::TEAM_NOT_FOUND); - } - try { $queries = Query::parseQueries($queries); } catch (QueryException $e) { diff --git a/src/Appwrite/Platform/Modules/Organization/Services/Http.php b/src/Appwrite/Platform/Modules/Organization/Services/Http.php index 030bff9fac..4a7cd69220 100644 --- a/src/Appwrite/Platform/Modules/Organization/Services/Http.php +++ b/src/Appwrite/Platform/Modules/Organization/Services/Http.php @@ -2,6 +2,7 @@ namespace Appwrite\Platform\Modules\Organization\Services; +use Appwrite\Platform\Modules\Organization\Http\Init as Init; use Appwrite\Platform\Modules\Organization\Http\Projects\Create as CreateProject; use Appwrite\Platform\Modules\Organization\Http\Projects\Get as GetProject; use Appwrite\Platform\Modules\Organization\Http\Projects\Update as UpdateProject; @@ -14,6 +15,10 @@ class Http extends Service { $this->type = Service::TYPE_HTTP; + // Init hook + $this->addAction(Init::getName(), new Init()); + + // Projects $this->addAction(CreateProject::getName(), new CreateProject()); $this->addAction(ListProjects::getName(), new ListProjects()); $this->addAction(GetProject::getName(), new GetProject()); From 94274381ff9b36db54474fccf77977e919b7a949 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Matej=20Ba=C4=8Do?= Date: Thu, 14 May 2026 13:52:25 +0200 Subject: [PATCH 23/84] agentic migration fixes --- .../Modules/Organization/Http/Projects/Create.php | 4 +++- .../Modules/Organization/Http/Projects/Get.php | 4 +++- .../Modules/Organization/Http/Projects/Update.php | 10 +++++++--- .../Modules/Organization/Http/Projects/XList.php | 10 ++++++---- 4 files changed, 19 insertions(+), 9 deletions(-) diff --git a/src/Appwrite/Platform/Modules/Organization/Http/Projects/Create.php b/src/Appwrite/Platform/Modules/Organization/Http/Projects/Create.php index 5f4575a300..9962289343 100644 --- a/src/Appwrite/Platform/Modules/Organization/Http/Projects/Create.php +++ b/src/Appwrite/Platform/Modules/Organization/Http/Projects/Create.php @@ -5,6 +5,7 @@ namespace Appwrite\Platform\Modules\Organization\Http\Projects; use Appwrite\Extend\Exception; use Appwrite\Hooks\Hooks; use Appwrite\SDK\AuthType; +use Appwrite\SDK\ContentType; use Appwrite\SDK\Method; use Appwrite\SDK\Response as SDKResponse; use Appwrite\Utopia\Database\Validator\ProjectId; @@ -60,7 +61,8 @@ class Create extends Action code: Response::STATUS_CODE_CREATED, model: Response::MODEL_PROJECT, ) - ] + ], + contentType: ContentType::JSON )) ->param('projectId', '', new ProjectId(), 'Unique Id. Choose a custom ID or generate a random ID with `ID.unique()`. Valid chars are a-z, and hyphen. Can\'t start with a special char. Max length is 36 chars.') ->param('name', null, new Text(128), 'Project name. Max length: 128 chars.') diff --git a/src/Appwrite/Platform/Modules/Organization/Http/Projects/Get.php b/src/Appwrite/Platform/Modules/Organization/Http/Projects/Get.php index d75356704d..a85eb8fb15 100644 --- a/src/Appwrite/Platform/Modules/Organization/Http/Projects/Get.php +++ b/src/Appwrite/Platform/Modules/Organization/Http/Projects/Get.php @@ -69,6 +69,8 @@ class Get extends Action throw new Exception(Exception::PROJECT_NOT_FOUND); } - $response->dynamic($project, Response::MODEL_PROJECT); + $response + ->setStatusCode(Response::STATUS_CODE_OK) + ->dynamic($project, Response::MODEL_PROJECT); } } diff --git a/src/Appwrite/Platform/Modules/Organization/Http/Projects/Update.php b/src/Appwrite/Platform/Modules/Organization/Http/Projects/Update.php index 1cb70a6aaf..9415374044 100644 --- a/src/Appwrite/Platform/Modules/Organization/Http/Projects/Update.php +++ b/src/Appwrite/Platform/Modules/Organization/Http/Projects/Update.php @@ -4,6 +4,7 @@ namespace Appwrite\Platform\Modules\Organization\Http\Projects; use Appwrite\Extend\Exception; use Appwrite\SDK\AuthType; +use Appwrite\SDK\ContentType; use Appwrite\SDK\Method; use Appwrite\SDK\Response as SDKResponse; use Appwrite\Utopia\Response; @@ -32,7 +33,7 @@ class Update extends Action ->groups(['api', 'organization']) ->label('scope', 'organization.projects.write') ->label('audits.event', 'projects.update') - ->label('audits.resource', 'project/{request.projectId}') + ->label('audits.resource', 'project/{response.$id}') ->label('sdk', new Method( namespace: 'organization', group: 'projects', @@ -46,7 +47,8 @@ class Update extends Action code: Response::STATUS_CODE_OK, model: Response::MODEL_PROJECT, ) - ] + ], + contentType: ContentType::JSON )) ->param('projectId', '', new UID(), 'Project unique ID.') ->param('name', null, new Text(128), 'Project name. Max length: 128 chars.') @@ -73,6 +75,8 @@ class Update extends Action 'search' => implode(' ', [$projectId, $name]), ])); - $response->dynamic($project, Response::MODEL_PROJECT); + $response + ->setStatusCode(Response::STATUS_CODE_OK) + ->dynamic($project, Response::MODEL_PROJECT); } } diff --git a/src/Appwrite/Platform/Modules/Organization/Http/Projects/XList.php b/src/Appwrite/Platform/Modules/Organization/Http/Projects/XList.php index 2c2b480ef5..6f04222a69 100644 --- a/src/Appwrite/Platform/Modules/Organization/Http/Projects/XList.php +++ b/src/Appwrite/Platform/Modules/Organization/Http/Projects/XList.php @@ -118,10 +118,12 @@ class XList extends Action $response->addFilter(new ListSelection($selectQueries, 'projects')); - $response->dynamic(new Document([ - 'projects' => $projects, - 'total' => $total, - ]), Response::MODEL_PROJECT_LIST); + $response + ->setStatusCode(Response::STATUS_CODE_OK) + ->dynamic(new Document([ + 'projects' => $projects, + 'total' => $total, + ]), Response::MODEL_PROJECT_LIST); } // Build mapping of columns to their subQuery filters From aaa870e65637f816a46d5b44f23741e1d9468c3f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Matej=20Ba=C4=8Do?= Date: Thu, 14 May 2026 13:52:34 +0200 Subject: [PATCH 24/84] Formatting fixes --- .../Platform/Modules/Organization/Http/Projects/Create.php | 1 - 1 file changed, 1 deletion(-) diff --git a/src/Appwrite/Platform/Modules/Organization/Http/Projects/Create.php b/src/Appwrite/Platform/Modules/Organization/Http/Projects/Create.php index 9962289343..d6f12c4f41 100644 --- a/src/Appwrite/Platform/Modules/Organization/Http/Projects/Create.php +++ b/src/Appwrite/Platform/Modules/Organization/Http/Projects/Create.php @@ -9,7 +9,6 @@ use Appwrite\SDK\ContentType; use Appwrite\SDK\Method; use Appwrite\SDK\Response as SDKResponse; use Appwrite\Utopia\Database\Validator\ProjectId; -use Appwrite\Utopia\Request; use Appwrite\Utopia\Response; use Utopia\Audit\Adapter\Database as AdapterDatabase; use Utopia\Audit\Audit; From b618bf13538fb975c5da10aaa17c5601504c2acf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Matej=20Ba=C4=8Do?= Date: Thu, 14 May 2026 17:26:08 +0200 Subject: [PATCH 25/84] Fix inability to CRUD projects --- app/init/resources/request.php | 57 ++++++++++++++++++++++++++++++++-- 1 file changed, 54 insertions(+), 3 deletions(-) diff --git a/app/init/resources/request.php b/app/init/resources/request.php index 68f5968519..68a8af3605 100644 --- a/app/init/resources/request.php +++ b/app/init/resources/request.php @@ -1,5 +1,6 @@ set('team', function (Document $project, Database $dbForPlatform, Http $utopia, Request $request, Authorization $authorization) { + $context->set('team', function (Document $project, Database $dbForPlatform, Http $utopia, Request $request, Authorization $authorization, Document $user) { $teamInternalId = ''; if ($project->getId() !== 'console') { $teamInternalId = $project->getAttribute('teamInternalId', ''); @@ -1100,7 +1103,55 @@ return function (Container $context): void { $route = $utopia->match($request); $path = ! empty($route) ? $route->getPath() : $request->getURI(); $orgHeader = $request->getHeader('x-appwrite-organization', ''); - if (str_starts_with($path, '/v1/projects/:projectId')) { + + // Backwards compatibility: /v1/organitation/projects acting as /v1/projects + if (\str_starts_with($path, '/v1/organization/projects')) { + // Backwards compatibility: Take from payload param + $teamId = $request->getParam('organizationId', $request->getParam('teamId', '')); + + // Backawrds compatibility: Get from URL param project ID + if (empty($teamId)) { + $projectId = \explode('/', $request->getURI())[4] ?? ''; + if (!empty($projectId)) { + $urlProject = $authorization->skip(fn () => $dbForPlatform->getDocument('projects', $projectId)); + $teamId = $urlProject->getAttribute('teamId', ''); + } + } + + // Backwards compatibility: Get from queries param + if (empty($teamId)) { + $queries = $request->getParam('queries', []); + $queries = \is_array($queries) ? $queries : [$queries]; + + try { + $queries = Query::parseQueries($queries); + $queries = Query::getByType($queries, [Query::TYPE_EQUAL]); + + foreach ($queries as $query) { + if ($query->getAttribute() === 'teamId') { + $teamId = $query->getValues()[0] ?? ''; + break; + } + } + } catch (QueryException $e) { + // Ignore, do not parse from queries + } + } + + // Backwards compatibility: We cannot have organization project API call without organitation, take first one + if (empty($teamId)) { + if (!$user->isEmpty()) { + $teamId = ($user->getAttribute('memberships', [])[0] ?? new Document())->getAttribute('teamId', ''); + } + } + + if (!empty($teamId)) { + $team = $authorization->skip(function () use ($dbForPlatform, $teamId) { + return $dbForPlatform->getDocument('teams', $teamId); + }); + return $team; + } + } elseif (str_starts_with($path, '/v1/projects/:projectId')) { $uri = $request->getURI(); $pid = explode('/', $uri)[3]; $p = $authorization->skip(fn () => $dbForPlatform->getDocument('projects', $pid)); @@ -1133,7 +1184,7 @@ return function (Container $context): void { }); return $team; - }, ['project', 'dbForPlatform', 'utopia', 'request', 'authorization']); + }, ['project', 'dbForPlatform', 'utopia', 'request', 'authorization', 'user']); $context->set('previewHostname', function (Request $request, ?Key $apiKey) { $allowed = false; From 2a82604a2b8a20a6f6143ebc40acbeb641acdb57 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Matej=20Ba=C4=8Do?= Date: Thu, 14 May 2026 17:36:03 +0200 Subject: [PATCH 26/84] Better backwards compatibility for project creation --- .../Platform/Modules/Organization/Http/Projects/Create.php | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/Appwrite/Platform/Modules/Organization/Http/Projects/Create.php b/src/Appwrite/Platform/Modules/Organization/Http/Projects/Create.php index d6f12c4f41..28f74302e2 100644 --- a/src/Appwrite/Platform/Modules/Organization/Http/Projects/Create.php +++ b/src/Appwrite/Platform/Modules/Organization/Http/Projects/Create.php @@ -20,6 +20,7 @@ use Utopia\Database\DateTime; use Utopia\Database\Document; use Utopia\Database\Exception\Duplicate; use Utopia\Database\Helpers\ID; +use Utopia\Database\Validator\UID; use Utopia\DSN\DSN; use Utopia\Platform\Scope\HTTP; use Utopia\Pools\Group; @@ -66,6 +67,7 @@ class Create extends Action ->param('projectId', '', new ProjectId(), 'Unique Id. Choose a custom ID or generate a random ID with `ID.unique()`. Valid chars are a-z, and hyphen. Can\'t start with a special char. Max length is 36 chars.') ->param('name', null, new Text(128), 'Project name. Max length: 128 chars.') ->param('region', System::getEnv('_APP_REGION', 'default'), new WhiteList(array_keys(array_filter(Config::getParam('regions'), fn ($config) => !$config['disabled']))), 'Project Region.', true) + ->param('teamId', '', new UID(), 'Team unique ID.', deprecated: true) // Backwards compatibility ->inject('response') ->inject('dbForPlatform') ->inject('cache') @@ -75,7 +77,8 @@ class Create extends Action ->callback($this->action(...)); } - public function action(string $projectId, string $name, string $region, Response $response, Database $dbForPlatform, Cache $cache, Group $pools, Hooks $hooks, Document $team) + // teamId intentionally unused; used by resource for backwards compatibility + public function action(string $projectId, string $name, string $region, string $teamId, Response $response, Database $dbForPlatform, Cache $cache, Group $pools, Hooks $hooks, Document $team) { $allowList = \array_filter(\explode(',', System::getEnv('_APP_PROJECT_REGIONS', ''))); From 18380a679dc72405b62974bee3c7b35bda08dc04 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Matej=20Ba=C4=8Do?= Date: Thu, 14 May 2026 17:46:13 +0200 Subject: [PATCH 27/84] Fix backwards compatibility --- app/config/roles.php | 2 -- app/config/scopes/organization.php | 14 ++++++++++---- .../Modules/Organization/Http/Projects/Create.php | 2 +- .../Modules/Organization/Http/Projects/Get.php | 2 +- .../Modules/Organization/Http/Projects/Update.php | 2 +- .../Modules/Organization/Http/Projects/XList.php | 2 +- 6 files changed, 14 insertions(+), 10 deletions(-) diff --git a/app/config/roles.php b/app/config/roles.php index fd3b9d887d..cb4b178a29 100644 --- a/app/config/roles.php +++ b/app/config/roles.php @@ -19,7 +19,6 @@ $member = [ 'files.read', 'files.write', 'projects.read', - 'organization.projects.read', 'locale.read', 'avatars.read', 'executions.read', @@ -65,7 +64,6 @@ $admins = [ 'templates.read', 'templates.write', 'projects.write', - 'organization.projects.write', 'keys.read', 'keys.write', 'devKeys.read', diff --git a/app/config/scopes/organization.php b/app/config/scopes/organization.php index f531975353..0486d02c8d 100644 --- a/app/config/scopes/organization.php +++ b/app/config/scopes/organization.php @@ -3,18 +3,24 @@ // List of scopes for organization (teams) API keys return [ - "organization.projects.read" => [ - "description" => 'Access to read organization\'s projects', + "projects.read" => [ + "description" => 'Access to read organization projects.', + 'category' => 'Projects' ], - "organization.projects.write" => [ + "projects.write" => [ "description" => - "Access to create, update, and delete projects in organization", + "Access to create, update, and delete organization projects.", + 'category' => 'Projects' ], "devKeys.read" => [ "description" => 'Access to read project\'s development keys', + 'deprecated' => true, + 'category' => 'Other' ], "devKeys.write" => [ "description" => "Access to create, update, and delete project\'s development keys", + 'deprecated' => true, + 'category' => 'Other' ], ]; diff --git a/src/Appwrite/Platform/Modules/Organization/Http/Projects/Create.php b/src/Appwrite/Platform/Modules/Organization/Http/Projects/Create.php index 28f74302e2..c84fa80381 100644 --- a/src/Appwrite/Platform/Modules/Organization/Http/Projects/Create.php +++ b/src/Appwrite/Platform/Modules/Organization/Http/Projects/Create.php @@ -47,7 +47,7 @@ class Create extends Action ->groups(['api', 'organization']) ->label('audits.event', 'projects.create') ->label('audits.resource', 'project/{response.$id}') - ->label('scope', 'organization.projects.write') + ->label('scope', 'projects.write') ->label('sdk', new Method( namespace: 'organization', group: 'projects', diff --git a/src/Appwrite/Platform/Modules/Organization/Http/Projects/Get.php b/src/Appwrite/Platform/Modules/Organization/Http/Projects/Get.php index a85eb8fb15..37f2dd417a 100644 --- a/src/Appwrite/Platform/Modules/Organization/Http/Projects/Get.php +++ b/src/Appwrite/Platform/Modules/Organization/Http/Projects/Get.php @@ -29,7 +29,7 @@ class Get extends Action ->setHttpPath('/v1/organization/projects/:projectId') ->desc('Get organization project') ->groups(['api', 'organization']) - ->label('scope', 'organization.projects.read') + ->label('scope', 'projects.read') ->label('sdk', new Method( namespace: 'organization', group: 'projects', diff --git a/src/Appwrite/Platform/Modules/Organization/Http/Projects/Update.php b/src/Appwrite/Platform/Modules/Organization/Http/Projects/Update.php index 9415374044..9188060639 100644 --- a/src/Appwrite/Platform/Modules/Organization/Http/Projects/Update.php +++ b/src/Appwrite/Platform/Modules/Organization/Http/Projects/Update.php @@ -31,7 +31,7 @@ class Update extends Action ->httpAlias('/v1/projects/:projectId') ->desc('Update organization project') ->groups(['api', 'organization']) - ->label('scope', 'organization.projects.write') + ->label('scope', 'projects.write') ->label('audits.event', 'projects.update') ->label('audits.resource', 'project/{response.$id}') ->label('sdk', new Method( diff --git a/src/Appwrite/Platform/Modules/Organization/Http/Projects/XList.php b/src/Appwrite/Platform/Modules/Organization/Http/Projects/XList.php index 6f04222a69..5b223904d6 100644 --- a/src/Appwrite/Platform/Modules/Organization/Http/Projects/XList.php +++ b/src/Appwrite/Platform/Modules/Organization/Http/Projects/XList.php @@ -47,7 +47,7 @@ class XList extends Action ->httpAlias('/v1/projects') ->desc('List organization projects') ->groups(['api', 'organization']) - ->label('scope', 'organization.projects.read') + ->label('scope', 'projects.read') ->label('sdk', new Method( namespace: 'organization', group: 'projects', From f37e091b770be141e1728dafa60aee45f3f276e4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Matej=20Ba=C4=8Do?= Date: Thu, 14 May 2026 17:50:36 +0200 Subject: [PATCH 28/84] Fix specs generation --- app/init/models.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/init/models.php b/app/init/models.php index 521a3b77cd..b63051514c 100644 --- a/app/init/models.php +++ b/app/init/models.php @@ -263,7 +263,7 @@ Response::setModel(new BaseList('Frameworks List', Response::MODEL_FRAMEWORK_LIS Response::setModel(new BaseList('Runtimes List', Response::MODEL_RUNTIME_LIST, 'runtimes', Response::MODEL_RUNTIME)); Response::setModel(new BaseList('Deployments List', Response::MODEL_DEPLOYMENT_LIST, 'deployments', Response::MODEL_DEPLOYMENT)); Response::setModel(new BaseList('Executions List', Response::MODEL_EXECUTION_LIST, 'executions', Response::MODEL_EXECUTION)); -Response::setModel(new BaseList('Projects List', Response::MODEL_PROJECT_LIST, 'projects', Response::MODEL_PROJECT, true, false)); +Response::setModel(new BaseList('Projects List', Response::MODEL_PROJECT_LIST, 'projects', Response::MODEL_PROJECT, true, true)); Response::setModel(new BaseList('Webhooks List', Response::MODEL_WEBHOOK_LIST, 'webhooks', Response::MODEL_WEBHOOK, true, true)); Response::setModel(new BaseList('API Keys List', Response::MODEL_KEY_LIST, 'keys', Response::MODEL_KEY, true, true)); Response::setModel(new BaseList('Dev Keys List', Response::MODEL_DEV_KEY_LIST, 'devKeys', Response::MODEL_DEV_KEY, true, false)); From bb25a36cf555a90da5caac4f56567e5fac8cd169 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Matej=20Ba=C4=8Do?= Date: Thu, 14 May 2026 17:53:03 +0200 Subject: [PATCH 29/84] Fix project creation 401 expectation tests --- app/init/resources/request.php | 7 ------- .../Platform/Modules/Organization/Http/Projects/Create.php | 2 +- 2 files changed, 1 insertion(+), 8 deletions(-) diff --git a/app/init/resources/request.php b/app/init/resources/request.php index 68a8af3605..6db371b8c3 100644 --- a/app/init/resources/request.php +++ b/app/init/resources/request.php @@ -1138,13 +1138,6 @@ return function (Container $context): void { } } - // Backwards compatibility: We cannot have organization project API call without organitation, take first one - if (empty($teamId)) { - if (!$user->isEmpty()) { - $teamId = ($user->getAttribute('memberships', [])[0] ?? new Document())->getAttribute('teamId', ''); - } - } - if (!empty($teamId)) { $team = $authorization->skip(function () use ($dbForPlatform, $teamId) { return $dbForPlatform->getDocument('teams', $teamId); diff --git a/src/Appwrite/Platform/Modules/Organization/Http/Projects/Create.php b/src/Appwrite/Platform/Modules/Organization/Http/Projects/Create.php index c84fa80381..88a17cdd7a 100644 --- a/src/Appwrite/Platform/Modules/Organization/Http/Projects/Create.php +++ b/src/Appwrite/Platform/Modules/Organization/Http/Projects/Create.php @@ -67,7 +67,7 @@ class Create extends Action ->param('projectId', '', new ProjectId(), 'Unique Id. Choose a custom ID or generate a random ID with `ID.unique()`. Valid chars are a-z, and hyphen. Can\'t start with a special char. Max length is 36 chars.') ->param('name', null, new Text(128), 'Project name. Max length: 128 chars.') ->param('region', System::getEnv('_APP_REGION', 'default'), new WhiteList(array_keys(array_filter(Config::getParam('regions'), fn ($config) => !$config['disabled']))), 'Project Region.', true) - ->param('teamId', '', new UID(), 'Team unique ID.', deprecated: true) // Backwards compatibility + ->param('teamId', '', new UID(), 'Team unique ID.', deprecated: true, optional: true) // Backwards compatibility ->inject('response') ->inject('dbForPlatform') ->inject('cache') From 176d59e7c9ec7bc1c01e95d4936613efd1e27cda Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Matej=20Ba=C4=8Do?= Date: Thu, 14 May 2026 18:02:20 +0200 Subject: [PATCH 30/84] Fix broken test after breaking change List ALL projects no longer exists - we now have list project per organization --- .../Services/Projects/ProjectsConsoleClientTest.php | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/tests/e2e/Services/Projects/ProjectsConsoleClientTest.php b/tests/e2e/Services/Projects/ProjectsConsoleClientTest.php index aa5e6911f1..632636370d 100644 --- a/tests/e2e/Services/Projects/ProjectsConsoleClientTest.php +++ b/tests/e2e/Services/Projects/ProjectsConsoleClientTest.php @@ -354,6 +354,16 @@ class ProjectsConsoleClientTest extends Scope 'x-appwrite-response-format' => '1.9.4', ], $this->getHeaders())); + $this->assertEquals(404, $response['headers']['status-code']); + + + $response = $this->client->call(Client::METHOD_GET, '/projects', array_merge([ + 'content-type' => 'application/json', + 'x-appwrite-project' => $this->getProject()['$id'], + 'x-appwrite-response-format' => '1.9.4', + 'x-appwrite-organization' => $data['teamId'], + ], $this->getHeaders())); + $this->assertEquals(200, $response['headers']['status-code']); $this->assertNotEmpty($response['body']); $this->assertGreaterThan(0, count($response['body']['projects'])); @@ -564,6 +574,7 @@ class ProjectsConsoleClientTest extends Scope 'content-type' => 'application/json', 'x-appwrite-project' => $this->getProject()['$id'], 'x-appwrite-response-format' => '1.9.4', + 'x-appwrite-organization' => $teamId, ], $this->getHeaders()), [ 'queries' => [ Query::select(['$id', 'name'])->toString(), @@ -7041,6 +7052,7 @@ class ProjectsConsoleClientTest extends Scope 'content-type' => 'application/json', 'x-appwrite-project' => $this->getProject()['$id'], 'x-appwrite-response-format' => '1.9.4', + 'x-appwrite-organization' => $teamId, ], $this->getHeaders()), [ 'queries' => [ Query::contains('labels', ['nonvip'])->toString(), @@ -7273,6 +7285,7 @@ class ProjectsConsoleClientTest extends Scope 'x-appwrite-project' => $this->getProject()['$id'], 'x-appwrite-response-format' => '1.9.4', 'cookie' => 'a_session_' . $this->getProject()['$id'] . '=' . $token, + 'x-appwrite-organization' => $teamId, ]); $this->assertEquals(200, $response['headers']['status-code']); From f40c7d415cb63d172ab23bf34d181a5a07b8b943 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Matej=20Ba=C4=8Do?= Date: Thu, 14 May 2026 18:26:47 +0200 Subject: [PATCH 31/84] Prioritize org id header --- app/init/resources/request.php | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/app/init/resources/request.php b/app/init/resources/request.php index 6db371b8c3..e1409d6412 100644 --- a/app/init/resources/request.php +++ b/app/init/resources/request.php @@ -1104,6 +1104,11 @@ return function (Container $context): void { $path = ! empty($route) ? $route->getPath() : $request->getURI(); $orgHeader = $request->getHeader('x-appwrite-organization', ''); + // Prioritx #1: If org ID header present, respect it + if (!empty($orgHeader)) { + return $authorization->skip(fn () => $dbForPlatform->getDocument('teams', $orgHeader)); + } + // Backwards compatibility: /v1/organitation/projects acting as /v1/projects if (\str_starts_with($path, '/v1/organization/projects')) { // Backwards compatibility: Take from payload param @@ -1159,8 +1164,6 @@ return function (Container $context): void { $team = $authorization->skip(fn () => $dbForPlatform->getDocument('teams', $teamId)); return $team; - } elseif (! empty($orgHeader)) { - return $authorization->skip(fn () => $dbForPlatform->getDocument('teams', $orgHeader)); } } From 3596662fec7121401d4043f2fa09b72567a14a64 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Matej=20Ba=C4=8Do?= Date: Thu, 14 May 2026 18:42:30 +0200 Subject: [PATCH 32/84] Update more tests --- .../Services/Projects/ProjectsConsoleClientTest.php | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/tests/e2e/Services/Projects/ProjectsConsoleClientTest.php b/tests/e2e/Services/Projects/ProjectsConsoleClientTest.php index 632636370d..74d7dfcae2 100644 --- a/tests/e2e/Services/Projects/ProjectsConsoleClientTest.php +++ b/tests/e2e/Services/Projects/ProjectsConsoleClientTest.php @@ -375,6 +375,7 @@ class ProjectsConsoleClientTest extends Scope 'content-type' => 'application/json', 'x-appwrite-project' => $this->getProject()['$id'], 'x-appwrite-response-format' => '1.9.4', + 'x-appwrite-organization' => $data['teamId'], ], $this->getHeaders(), [ 'search' => $id ])); @@ -387,6 +388,7 @@ class ProjectsConsoleClientTest extends Scope 'content-type' => 'application/json', 'x-appwrite-project' => $this->getProject()['$id'], 'x-appwrite-response-format' => '1.9.4', + 'x-appwrite-organization' => $data['teamId'], ], $this->getHeaders(), [ 'search' => 'Project Test' ])); @@ -604,7 +606,8 @@ class ProjectsConsoleClientTest extends Scope $response = $this->client->call(Client::METHOD_GET, '/projects', array_merge([ 'content-type' => 'application/json', 'x-appwrite-project' => $this->getProject()['$id'], - 'x-appwrite-response-format' => '1.9.4' + 'x-appwrite-response-format' => '1.9.4', + 'x-appwrite-organization' => $data['teamId'], ], $this->getHeaders()), [ 'queries' => [ Query::select(['$id', 'name', 'teamId', 'description', '$createdAt', '$updatedAt'])->toString(), @@ -7066,6 +7069,7 @@ class ProjectsConsoleClientTest extends Scope 'content-type' => 'application/json', 'x-appwrite-project' => $this->getProject()['$id'], 'x-appwrite-response-format' => '1.9.4', + 'x-appwrite-organization' => $teamId, ], $this->getHeaders()), [ 'queries' => [ Query::contains('labels', ['vip'])->toString(), @@ -7078,6 +7082,7 @@ class ProjectsConsoleClientTest extends Scope 'content-type' => 'application/json', 'x-appwrite-project' => $this->getProject()['$id'], 'x-appwrite-response-format' => '1.9.4', + 'x-appwrite-organization' => $teamId, ], $this->getHeaders()), [ 'queries' => [ Query::contains('labels', ['imagine'])->toString(), @@ -7091,6 +7096,7 @@ class ProjectsConsoleClientTest extends Scope 'content-type' => 'application/json', 'x-appwrite-project' => $this->getProject()['$id'], 'x-appwrite-response-format' => '1.9.4', + 'x-appwrite-organization' => $teamId, ], $this->getHeaders()), [ 'queries' => [ Query::contains('labels', ['nonvip', 'imagine'])->toString(), @@ -7105,6 +7111,7 @@ class ProjectsConsoleClientTest extends Scope 'content-type' => 'application/json', 'x-appwrite-project' => $this->getProject()['$id'], 'x-appwrite-response-format' => '1.9.4', + 'x-appwrite-organization' => $teamId, ], $this->getHeaders()), [ 'projectId' => ID::unique(), 'name' => 'Test project - Labels 2', @@ -7134,6 +7141,7 @@ class ProjectsConsoleClientTest extends Scope 'content-type' => 'application/json', 'x-appwrite-project' => $this->getProject()['$id'], 'x-appwrite-response-format' => '1.9.4', + 'x-appwrite-organization' => $teamId, ], $this->getHeaders()), [ 'queries' => [ Query::contains('labels', ['imagine'])->toString(), @@ -7149,6 +7157,7 @@ class ProjectsConsoleClientTest extends Scope 'content-type' => 'application/json', 'x-appwrite-project' => $this->getProject()['$id'], 'x-appwrite-response-format' => '1.9.4', + 'x-appwrite-organization' => $teamId, ], $this->getHeaders()), [ 'queries' => [ Query::contains('labels', ['vip'])->toString(), @@ -7163,6 +7172,7 @@ class ProjectsConsoleClientTest extends Scope 'content-type' => 'application/json', 'x-appwrite-project' => $this->getProject()['$id'], 'x-appwrite-response-format' => '1.9.4', + 'x-appwrite-organization' => $teamId, ], $this->getHeaders()), [ 'queries' => [ Query::contains('labels', ['vip'])->toString(), @@ -7178,6 +7188,7 @@ class ProjectsConsoleClientTest extends Scope 'content-type' => 'application/json', 'x-appwrite-project' => $this->getProject()['$id'], 'x-appwrite-response-format' => '1.9.4', + 'x-appwrite-organization' => $teamId, ], $this->getHeaders()), [ 'queries' => [ Query::contains('labels', ['vip', 'imagine'])->toString(), From d7e29a4daeab79c2761df2953e3665e1e8bbbb52 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Matej=20Ba=C4=8Do?= Date: Thu, 14 May 2026 19:03:14 +0200 Subject: [PATCH 33/84] fix more tests --- .../Projects/ProjectsConsoleClientTest.php | 24 +++++++++++++++++-- 1 file changed, 22 insertions(+), 2 deletions(-) diff --git a/tests/e2e/Services/Projects/ProjectsConsoleClientTest.php b/tests/e2e/Services/Projects/ProjectsConsoleClientTest.php index 74d7dfcae2..90546e1569 100644 --- a/tests/e2e/Services/Projects/ProjectsConsoleClientTest.php +++ b/tests/e2e/Services/Projects/ProjectsConsoleClientTest.php @@ -435,6 +435,7 @@ class ProjectsConsoleClientTest extends Scope 'content-type' => 'application/json', 'x-appwrite-project' => $this->getProject()['$id'], 'x-appwrite-response-format' => '1.9.4', + 'x-appwrite-organization' => $team['body']['$id'], ], $this->getHeaders()), [ 'queries' => [ Query::equal('teamId', [$team['body']['$id']])->toString(), @@ -450,6 +451,7 @@ class ProjectsConsoleClientTest extends Scope 'content-type' => 'application/json', 'x-appwrite-project' => $this->getProject()['$id'], 'x-appwrite-response-format' => '1.9.4', + 'x-appwrite-organization' => $team['body']['$id'], ], $this->getHeaders()), [ 'queries' => [ Query::limit(1)->toString(), @@ -464,6 +466,7 @@ class ProjectsConsoleClientTest extends Scope 'content-type' => 'application/json', 'x-appwrite-project' => $this->getProject()['$id'], 'x-appwrite-response-format' => '1.9.4', + 'x-appwrite-organization' => $team['body']['$id'], ], $this->getHeaders()), [ 'queries' => [ Query::offset(1)->toString(), @@ -477,6 +480,7 @@ class ProjectsConsoleClientTest extends Scope 'content-type' => 'application/json', 'x-appwrite-project' => $this->getProject()['$id'], 'x-appwrite-response-format' => '1.9.4', + 'x-appwrite-organization' => $team['body']['$id'], ], $this->getHeaders()), [ 'queries' => [ Query::equal('name', ['Project Test 2'])->toString(), @@ -492,6 +496,7 @@ class ProjectsConsoleClientTest extends Scope 'content-type' => 'application/json', 'x-appwrite-project' => $this->getProject()['$id'], 'x-appwrite-response-format' => '1.9.4', + 'x-appwrite-organization' => $team['body']['$id'], ], $this->getHeaders()), [ 'queries' => [ Query::orderDesc()->toString(), @@ -506,6 +511,7 @@ class ProjectsConsoleClientTest extends Scope 'content-type' => 'application/json', 'x-appwrite-project' => $this->getProject()['$id'], 'x-appwrite-response-format' => '1.9.4', + 'x-appwrite-organization' => $team['body']['$id'], ], $this->getHeaders())); $this->assertEquals(200, $response['headers']['status-code']); @@ -516,6 +522,7 @@ class ProjectsConsoleClientTest extends Scope 'content-type' => 'application/json', 'x-appwrite-project' => $this->getProject()['$id'], 'x-appwrite-response-format' => '1.9.4', + 'x-appwrite-organization' => $team['body']['$id'], ], $this->getHeaders()), [ 'queries' => [ Query::cursorAfter(new Document(['$id' => $response['body']['projects'][0]['$id']]))->toString(), @@ -532,6 +539,7 @@ class ProjectsConsoleClientTest extends Scope 'content-type' => 'application/json', 'x-appwrite-project' => $this->getProject()['$id'], 'x-appwrite-response-format' => '1.9.4', + 'x-appwrite-organization' => $team['body']['$id'], ], $this->getHeaders()), [ 'queries' => [ Query::cursorAfter(new Document(['$id' => 'unknown']))->toString(), @@ -607,7 +615,7 @@ class ProjectsConsoleClientTest extends Scope 'content-type' => 'application/json', 'x-appwrite-project' => $this->getProject()['$id'], 'x-appwrite-response-format' => '1.9.4', - 'x-appwrite-organization' => $data['teamId'], + 'x-appwrite-organization' => $teamId, ], $this->getHeaders()), [ 'queries' => [ Query::select(['$id', 'name', 'teamId', 'description', '$createdAt', '$updatedAt'])->toString(), @@ -640,6 +648,7 @@ class ProjectsConsoleClientTest extends Scope 'content-type' => 'application/json', 'x-appwrite-project' => $this->getProject()['$id'], 'x-appwrite-response-format' => '1.9.4', + 'x-appwrite-organization' => $teamId, ], $this->getHeaders()), [ 'queries' => [ Query::select(['$id', 'name', 'teamId'])->toString(), @@ -672,6 +681,7 @@ class ProjectsConsoleClientTest extends Scope 'content-type' => 'application/json', 'x-appwrite-project' => $this->getProject()['$id'], 'x-appwrite-response-format' => '1.9.4', + 'x-appwrite-organization' => $teamId, ], $this->getHeaders()), [ 'queries' => [ Query::select(['$id', 'name'])->toString(), @@ -703,6 +713,7 @@ class ProjectsConsoleClientTest extends Scope 'content-type' => 'application/json', 'x-appwrite-project' => $this->getProject()['$id'], 'x-appwrite-response-format' => '1.9.4', + 'x-appwrite-organization' => $teamId, ], $this->getHeaders()), [ 'queries' => [ Query::select(['$id', 'name', 'platforms'])->toString(), @@ -733,6 +744,7 @@ class ProjectsConsoleClientTest extends Scope 'content-type' => 'application/json', 'x-appwrite-project' => $this->getProject()['$id'], 'x-appwrite-response-format' => '1.9.4', + 'x-appwrite-organization' => $teamId, ], $this->getHeaders()), [ 'queries' => [ Query::select(['$id', 'name', 'webhooks', 'keys'])->toString(), @@ -763,6 +775,7 @@ class ProjectsConsoleClientTest extends Scope 'content-type' => 'application/json', 'x-appwrite-project' => $this->getProject()['$id'], 'x-appwrite-response-format' => '1.9.4', + 'x-appwrite-organization' => $teamId, ], $this->getHeaders()), [ 'queries' => [ Query::select(['*'])->toString(), @@ -794,6 +807,7 @@ class ProjectsConsoleClientTest extends Scope 'content-type' => 'application/json', 'x-appwrite-project' => $this->getProject()['$id'], 'x-appwrite-response-format' => '1.9.4', + 'x-appwrite-organization' => $teamId, ], $this->getHeaders()), [ 'queries' => [ Query::select(['$id', 'invalidAttribute'])->toString(), @@ -1816,7 +1830,13 @@ class ProjectsConsoleClientTest extends Scope $this->assertEquals('en-us', $response['body']['locale']); /** Update Email template, fail due to SMTP disabled */ - $response = $this->client->call(Client::METHOD_PATCH, '/projects/' . $id . '/templates/email/verification/en-us', array_merge([ + $projectWithoutSmtp = $this->setupProject([ + 'projectId' => ID::unique(), + 'name' => 'Project Without SMTP', + 'region' => System::getEnv('_APP_REGION', 'default') + ]); + + $response = $this->client->call(Client::METHOD_PATCH, '/projects/' . $projectWithoutSmtp . '/templates/email/verification/en-us', array_merge([ 'content-type' => 'application/json', 'x-appwrite-project' => $this->getProject()['$id'], 'x-appwrite-response-format' => '1.9.1', From bcd2bfe5b272e442159b69499421edce992dd223 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Matej=20Ba=C4=8Do?= Date: Thu, 14 May 2026 19:34:49 +0200 Subject: [PATCH 34/84] Fix security --- app/controllers/shared/api.php | 4 +-- app/init/resources/request.php | 58 +++++++++++++++------------------- 2 files changed, 27 insertions(+), 35 deletions(-) diff --git a/app/controllers/shared/api.php b/app/controllers/shared/api.php index 6f808296b0..573f6d5f06 100644 --- a/app/controllers/shared/api.php +++ b/app/controllers/shared/api.php @@ -315,7 +315,7 @@ Http::init() } $projectId = $project->getId(); - if ($projectId === 'console' && str_starts_with($route->getPath(), '/v1/projects/:projectId')) { + if ($projectId === 'console' && (str_starts_with($route->getPath(), '/v1/projects/:projectId') || str_starts_with($route->getPath(), '/v1/organization/projects'))) { $uri = $request->getURI(); $projectId = explode('/', $uri)[3]; } @@ -342,7 +342,7 @@ Http::init() * For console projects resource, we use platform DB. * Enabling authorization restricts admin user to the projects they have access to. */ - if ($project->getId() === 'console' && ($route->getPath() === '/v1/projects' || $route->getPath() === '/v1/projects/:projectId')) { + if ($project->getId() === 'console' && ($route->getPath() === '/v1/projects' || $route->getPath() === '/v1/projects/:projectId' || $route->getPath() === '/v1/organization/projects')) { $authorization->setDefaultStatus(true); } else { // Otherwise, disable authorization checks. diff --git a/app/init/resources/request.php b/app/init/resources/request.php index e1409d6412..2854cb2401 100644 --- a/app/init/resources/request.php +++ b/app/init/resources/request.php @@ -1096,9 +1096,9 @@ return function (Container $context): void { }, ['request', 'project', 'servers', 'dbForPlatform', 'authorization']); $context->set('team', function (Document $project, Database $dbForPlatform, Http $utopia, Request $request, Authorization $authorization, Document $user) { - $teamInternalId = ''; + $teamId = ''; if ($project->getId() !== 'console') { - $teamInternalId = $project->getAttribute('teamInternalId', ''); + $teamId = $project->getAttribute('teamId', ''); } else { $route = $utopia->match($request); $path = ! empty($route) ? $route->getPath() : $request->getURI(); @@ -1106,12 +1106,12 @@ return function (Container $context): void { // Prioritx #1: If org ID header present, respect it if (!empty($orgHeader)) { - return $authorization->skip(fn () => $dbForPlatform->getDocument('teams', $orgHeader)); - } + $teamId = $orgHeader; + } elseif (\str_starts_with($path, '/v1/organization/projects')) { + // Backwards compatibility: /v1/organitation/projects acting as /v1/projects - // Backwards compatibility: /v1/organitation/projects acting as /v1/projects - if (\str_starts_with($path, '/v1/organization/projects')) { // Backwards compatibility: Take from payload param + // organizationId not required, but easy to use by mistake in future unknowingly $teamId = $request->getParam('organizationId', $request->getParam('teamId', '')); // Backawrds compatibility: Get from URL param project ID @@ -1142,44 +1142,36 @@ return function (Container $context): void { // Ignore, do not parse from queries } } - - if (!empty($teamId)) { - $team = $authorization->skip(function () use ($dbForPlatform, $teamId) { - return $dbForPlatform->getDocument('teams', $teamId); - }); - return $team; - } } elseif (str_starts_with($path, '/v1/projects/:projectId')) { $uri = $request->getURI(); - $pid = explode('/', $uri)[3]; - $p = $authorization->skip(fn () => $dbForPlatform->getDocument('projects', $pid)); - $teamInternalId = $p->getAttribute('teamInternalId', ''); + $projectId = explode('/', $uri)[3]; + $project = $authorization->skip(fn () => $dbForPlatform->getDocument('projects', $projectId)); + $teamId = $project->getAttribute('teamId', ''); } elseif ($path === '/v1/projects') { $teamId = $request->getParam('teamId', ''); + } + } - if (empty($teamId)) { - return new Document([]); - } + // No team scenario + if (empty($teamId)) { + return new Document([]); + } - $team = $authorization->skip(fn () => $dbForPlatform->getDocument('teams', $teamId)); + $team = $authorization->skip(function () use ($dbForPlatform, $teamId) { + return $dbForPlatform->getDocument('teams', $teamId); + }); + // Unauthorized team scenario + // Ensure $user has membership in team + $memberships = $user->getAttribute('memberships', []); + foreach ($memberships as $membership) { + if ($membership->getAttribute('teamId', '') === $teamId) { return $team; } } - // if teamInternalId is empty, return an empty document - - if (empty($teamInternalId)) { - return new Document([]); - } - - $team = $authorization->skip(function () use ($dbForPlatform, $teamInternalId) { - return $dbForPlatform->findOne('teams', [ - Query::equal('$sequence', [$teamInternalId]), - ]); - }); - - return $team; + // Unauthorized, do not allow the team + return new Document([]); }, ['project', 'dbForPlatform', 'utopia', 'request', 'authorization', 'user']); $context->set('previewHostname', function (Request $request, ?Key $apiKey) { From 3e35b888a7b6b01169765b1c7687895014d8750a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Matej=20Ba=C4=8Do?= Date: Thu, 14 May 2026 19:47:59 +0200 Subject: [PATCH 35/84] Fix bug --- app/controllers/shared/api.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/app/controllers/shared/api.php b/app/controllers/shared/api.php index 573f6d5f06..d900492f10 100644 --- a/app/controllers/shared/api.php +++ b/app/controllers/shared/api.php @@ -317,7 +317,8 @@ Http::init() $projectId = $project->getId(); if ($projectId === 'console' && (str_starts_with($route->getPath(), '/v1/projects/:projectId') || str_starts_with($route->getPath(), '/v1/organization/projects'))) { $uri = $request->getURI(); - $projectId = explode('/', $uri)[3]; + $parts = explode('/', $uri); + $projectId = str_starts_with($route->getPath(), '/v1/organization/projects') ? $parts[4] : $parts[3]; } // Base scopes for admin users to allow listing teams and projects. From 5b109f2f8ddff2fbcda1aea0d05c5aafca2cd51b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Matej=20Ba=C4=8Do?= Date: Thu, 14 May 2026 19:52:14 +0200 Subject: [PATCH 36/84] Fix org key usecase --- app/init/resources/request.php | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/app/init/resources/request.php b/app/init/resources/request.php index 2854cb2401..17af87affb 100644 --- a/app/init/resources/request.php +++ b/app/init/resources/request.php @@ -1170,6 +1170,11 @@ return function (Container $context): void { } } + // API key auth bypasses membership check; key validity is verified later + if (!empty($request->getHeader('x-appwrite-key', ''))) { + return $team; + } + // Unauthorized, do not allow the team return new Document([]); }, ['project', 'dbForPlatform', 'utopia', 'request', 'authorization', 'user']); From 11839c6dcc3fc2675145325f009a7d0eca710dab Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Matej=20Ba=C4=8Do?= Date: Fri, 15 May 2026 11:26:22 +0200 Subject: [PATCH 37/84] Remove old endpoint aliases --- .../Platform/Modules/Organization/Http/Projects/Create.php | 1 - .../Platform/Modules/Organization/Http/Projects/Update.php | 1 - .../Platform/Modules/Organization/Http/Projects/XList.php | 1 - 3 files changed, 3 deletions(-) diff --git a/src/Appwrite/Platform/Modules/Organization/Http/Projects/Create.php b/src/Appwrite/Platform/Modules/Organization/Http/Projects/Create.php index 88a17cdd7a..6ad1139ba7 100644 --- a/src/Appwrite/Platform/Modules/Organization/Http/Projects/Create.php +++ b/src/Appwrite/Platform/Modules/Organization/Http/Projects/Create.php @@ -42,7 +42,6 @@ class Create extends Action $this ->setHttpMethod(Action::HTTP_REQUEST_METHOD_POST) ->setHttpPath('/v1/organization/projects') - ->httpAlias('/v1/projects') ->desc('Create organization project') ->groups(['api', 'organization']) ->label('audits.event', 'projects.create') diff --git a/src/Appwrite/Platform/Modules/Organization/Http/Projects/Update.php b/src/Appwrite/Platform/Modules/Organization/Http/Projects/Update.php index 9188060639..c364a5d6df 100644 --- a/src/Appwrite/Platform/Modules/Organization/Http/Projects/Update.php +++ b/src/Appwrite/Platform/Modules/Organization/Http/Projects/Update.php @@ -28,7 +28,6 @@ class Update extends Action $this ->setHttpMethod(Action::HTTP_REQUEST_METHOD_PATCH) ->setHttpPath('/v1/organization/projects/:projectId') - ->httpAlias('/v1/projects/:projectId') ->desc('Update organization project') ->groups(['api', 'organization']) ->label('scope', 'projects.write') diff --git a/src/Appwrite/Platform/Modules/Organization/Http/Projects/XList.php b/src/Appwrite/Platform/Modules/Organization/Http/Projects/XList.php index 5b223904d6..6b45d92175 100644 --- a/src/Appwrite/Platform/Modules/Organization/Http/Projects/XList.php +++ b/src/Appwrite/Platform/Modules/Organization/Http/Projects/XList.php @@ -44,7 +44,6 @@ class XList extends Action $this ->setHttpMethod(Action::HTTP_REQUEST_METHOD_GET) ->setHttpPath('/v1/organization/projects') - ->httpAlias('/v1/projects') ->desc('List organization projects') ->groups(['api', 'organization']) ->label('scope', 'projects.read') From 79f536445e287110ec28d950e4b01c0b976ce0b5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Matej=20Ba=C4=8Do?= Date: Fri, 15 May 2026 11:26:35 +0200 Subject: [PATCH 38/84] Revive old endpoints --- .../Modules/Projects/Http/Projects/Create.php | 245 ++++++++++++++++++ .../Modules/Projects/Http/Projects/Update.php | 94 +++++++ .../Modules/Projects/Http/Projects/XList.php | 197 ++++++++++++++ .../Modules/Projects/Services/Http.php | 6 + 4 files changed, 542 insertions(+) create mode 100644 src/Appwrite/Platform/Modules/Projects/Http/Projects/Create.php create mode 100644 src/Appwrite/Platform/Modules/Projects/Http/Projects/Update.php create mode 100644 src/Appwrite/Platform/Modules/Projects/Http/Projects/XList.php diff --git a/src/Appwrite/Platform/Modules/Projects/Http/Projects/Create.php b/src/Appwrite/Platform/Modules/Projects/Http/Projects/Create.php new file mode 100644 index 0000000000..d2c92fc65c --- /dev/null +++ b/src/Appwrite/Platform/Modules/Projects/Http/Projects/Create.php @@ -0,0 +1,245 @@ +setHttpMethod(Action::HTTP_REQUEST_METHOD_POST) + ->setHttpPath('/v1/projects') + ->desc('Create project') + ->groups(['api', 'projects']) + ->label('audits.event', 'projects.create') + ->label('audits.resource', 'project/{response.$id}') + ->label('scope', 'projects.write') + ->label('sdk', new Method( + namespace: 'projects', + group: 'projects', + name: 'create', + description: '/docs/references/projects/create.md', + auth: [AuthType::ADMIN], + responses: [ + new SDKResponse( + code: Response::STATUS_CODE_CREATED, + model: Response::MODEL_PROJECT, + ) + ] + )) + ->param('projectId', '', new ProjectId(), 'Unique Id. Choose a custom ID or generate a random ID with `ID.unique()`. Valid chars are a-z, and hyphen. Can\'t start with a special char. Max length is 36 chars.') + ->param('name', null, new Text(128), 'Project name. Max length: 128 chars.') + ->param('teamId', '', new UID(), 'Team unique ID.') + ->param('region', System::getEnv('_APP_REGION', 'default'), new WhiteList(array_keys(array_filter(Config::getParam('regions'), fn ($config) => !$config['disabled']))), 'Project Region.', true) + ->inject('request') + ->inject('response') + ->inject('dbForPlatform') + ->inject('cache') + ->inject('pools') + ->inject('hooks') + ->callback($this->action(...)); + } + + public function action(string $projectId, string $name, string $teamId, string $region, Request $request, Response $response, Database $dbForPlatform, Cache $cache, Group $pools, Hooks $hooks) + { + $team = $dbForPlatform->getDocument('teams', $teamId); + + if ($team->isEmpty()) { + throw new Exception(Exception::TEAM_NOT_FOUND); + } + + $allowList = \array_filter(\explode(',', System::getEnv('_APP_PROJECT_REGIONS', ''))); + + if (!empty($allowList) && !\in_array($region, $allowList)) { + throw new Exception(Exception::PROJECT_REGION_UNSUPPORTED, 'Region "' . $region . '" is not supported'); + } + + $auth = Config::getParam('auth', []); + $auths = [ + 'limit' => 0, + 'maxSessions' => 0, + 'passwordHistory' => 0, + 'passwordDictionary' => false, + 'duration' => TOKEN_EXPIRATION_LOGIN_LONG, + 'personalDataCheck' => false, + 'disposableEmails' => false, + 'canonicalEmails' => false, + 'freeEmails' => false, + 'mockNumbers' => [], + 'sessionAlerts' => false, + 'membershipsUserName' => false, + 'membershipsUserEmail' => false, + 'membershipsMfa' => false, + 'membershipsUserId' => false, + 'membershipsUserPhone' => false, + 'invalidateSessions' => true + ]; + + foreach ($auth as $method) { + $auths[$method['key'] ?? ''] = true; + } + + $projectId = ($projectId == 'unique()') ? ID::unique() : $projectId; + + if ($projectId === 'console') { + throw new Exception(Exception::PROJECT_RESERVED_PROJECT, "'console' is a reserved project."); + } + + $databases = Config::getParam('pools-database', []); + + if ($region !== 'default') { + $databaseKeys = System::getEnv('_APP_DATABASE_KEYS', ''); + $keys = explode(',', $databaseKeys); + $databases = array_filter($keys, function ($value) use ($region) { + return str_contains($value, $region); + }); + } + + $databaseOverride = System::getEnv('_APP_DATABASE_OVERRIDE'); + $index = \array_search($databaseOverride, $databases); + if ($index !== false) { + $dsn = $databases[$index]; + } else { + $dsn = $databases[array_rand($databases)]; + } + + // TODO: Temporary until all projects are using shared tables. + $sharedTables = \explode(',', System::getEnv('_APP_DATABASE_SHARED_TABLES', '')); + + if (\in_array($dsn, $sharedTables)) { + $schema = 'appwrite'; + $database = 'appwrite'; + $namespace = System::getEnv('_APP_DATABASE_SHARED_NAMESPACE', ''); + $dsn = $schema . '://' . $dsn . '?database=' . $database; + + if (!empty($namespace)) { + $dsn .= '&namespace=' . $namespace; + } + } + + try { + $project = $dbForPlatform->createDocument('projects', new Document([ + '$id' => $projectId, + '$permissions' => $this->getPermissions($teamId, $projectId), + 'name' => $name, + 'teamInternalId' => $team->getSequence(), + 'teamId' => $team->getId(), + 'region' => $region, + 'version' => APP_VERSION_STABLE, + 'services' => new \stdClass(), + 'platforms' => null, + 'oAuthProviders' => [], + 'webhooks' => null, + 'keys' => null, + 'auths' => $auths, + 'accessedAt' => DateTime::now(), + 'search' => implode(' ', [$projectId, $name]), + 'database' => $dsn, + 'labels' => [], + 'status' => PROJECT_STATUS_ACTIVE, + ])); + } catch (Duplicate) { + throw new Exception(Exception::PROJECT_ALREADY_EXISTS); + } + + try { + $dsn = new DSN($dsn); + } catch (\InvalidArgumentException) { + // TODO: Temporary until all projects are using shared tables + $dsn = new DSN('mysql://' . $dsn); + } + + $sharedTables = \explode(',', System::getEnv('_APP_DATABASE_SHARED_TABLES', '')); + $projectTables = !\in_array($dsn->getHost(), $sharedTables); + + if ($projectTables) { + $adapter = new DatabasePool($pools->get($dsn->getHost())); + $dbForProject = new Database($adapter, $cache); + $dbForProject + ->setDatabase(APP_DATABASE) + ->setSharedTables(false) + ->setTenant(null) + ->setNamespace('_' . $project->getSequence()); + + $create = true; + + try { + $dbForProject->create(); + } catch (Duplicate) { + $create = false; + } + + $adapter = new AdapterDatabase($dbForProject); + $audit = new Audit($adapter); + $audit->setup(); + + if ($create) { + /** @var array $collections */ + $collections = Config::getParam('collections', [])['projects'] ?? []; + + foreach ($collections as $key => $collection) { + if (($collection['$collection'] ?? '') !== Database::METADATA) { + continue; + } + + $attributes = \array_map(fn ($attribute) => new Document($attribute), $collection['attributes']); + $indexes = \array_map(fn (array $index) => new Document($index), $collection['indexes']); + + try { + $dbForProject->createCollection($key, $attributes, $indexes); + } catch (Duplicate) { + // Collection already exists + } + } + } + } + + // Hook allowing instant project mirroring during migration + // Outside of migration, hook is not registered and has no effect + $hooks->trigger('afterProjectCreation', [$project, $pools, $cache]); + + $response + ->setStatusCode(Response::STATUS_CODE_CREATED) + ->dynamic($project, Response::MODEL_PROJECT); + } +} diff --git a/src/Appwrite/Platform/Modules/Projects/Http/Projects/Update.php b/src/Appwrite/Platform/Modules/Projects/Http/Projects/Update.php new file mode 100644 index 0000000000..29c26b33ea --- /dev/null +++ b/src/Appwrite/Platform/Modules/Projects/Http/Projects/Update.php @@ -0,0 +1,94 @@ +setHttpMethod(Action::HTTP_REQUEST_METHOD_PATCH) + ->setHttpPath('/v1/projects/:projectId') + ->desc('Update project') + ->groups(['api', 'projects']) + ->label('scope', 'projects.write') + ->label('audits.event', 'projects.update') + ->label('audits.resource', 'project/{request.projectId}') + ->label('sdk', new Method( + namespace: 'projects', + group: 'projects', + name: 'update', + description: '/docs/references/projects/update.md', + auth: [AuthType::ADMIN], + responses: [ + new SDKResponse( + code: Response::STATUS_CODE_OK, + model: Response::MODEL_PROJECT, + ) + ] + )) + ->param('projectId', '', new UID(), 'Project unique ID.') + ->param('name', null, new Text(128), 'Project name. Max length: 128 chars.') + ->param('description', '', new Text(256), 'Project description. Max length: 256 chars.', true) + ->param('logo', '', new Text(1024), 'Project logo.', true) + ->param('url', '', new URL(), 'Project URL.', true) + ->param('legalName', '', new Text(256), 'Project legal name. Max length: 256 chars.', true) + ->param('legalCountry', '', new Text(256), 'Project legal country. Max length: 256 chars.', true) + ->param('legalState', '', new Text(256), 'Project legal state. Max length: 256 chars.', true) + ->param('legalCity', '', new Text(256), 'Project legal city. Max length: 256 chars.', true) + ->param('legalAddress', '', new Text(256), 'Project legal address. Max length: 256 chars.', true) + ->param('legalTaxId', '', new Text(256), 'Project legal tax ID. Max length: 256 chars.', true) + ->inject('response') + ->inject('dbForPlatform') + ->callback($this->action(...)); + } + + public function action(string $projectId, string $name, string $description, string $logo, string $url, string $legalName, string $legalCountry, string $legalState, string $legalCity, string $legalAddress, string $legalTaxId, Response $response, Database $dbForPlatform) + { + $project = $dbForPlatform->getDocument('projects', $projectId); + + if ($project->isEmpty()) { + throw new Exception(Exception::PROJECT_NOT_FOUND); + } + + $project = $dbForPlatform->updateDocument('projects', $project->getId(), $project + ->setAttribute('name', $name) + ->setAttribute('description', $description) + ->setAttribute('logo', $logo) + ->setAttribute('url', $url) + ->setAttribute('legalName', $legalName) + ->setAttribute('legalCountry', $legalCountry) + ->setAttribute('legalState', $legalState) + ->setAttribute('legalCity', $legalCity) + ->setAttribute('legalAddress', $legalAddress) + ->setAttribute('legalTaxId', $legalTaxId) + ->setAttribute('search', implode(' ', [$projectId, $name]))); + + $response->dynamic($project, Response::MODEL_PROJECT); + } +} diff --git a/src/Appwrite/Platform/Modules/Projects/Http/Projects/XList.php b/src/Appwrite/Platform/Modules/Projects/Http/Projects/XList.php new file mode 100644 index 0000000000..0d2a951388 --- /dev/null +++ b/src/Appwrite/Platform/Modules/Projects/Http/Projects/XList.php @@ -0,0 +1,197 @@ +setHttpMethod(Action::HTTP_REQUEST_METHOD_GET) + ->setHttpPath('/v1/projects') + ->desc('List projects') + ->groups(['api', 'projects']) + ->label('scope', 'projects.read') + ->label('sdk', new Method( + namespace: 'projects', + group: 'projects', + name: 'list', + description: <<param('queries', [], $this->getQueriesValidator(), 'Array of query strings generated using the Query class provided by the SDK. [Learn more about queries](https://appwrite.io/docs/queries). Maximum of ' . APP_LIMIT_ARRAY_PARAMS_SIZE . ' queries are allowed, each ' . APP_LIMIT_ARRAY_ELEMENT_SIZE . ' characters long. You may filter on the following attributes: ' . implode(', ', Projects::ALLOWED_ATTRIBUTES), true) + ->param('search', '', new Text(256), 'Search term to filter your list results. Max length: 256 chars.', true) + ->param('total', true, new Boolean(true), 'When set to false, the total count returned will be 0 and will not be calculated.', true) + ->inject('response') + ->inject('dbForPlatform') + ->inject('team') + ->callback($this->action(...)); + } + + public function action(array $queries, string $search, bool $includeTotal, Response $response, Database $dbForPlatform, Document $team) + { + try { + $queries = Query::parseQueries($queries); + } catch (QueryException $e) { + throw new Exception(Exception::GENERAL_QUERY_INVALID, $e->getMessage()); + } + + if (!empty($search)) { + $queries[] = Query::search('search', $search); + } + + if (!$team->isEmpty()) { + $queries[] = Query::equal('teamInternalId', [$team->getSequence()]); + } + + $cursor = Query::getCursorQueries($queries, false); + $cursor = \reset($cursor); + + if ($cursor !== false) { + $validator = new Cursor(); + if (!$validator->isValid($cursor)) { + throw new Exception(Exception::GENERAL_QUERY_INVALID, $validator->getDescription()); + } + + $projectId = $cursor->getValue(); + $cursorDocument = $dbForPlatform->getDocument('projects', $projectId); + + if ($cursorDocument->isEmpty()) { + throw new Exception(Exception::GENERAL_CURSOR_NOT_FOUND, "Project '{$projectId}' for the 'cursor' value not found."); + } + + $cursor->setValue($cursorDocument); + } + + try { + $selectQueries = Query::groupByType($queries)['selections']; + $filterQueries = Query::groupByType($queries)['filters']; + + $projects = $this->find($dbForPlatform, $queries, $selectQueries); + $total = $includeTotal ? $dbForPlatform->count('projects', $filterQueries, APP_LIMIT_COUNT) : 0; + } catch (Order $e) { + throw new Exception(Exception::DATABASE_QUERY_ORDER_NULL, "The order attribute '{$e->getAttribute()}' had a null value. Cursor pagination requires all documents order attribute values are non-null."); + } + + $response->addFilter(new ListSelection($selectQueries, 'projects')); + + $response->dynamic(new Document([ + 'projects' => $projects, + 'total' => $total, + ]), Response::MODEL_PROJECT_LIST); + } + + // Build mapping of columns to their subQuery filters + private static function getAttributeToSubQueryFilters(): array + { + if (self::$attributeToSubQueryFilters !== null) { + return self::$attributeToSubQueryFilters; + } + + self::$attributeToSubQueryFilters = []; + + $collections = Config::getParam('collections', []); + $projectAttributes = $collections['platform']['projects']['attributes'] ?? []; + + foreach ($projectAttributes as $attribute) { + $attributeId = $attribute['$id'] ?? null; + $filters = $attribute['filters'] ?? []; + + if ($attributeId === null || empty($filters)) { + continue; + } + + // extract only subQuery filters + $subQueryFilters = \array_filter($filters, function ($filter) { + return \str_starts_with($filter, 'subQuery'); + }); + + if (!empty($subQueryFilters)) { + self::$attributeToSubQueryFilters[$attributeId] = \array_values($subQueryFilters); + } + } + + return self::$attributeToSubQueryFilters; + } + + private function find(Database $dbForPlatform, array $queries, array $selectQueries): array + { + if (empty($selectQueries)) { + return $dbForPlatform->find('projects', $queries); + } + + $selectedAttributes = []; + foreach ($selectQueries as $query) { + foreach ($query->getValues() as $value) { + $selectedAttributes[] = $value; + } + } + + if (\in_array('*', $selectedAttributes)) { + return $dbForPlatform->find('projects', $queries); + } + + $filtersToSkipMap = []; + $selectedAttributesMap = \array_flip($selectedAttributes); + $attributeToSubQueryFilters = self::getAttributeToSubQueryFilters(); + + foreach ($attributeToSubQueryFilters as $attributeName => $subQueryFilters) { + if (!isset($selectedAttributesMap[$attributeName])) { + foreach ($subQueryFilters as $filter) { + $filtersToSkipMap[$filter] = true; + } + } + } + + $filtersToSkip = \array_keys($filtersToSkipMap); + + return empty($filtersToSkip) + ? $dbForPlatform->find('projects', $queries) + : $dbForPlatform->skipFilters(fn () => $dbForPlatform->find('projects', $queries), $filtersToSkip); + } +} diff --git a/src/Appwrite/Platform/Modules/Projects/Services/Http.php b/src/Appwrite/Platform/Modules/Projects/Services/Http.php index b1662cef31..8275e664d5 100644 --- a/src/Appwrite/Platform/Modules/Projects/Services/Http.php +++ b/src/Appwrite/Platform/Modules/Projects/Services/Http.php @@ -7,7 +7,10 @@ use Appwrite\Platform\Modules\Projects\Http\DevKeys\Delete as DeleteDevKey; use Appwrite\Platform\Modules\Projects\Http\DevKeys\Get as GetDevKey; use Appwrite\Platform\Modules\Projects\Http\DevKeys\Update as UpdateDevKey; use Appwrite\Platform\Modules\Projects\Http\DevKeys\XList as ListDevKeys; +use Appwrite\Platform\Modules\Projects\Http\Projects\Create as CreateProject; use Appwrite\Platform\Modules\Projects\Http\Projects\Team\Update as UpdateProjectTeam; +use Appwrite\Platform\Modules\Projects\Http\Projects\Update as UpdateProject; +use Appwrite\Platform\Modules\Projects\Http\Projects\XList as ListProjects; use Appwrite\Platform\Modules\Projects\Http\Schedules\Create as CreateSchedule; use Appwrite\Platform\Modules\Projects\Http\Schedules\Get as GetSchedule; use Appwrite\Platform\Modules\Projects\Http\Schedules\XList as ListSchedules; @@ -24,6 +27,9 @@ class Http extends Service $this->addAction(ListDevKeys::getName(), new ListDevKeys()); $this->addAction(DeleteDevKey::getName(), new DeleteDevKey()); + $this->addAction(CreateProject::getName(), new CreateProject()); + $this->addAction(UpdateProject::getName(), new UpdateProject()); + $this->addAction(ListProjects::getName(), new ListProjects()); $this->addAction(UpdateProjectTeam::getName(), new UpdateProjectTeam()); $this->addAction(CreateSchedule::getName(), new CreateSchedule()); From cd54e9178468edeb9a94ae21fcee8f272c2c0180 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Matej=20Ba=C4=8Do?= Date: Fri, 15 May 2026 11:27:19 +0200 Subject: [PATCH 39/84] Deprecate old projects endpoints --- .../Modules/Projects/Http/Projects/Create.php | 13 ------------- .../Modules/Projects/Http/Projects/Update.php | 13 ------------- .../Modules/Projects/Http/Projects/XList.php | 16 ---------------- 3 files changed, 42 deletions(-) diff --git a/src/Appwrite/Platform/Modules/Projects/Http/Projects/Create.php b/src/Appwrite/Platform/Modules/Projects/Http/Projects/Create.php index d2c92fc65c..b5873228cc 100644 --- a/src/Appwrite/Platform/Modules/Projects/Http/Projects/Create.php +++ b/src/Appwrite/Platform/Modules/Projects/Http/Projects/Create.php @@ -54,19 +54,6 @@ class Create extends Action ->label('audits.event', 'projects.create') ->label('audits.resource', 'project/{response.$id}') ->label('scope', 'projects.write') - ->label('sdk', new Method( - namespace: 'projects', - group: 'projects', - name: 'create', - description: '/docs/references/projects/create.md', - auth: [AuthType::ADMIN], - responses: [ - new SDKResponse( - code: Response::STATUS_CODE_CREATED, - model: Response::MODEL_PROJECT, - ) - ] - )) ->param('projectId', '', new ProjectId(), 'Unique Id. Choose a custom ID or generate a random ID with `ID.unique()`. Valid chars are a-z, and hyphen. Can\'t start with a special char. Max length is 36 chars.') ->param('name', null, new Text(128), 'Project name. Max length: 128 chars.') ->param('teamId', '', new UID(), 'Team unique ID.') diff --git a/src/Appwrite/Platform/Modules/Projects/Http/Projects/Update.php b/src/Appwrite/Platform/Modules/Projects/Http/Projects/Update.php index 29c26b33ea..c1694a029c 100644 --- a/src/Appwrite/Platform/Modules/Projects/Http/Projects/Update.php +++ b/src/Appwrite/Platform/Modules/Projects/Http/Projects/Update.php @@ -39,19 +39,6 @@ class Update extends Action ->label('scope', 'projects.write') ->label('audits.event', 'projects.update') ->label('audits.resource', 'project/{request.projectId}') - ->label('sdk', new Method( - namespace: 'projects', - group: 'projects', - name: 'update', - description: '/docs/references/projects/update.md', - auth: [AuthType::ADMIN], - responses: [ - new SDKResponse( - code: Response::STATUS_CODE_OK, - model: Response::MODEL_PROJECT, - ) - ] - )) ->param('projectId', '', new UID(), 'Project unique ID.') ->param('name', null, new Text(128), 'Project name. Max length: 128 chars.') ->param('description', '', new Text(256), 'Project description. Max length: 256 chars.', true) diff --git a/src/Appwrite/Platform/Modules/Projects/Http/Projects/XList.php b/src/Appwrite/Platform/Modules/Projects/Http/Projects/XList.php index 0d2a951388..98318fe2a8 100644 --- a/src/Appwrite/Platform/Modules/Projects/Http/Projects/XList.php +++ b/src/Appwrite/Platform/Modules/Projects/Http/Projects/XList.php @@ -48,22 +48,6 @@ class XList extends Action ->desc('List projects') ->groups(['api', 'projects']) ->label('scope', 'projects.read') - ->label('sdk', new Method( - namespace: 'projects', - group: 'projects', - name: 'list', - description: <<param('queries', [], $this->getQueriesValidator(), 'Array of query strings generated using the Query class provided by the SDK. [Learn more about queries](https://appwrite.io/docs/queries). Maximum of ' . APP_LIMIT_ARRAY_PARAMS_SIZE . ' queries are allowed, each ' . APP_LIMIT_ARRAY_ELEMENT_SIZE . ' characters long. You may filter on the following attributes: ' . implode(', ', Projects::ALLOWED_ATTRIBUTES), true) ->param('search', '', new Text(256), 'Search term to filter your list results. Max length: 256 chars.', true) ->param('total', true, new Boolean(true), 'When set to false, the total count returned will be 0 and will not be calculated.', true) From 2d9470494800e10f21e71a8346ef840cba7258f6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Matej=20Ba=C4=8Do?= Date: Fri, 15 May 2026 11:30:06 +0200 Subject: [PATCH 40/84] Formatting fix --- .../Platform/Modules/Projects/Http/Projects/Create.php | 3 --- .../Platform/Modules/Projects/Http/Projects/Update.php | 3 --- .../Platform/Modules/Projects/Http/Projects/XList.php | 4 ---- 3 files changed, 10 deletions(-) diff --git a/src/Appwrite/Platform/Modules/Projects/Http/Projects/Create.php b/src/Appwrite/Platform/Modules/Projects/Http/Projects/Create.php index b5873228cc..18250cb140 100644 --- a/src/Appwrite/Platform/Modules/Projects/Http/Projects/Create.php +++ b/src/Appwrite/Platform/Modules/Projects/Http/Projects/Create.php @@ -4,9 +4,6 @@ namespace Appwrite\Platform\Modules\Projects\Http\Projects; use Appwrite\Extend\Exception; use Appwrite\Hooks\Hooks; -use Appwrite\SDK\AuthType; -use Appwrite\SDK\Method; -use Appwrite\SDK\Response as SDKResponse; use Appwrite\Utopia\Database\Validator\ProjectId; use Appwrite\Utopia\Database\Validator\Queries\Projects; use Appwrite\Utopia\Request; diff --git a/src/Appwrite/Platform/Modules/Projects/Http/Projects/Update.php b/src/Appwrite/Platform/Modules/Projects/Http/Projects/Update.php index c1694a029c..f6df843d07 100644 --- a/src/Appwrite/Platform/Modules/Projects/Http/Projects/Update.php +++ b/src/Appwrite/Platform/Modules/Projects/Http/Projects/Update.php @@ -3,9 +3,6 @@ namespace Appwrite\Platform\Modules\Projects\Http\Projects; use Appwrite\Extend\Exception; -use Appwrite\SDK\AuthType; -use Appwrite\SDK\Method; -use Appwrite\SDK\Response as SDKResponse; use Appwrite\Utopia\Database\Validator\Queries\Projects; use Appwrite\Utopia\Response; use Utopia\Database\Database; diff --git a/src/Appwrite/Platform/Modules/Projects/Http/Projects/XList.php b/src/Appwrite/Platform/Modules/Projects/Http/Projects/XList.php index 98318fe2a8..b967c29451 100644 --- a/src/Appwrite/Platform/Modules/Projects/Http/Projects/XList.php +++ b/src/Appwrite/Platform/Modules/Projects/Http/Projects/XList.php @@ -4,10 +4,6 @@ namespace Appwrite\Platform\Modules\Projects\Http\Projects; use Appwrite\Extend\Exception; use Appwrite\Platform\Action; -use Appwrite\SDK\AuthType; -use Appwrite\SDK\ContentType; -use Appwrite\SDK\Method; -use Appwrite\SDK\Response as SDKResponse; use Appwrite\Utopia\Database\Validator\Queries\Projects; use Appwrite\Utopia\Response; use Appwrite\Utopia\Response\Filters\ListSelection; From 34078ad9afe011f801f48f82aee2c13ddf117577 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Matej=20Ba=C4=8Do?= Date: Fri, 15 May 2026 11:37:04 +0200 Subject: [PATCH 41/84] Revert unwanted changes --- app/config/scopes/organization.php | 4 ++-- .../Platform/Modules/Organization/Http/Projects/Create.php | 4 +--- 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/app/config/scopes/organization.php b/app/config/scopes/organization.php index 4e10331b7f..d74452f259 100644 --- a/app/config/scopes/organization.php +++ b/app/config/scopes/organization.php @@ -13,13 +13,13 @@ return [ "category" => "Projects", ], "devKeys.read" => [ - "description" => 'Access to read organization project\'s development keys', + "description" => 'Access to read project\'s development keys', "category" => "Other", "deprecated" => true, ], "devKeys.write" => [ "description" => - "Access to create, update, and delete organization project\'s development keys", + "Access to create, update, and delete project\'s development keys", "category" => "Other", "deprecated" => true, ], diff --git a/src/Appwrite/Platform/Modules/Organization/Http/Projects/Create.php b/src/Appwrite/Platform/Modules/Organization/Http/Projects/Create.php index 6ad1139ba7..c4c5278d1f 100644 --- a/src/Appwrite/Platform/Modules/Organization/Http/Projects/Create.php +++ b/src/Appwrite/Platform/Modules/Organization/Http/Projects/Create.php @@ -66,7 +66,6 @@ class Create extends Action ->param('projectId', '', new ProjectId(), 'Unique Id. Choose a custom ID or generate a random ID with `ID.unique()`. Valid chars are a-z, and hyphen. Can\'t start with a special char. Max length is 36 chars.') ->param('name', null, new Text(128), 'Project name. Max length: 128 chars.') ->param('region', System::getEnv('_APP_REGION', 'default'), new WhiteList(array_keys(array_filter(Config::getParam('regions'), fn ($config) => !$config['disabled']))), 'Project Region.', true) - ->param('teamId', '', new UID(), 'Team unique ID.', deprecated: true, optional: true) // Backwards compatibility ->inject('response') ->inject('dbForPlatform') ->inject('cache') @@ -76,8 +75,7 @@ class Create extends Action ->callback($this->action(...)); } - // teamId intentionally unused; used by resource for backwards compatibility - public function action(string $projectId, string $name, string $region, string $teamId, Response $response, Database $dbForPlatform, Cache $cache, Group $pools, Hooks $hooks, Document $team) + public function action(string $projectId, string $name, string $region, Response $response, Database $dbForPlatform, Cache $cache, Group $pools, Hooks $hooks, Document $team) { $allowList = \array_filter(\explode(',', System::getEnv('_APP_PROJECT_REGIONS', ''))); From d422b7abdcb887976b2dd7640d1fdce5c638b718 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Matej=20Ba=C4=8Do?= Date: Fri, 15 May 2026 11:44:47 +0200 Subject: [PATCH 42/84] Final reverts --- app/controllers/shared/api.php | 7 ++- app/init/resources/request.php | 96 +++++++++------------------------- 2 files changed, 29 insertions(+), 74 deletions(-) diff --git a/app/controllers/shared/api.php b/app/controllers/shared/api.php index 5bcb51355b..6e5167660a 100644 --- a/app/controllers/shared/api.php +++ b/app/controllers/shared/api.php @@ -313,10 +313,9 @@ Http::init() } $projectId = $project->getId(); - if ($projectId === 'console' && (str_starts_with($route->getPath(), '/v1/projects/:projectId') || str_starts_with($route->getPath(), '/v1/organization/projects'))) { + if ($projectId === 'console' && str_starts_with($route->getPath(), '/v1/projects/:projectId')) { $uri = $request->getURI(); - $parts = explode('/', $uri); - $projectId = str_starts_with($route->getPath(), '/v1/organization/projects') ? $parts[4] : $parts[3]; + $projectId = explode('/', $uri)[3]; } // Base scopes for admin users to allow listing teams and projects. @@ -341,7 +340,7 @@ Http::init() * For console projects resource, we use platform DB. * Enabling authorization restricts admin user to the projects they have access to. */ - if ($project->getId() === 'console' && ($route->getPath() === '/v1/projects' || $route->getPath() === '/v1/projects/:projectId' || $route->getPath() === '/v1/organization/projects')) { + if ($project->getId() === 'console' && ($route->getPath() === '/v1/projects' || $route->getPath() === '/v1/projects/:projectId')) { $authorization->setDefaultStatus(true); } else { // Otherwise, disable authorization checks. diff --git a/app/init/resources/request.php b/app/init/resources/request.php index e6382be032..85d8db3698 100644 --- a/app/init/resources/request.php +++ b/app/init/resources/request.php @@ -1,6 +1,5 @@ set('team', function (Document $project, Database $dbForPlatform, Http $utopia, Request $request, Authorization $authorization, Document $user) { - $teamId = ''; + $context->set('team', function (Document $project, Database $dbForPlatform, Http $utopia, Request $request, Authorization $authorization) { + $teamInternalId = ''; if ($project->getId() !== 'console') { - $teamId = $project->getAttribute('teamId', ''); + $teamInternalId = $project->getAttribute('teamInternalId', ''); } else { $route = $utopia->match($request); $path = ! empty($route) ? $route->getPath() : $request->getURI(); $orgHeader = $request->getHeader('x-appwrite-organization', ''); - - // Prioritx #1: If org ID header present, respect it - if (!empty($orgHeader)) { - $teamId = $orgHeader; - } elseif (\str_starts_with($path, '/v1/organization/projects')) { - // Backwards compatibility: /v1/organitation/projects acting as /v1/projects - - // Backwards compatibility: Take from payload param - // organizationId not required, but easy to use by mistake in future unknowingly - $teamId = $request->getParam('organizationId', $request->getParam('teamId', '')); - - // Backawrds compatibility: Get from URL param project ID - if (empty($teamId)) { - $projectId = \explode('/', $request->getURI())[4] ?? ''; - if (!empty($projectId)) { - $urlProject = $authorization->skip(fn () => $dbForPlatform->getDocument('projects', $projectId)); - $teamId = $urlProject->getAttribute('teamId', ''); - } - } - - // Backwards compatibility: Get from queries param - if (empty($teamId)) { - $queries = $request->getParam('queries', []); - $queries = \is_array($queries) ? $queries : [$queries]; - - try { - $queries = Query::parseQueries($queries); - $queries = Query::getByType($queries, [Query::TYPE_EQUAL]); - - foreach ($queries as $query) { - if ($query->getAttribute() === 'teamId') { - $teamId = $query->getValues()[0] ?? ''; - break; - } - } - } catch (QueryException $e) { - // Ignore, do not parse from queries - } - } - } elseif (str_starts_with($path, '/v1/projects/:projectId')) { + if (str_starts_with($path, '/v1/projects/:projectId')) { $uri = $request->getURI(); - $projectId = explode('/', $uri)[3]; - $project = $authorization->skip(fn () => $dbForPlatform->getDocument('projects', $projectId)); - $teamId = $project->getAttribute('teamId', ''); + $pid = explode('/', $uri)[3]; + $p = $authorization->skip(fn () => $dbForPlatform->getDocument('projects', $pid)); + $teamInternalId = $p->getAttribute('teamInternalId', ''); } elseif ($path === '/v1/projects') { $teamId = $request->getParam('teamId', ''); + + if (empty($teamId)) { + return new Document([]); + } + + $team = $authorization->skip(fn () => $dbForPlatform->getDocument('teams', $teamId)); + + return $team; + } elseif (! empty($orgHeader)) { + return $authorization->skip(fn () => $dbForPlatform->getDocument('teams', $orgHeader)); } } - // No team scenario - if (empty($teamId)) { + // if teamInternalId is empty, return an empty document + + if (empty($teamInternalId)) { return new Document([]); } - $team = $authorization->skip(function () use ($dbForPlatform, $teamId) { - return $dbForPlatform->getDocument('teams', $teamId); + $team = $authorization->skip(function () use ($dbForPlatform, $teamInternalId) { + return $dbForPlatform->findOne('teams', [ + Query::equal('$sequence', [$teamInternalId]), + ]); }); - // Unauthorized team scenario - // Ensure $user has membership in team - $memberships = $user->getAttribute('memberships', []); - foreach ($memberships as $membership) { - if ($membership->getAttribute('teamId', '') === $teamId) { - return $team; - } - } - - // API key auth bypasses membership check; key validity is verified later - if (!empty($request->getHeader('x-appwrite-key', ''))) { - return $team; - } - - // Unauthorized, do not allow the team - return new Document([]); - }, ['project', 'dbForPlatform', 'utopia', 'request', 'authorization', 'user']); + return $team; + }, ['project', 'dbForPlatform', 'utopia', 'request', 'authorization']); $context->set('previewHostname', function (Request $request, ?Key $apiKey) { $allowed = false; From 5a0bb57db25c7aff8cb8f209022ab025815584f3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Matej=20Ba=C4=8Do?= Date: Fri, 15 May 2026 11:45:39 +0200 Subject: [PATCH 43/84] linter fix --- .../Platform/Modules/Organization/Http/Projects/Create.php | 1 - 1 file changed, 1 deletion(-) diff --git a/src/Appwrite/Platform/Modules/Organization/Http/Projects/Create.php b/src/Appwrite/Platform/Modules/Organization/Http/Projects/Create.php index c4c5278d1f..227c64ce8c 100644 --- a/src/Appwrite/Platform/Modules/Organization/Http/Projects/Create.php +++ b/src/Appwrite/Platform/Modules/Organization/Http/Projects/Create.php @@ -20,7 +20,6 @@ use Utopia\Database\DateTime; use Utopia\Database\Document; use Utopia\Database\Exception\Duplicate; use Utopia\Database\Helpers\ID; -use Utopia\Database\Validator\UID; use Utopia\DSN\DSN; use Utopia\Platform\Scope\HTTP; use Utopia\Pools\Group; From a0c27afec8a08711a7be8b393c64d57fc5ab7fe3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Matej=20Ba=C4=8Do?= Date: Fri, 15 May 2026 11:47:52 +0200 Subject: [PATCH 44/84] Revert test changes --- .../Projects/ProjectsConsoleClientTest.php | 40 +------------------ 1 file changed, 1 insertion(+), 39 deletions(-) diff --git a/tests/e2e/Services/Projects/ProjectsConsoleClientTest.php b/tests/e2e/Services/Projects/ProjectsConsoleClientTest.php index 90546e1569..7b44b0485d 100644 --- a/tests/e2e/Services/Projects/ProjectsConsoleClientTest.php +++ b/tests/e2e/Services/Projects/ProjectsConsoleClientTest.php @@ -354,16 +354,6 @@ class ProjectsConsoleClientTest extends Scope 'x-appwrite-response-format' => '1.9.4', ], $this->getHeaders())); - $this->assertEquals(404, $response['headers']['status-code']); - - - $response = $this->client->call(Client::METHOD_GET, '/projects', array_merge([ - 'content-type' => 'application/json', - 'x-appwrite-project' => $this->getProject()['$id'], - 'x-appwrite-response-format' => '1.9.4', - 'x-appwrite-organization' => $data['teamId'], - ], $this->getHeaders())); - $this->assertEquals(200, $response['headers']['status-code']); $this->assertNotEmpty($response['body']); $this->assertGreaterThan(0, count($response['body']['projects'])); @@ -375,7 +365,6 @@ class ProjectsConsoleClientTest extends Scope 'content-type' => 'application/json', 'x-appwrite-project' => $this->getProject()['$id'], 'x-appwrite-response-format' => '1.9.4', - 'x-appwrite-organization' => $data['teamId'], ], $this->getHeaders(), [ 'search' => $id ])); @@ -388,7 +377,6 @@ class ProjectsConsoleClientTest extends Scope 'content-type' => 'application/json', 'x-appwrite-project' => $this->getProject()['$id'], 'x-appwrite-response-format' => '1.9.4', - 'x-appwrite-organization' => $data['teamId'], ], $this->getHeaders(), [ 'search' => 'Project Test' ])); @@ -435,7 +423,6 @@ class ProjectsConsoleClientTest extends Scope 'content-type' => 'application/json', 'x-appwrite-project' => $this->getProject()['$id'], 'x-appwrite-response-format' => '1.9.4', - 'x-appwrite-organization' => $team['body']['$id'], ], $this->getHeaders()), [ 'queries' => [ Query::equal('teamId', [$team['body']['$id']])->toString(), @@ -451,7 +438,6 @@ class ProjectsConsoleClientTest extends Scope 'content-type' => 'application/json', 'x-appwrite-project' => $this->getProject()['$id'], 'x-appwrite-response-format' => '1.9.4', - 'x-appwrite-organization' => $team['body']['$id'], ], $this->getHeaders()), [ 'queries' => [ Query::limit(1)->toString(), @@ -466,7 +452,6 @@ class ProjectsConsoleClientTest extends Scope 'content-type' => 'application/json', 'x-appwrite-project' => $this->getProject()['$id'], 'x-appwrite-response-format' => '1.9.4', - 'x-appwrite-organization' => $team['body']['$id'], ], $this->getHeaders()), [ 'queries' => [ Query::offset(1)->toString(), @@ -480,7 +465,6 @@ class ProjectsConsoleClientTest extends Scope 'content-type' => 'application/json', 'x-appwrite-project' => $this->getProject()['$id'], 'x-appwrite-response-format' => '1.9.4', - 'x-appwrite-organization' => $team['body']['$id'], ], $this->getHeaders()), [ 'queries' => [ Query::equal('name', ['Project Test 2'])->toString(), @@ -496,7 +480,6 @@ class ProjectsConsoleClientTest extends Scope 'content-type' => 'application/json', 'x-appwrite-project' => $this->getProject()['$id'], 'x-appwrite-response-format' => '1.9.4', - 'x-appwrite-organization' => $team['body']['$id'], ], $this->getHeaders()), [ 'queries' => [ Query::orderDesc()->toString(), @@ -511,7 +494,6 @@ class ProjectsConsoleClientTest extends Scope 'content-type' => 'application/json', 'x-appwrite-project' => $this->getProject()['$id'], 'x-appwrite-response-format' => '1.9.4', - 'x-appwrite-organization' => $team['body']['$id'], ], $this->getHeaders())); $this->assertEquals(200, $response['headers']['status-code']); @@ -522,7 +504,6 @@ class ProjectsConsoleClientTest extends Scope 'content-type' => 'application/json', 'x-appwrite-project' => $this->getProject()['$id'], 'x-appwrite-response-format' => '1.9.4', - 'x-appwrite-organization' => $team['body']['$id'], ], $this->getHeaders()), [ 'queries' => [ Query::cursorAfter(new Document(['$id' => $response['body']['projects'][0]['$id']]))->toString(), @@ -539,7 +520,6 @@ class ProjectsConsoleClientTest extends Scope 'content-type' => 'application/json', 'x-appwrite-project' => $this->getProject()['$id'], 'x-appwrite-response-format' => '1.9.4', - 'x-appwrite-organization' => $team['body']['$id'], ], $this->getHeaders()), [ 'queries' => [ Query::cursorAfter(new Document(['$id' => 'unknown']))->toString(), @@ -584,7 +564,6 @@ class ProjectsConsoleClientTest extends Scope 'content-type' => 'application/json', 'x-appwrite-project' => $this->getProject()['$id'], 'x-appwrite-response-format' => '1.9.4', - 'x-appwrite-organization' => $teamId, ], $this->getHeaders()), [ 'queries' => [ Query::select(['$id', 'name'])->toString(), @@ -614,8 +593,7 @@ class ProjectsConsoleClientTest extends Scope $response = $this->client->call(Client::METHOD_GET, '/projects', array_merge([ 'content-type' => 'application/json', 'x-appwrite-project' => $this->getProject()['$id'], - 'x-appwrite-response-format' => '1.9.4', - 'x-appwrite-organization' => $teamId, + 'x-appwrite-response-format' => '1.9.4' ], $this->getHeaders()), [ 'queries' => [ Query::select(['$id', 'name', 'teamId', 'description', '$createdAt', '$updatedAt'])->toString(), @@ -648,7 +626,6 @@ class ProjectsConsoleClientTest extends Scope 'content-type' => 'application/json', 'x-appwrite-project' => $this->getProject()['$id'], 'x-appwrite-response-format' => '1.9.4', - 'x-appwrite-organization' => $teamId, ], $this->getHeaders()), [ 'queries' => [ Query::select(['$id', 'name', 'teamId'])->toString(), @@ -681,7 +658,6 @@ class ProjectsConsoleClientTest extends Scope 'content-type' => 'application/json', 'x-appwrite-project' => $this->getProject()['$id'], 'x-appwrite-response-format' => '1.9.4', - 'x-appwrite-organization' => $teamId, ], $this->getHeaders()), [ 'queries' => [ Query::select(['$id', 'name'])->toString(), @@ -713,7 +689,6 @@ class ProjectsConsoleClientTest extends Scope 'content-type' => 'application/json', 'x-appwrite-project' => $this->getProject()['$id'], 'x-appwrite-response-format' => '1.9.4', - 'x-appwrite-organization' => $teamId, ], $this->getHeaders()), [ 'queries' => [ Query::select(['$id', 'name', 'platforms'])->toString(), @@ -744,7 +719,6 @@ class ProjectsConsoleClientTest extends Scope 'content-type' => 'application/json', 'x-appwrite-project' => $this->getProject()['$id'], 'x-appwrite-response-format' => '1.9.4', - 'x-appwrite-organization' => $teamId, ], $this->getHeaders()), [ 'queries' => [ Query::select(['$id', 'name', 'webhooks', 'keys'])->toString(), @@ -775,7 +749,6 @@ class ProjectsConsoleClientTest extends Scope 'content-type' => 'application/json', 'x-appwrite-project' => $this->getProject()['$id'], 'x-appwrite-response-format' => '1.9.4', - 'x-appwrite-organization' => $teamId, ], $this->getHeaders()), [ 'queries' => [ Query::select(['*'])->toString(), @@ -807,7 +780,6 @@ class ProjectsConsoleClientTest extends Scope 'content-type' => 'application/json', 'x-appwrite-project' => $this->getProject()['$id'], 'x-appwrite-response-format' => '1.9.4', - 'x-appwrite-organization' => $teamId, ], $this->getHeaders()), [ 'queries' => [ Query::select(['$id', 'invalidAttribute'])->toString(), @@ -7075,7 +7047,6 @@ class ProjectsConsoleClientTest extends Scope 'content-type' => 'application/json', 'x-appwrite-project' => $this->getProject()['$id'], 'x-appwrite-response-format' => '1.9.4', - 'x-appwrite-organization' => $teamId, ], $this->getHeaders()), [ 'queries' => [ Query::contains('labels', ['nonvip'])->toString(), @@ -7089,7 +7060,6 @@ class ProjectsConsoleClientTest extends Scope 'content-type' => 'application/json', 'x-appwrite-project' => $this->getProject()['$id'], 'x-appwrite-response-format' => '1.9.4', - 'x-appwrite-organization' => $teamId, ], $this->getHeaders()), [ 'queries' => [ Query::contains('labels', ['vip'])->toString(), @@ -7102,7 +7072,6 @@ class ProjectsConsoleClientTest extends Scope 'content-type' => 'application/json', 'x-appwrite-project' => $this->getProject()['$id'], 'x-appwrite-response-format' => '1.9.4', - 'x-appwrite-organization' => $teamId, ], $this->getHeaders()), [ 'queries' => [ Query::contains('labels', ['imagine'])->toString(), @@ -7116,7 +7085,6 @@ class ProjectsConsoleClientTest extends Scope 'content-type' => 'application/json', 'x-appwrite-project' => $this->getProject()['$id'], 'x-appwrite-response-format' => '1.9.4', - 'x-appwrite-organization' => $teamId, ], $this->getHeaders()), [ 'queries' => [ Query::contains('labels', ['nonvip', 'imagine'])->toString(), @@ -7131,7 +7099,6 @@ class ProjectsConsoleClientTest extends Scope 'content-type' => 'application/json', 'x-appwrite-project' => $this->getProject()['$id'], 'x-appwrite-response-format' => '1.9.4', - 'x-appwrite-organization' => $teamId, ], $this->getHeaders()), [ 'projectId' => ID::unique(), 'name' => 'Test project - Labels 2', @@ -7161,7 +7128,6 @@ class ProjectsConsoleClientTest extends Scope 'content-type' => 'application/json', 'x-appwrite-project' => $this->getProject()['$id'], 'x-appwrite-response-format' => '1.9.4', - 'x-appwrite-organization' => $teamId, ], $this->getHeaders()), [ 'queries' => [ Query::contains('labels', ['imagine'])->toString(), @@ -7177,7 +7143,6 @@ class ProjectsConsoleClientTest extends Scope 'content-type' => 'application/json', 'x-appwrite-project' => $this->getProject()['$id'], 'x-appwrite-response-format' => '1.9.4', - 'x-appwrite-organization' => $teamId, ], $this->getHeaders()), [ 'queries' => [ Query::contains('labels', ['vip'])->toString(), @@ -7192,7 +7157,6 @@ class ProjectsConsoleClientTest extends Scope 'content-type' => 'application/json', 'x-appwrite-project' => $this->getProject()['$id'], 'x-appwrite-response-format' => '1.9.4', - 'x-appwrite-organization' => $teamId, ], $this->getHeaders()), [ 'queries' => [ Query::contains('labels', ['vip'])->toString(), @@ -7208,7 +7172,6 @@ class ProjectsConsoleClientTest extends Scope 'content-type' => 'application/json', 'x-appwrite-project' => $this->getProject()['$id'], 'x-appwrite-response-format' => '1.9.4', - 'x-appwrite-organization' => $teamId, ], $this->getHeaders()), [ 'queries' => [ Query::contains('labels', ['vip', 'imagine'])->toString(), @@ -7316,7 +7279,6 @@ class ProjectsConsoleClientTest extends Scope 'x-appwrite-project' => $this->getProject()['$id'], 'x-appwrite-response-format' => '1.9.4', 'cookie' => 'a_session_' . $this->getProject()['$id'] . '=' . $token, - 'x-appwrite-organization' => $teamId, ]); $this->assertEquals(200, $response['headers']['status-code']); From b627a7d6ff4e7f524fb2d450b5f11f5aa7986561 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Matej=20Ba=C4=8Do?= Date: Fri, 15 May 2026 12:46:27 +0200 Subject: [PATCH 45/84] Org key tests --- tests/e2e/Scopes/SideServerOrganization.php | 81 +++++++++++++++++++ .../Services/Organization/ProjectsBase.php | 26 ++++++ .../ProjectsConsoleClientTest.php | 14 ++++ .../Organization/ProjectsCustomServerTest.php | 14 ++++ 4 files changed, 135 insertions(+) create mode 100644 tests/e2e/Scopes/SideServerOrganization.php create mode 100644 tests/e2e/Services/Organization/ProjectsBase.php create mode 100644 tests/e2e/Services/Organization/ProjectsConsoleClientTest.php create mode 100644 tests/e2e/Services/Organization/ProjectsCustomServerTest.php diff --git a/tests/e2e/Scopes/SideServerOrganization.php b/tests/e2e/Scopes/SideServerOrganization.php new file mode 100644 index 0000000000..45fa48451f --- /dev/null +++ b/tests/e2e/Scopes/SideServerOrganization.php @@ -0,0 +1,81 @@ +client->call(Client::METHOD_POST, '/teams', [ + 'origin' => 'http://localhost', + 'content-type' => 'application/json', + 'cookie' => 'a_session_console=' . $this->getRoot()['session'], + 'x-appwrite-project' => 'console', + ], [ + 'teamId' => $teamId, + 'name' => 'Organization Test', + ]); + if (\in_array($team['headers']['status-code'], [201, 409])) { + break; + } + \usleep(500000); + } + $this->assertContains($team['headers']['status-code'], [201, 409]); + $teamId = $team['body']['$id'] ?? $teamId; + + $key = $this->client->call(Client::METHOD_POST, '/v1/organization/keys', [ + 'origin' => 'http://localhost', + 'content-type' => 'application/json', + 'cookie' => 'a_session_console=' . $this->getRoot()['session'], + 'x-appwrite-project' => 'console', + 'x-appwrite-organization' => $teamId, + ], [ + 'keyId' => ID::unique(), + 'name' => 'Organization Key', + 'scopes' => ['projects.read', 'projects.write'], + ]); + + $this->assertEquals(201, $key['headers']['status-code']); + $this->assertNotEmpty($key['body']['secret']); + + self::$organization = [ + '$id' => $teamId, + 'apiKey' => $key['body']['secret'], + ]; + + return self::$organization; + } + + public function getHeaders(bool $devKey = false): array + { + $organization = $this->getOrganization(); + + return [ + 'x-appwrite-key' => $organization['apiKey'], + 'x-appwrite-organization' => $organization['$id'], + ]; + } + + /** + * @return string + */ + public function getSide() + { + return 'server'; + } +} diff --git a/tests/e2e/Services/Organization/ProjectsBase.php b/tests/e2e/Services/Organization/ProjectsBase.php new file mode 100644 index 0000000000..eff7c827a3 --- /dev/null +++ b/tests/e2e/Services/Organization/ProjectsBase.php @@ -0,0 +1,26 @@ +client->call(Client::METHOD_POST, '/v1/organization/projects', array_merge([ + 'content-type' => 'application/json', + 'x-appwrite-project' => $this->getProject()['$id'], + ], $this->getHeaders()), [ + 'projectId' => ID::unique(), + 'name' => 'Organization Project Test', + 'region' => System::getEnv('_APP_REGION', 'default'), + ]); + + $this->assertEquals(201, $response['headers']['status-code']); + $this->assertNotEmpty($response['body']['$id']); + $this->assertEquals('Organization Project Test', $response['body']['name']); + } +} diff --git a/tests/e2e/Services/Organization/ProjectsConsoleClientTest.php b/tests/e2e/Services/Organization/ProjectsConsoleClientTest.php new file mode 100644 index 0000000000..5d016eff01 --- /dev/null +++ b/tests/e2e/Services/Organization/ProjectsConsoleClientTest.php @@ -0,0 +1,14 @@ + Date: Tue, 19 May 2026 11:21:04 +0530 Subject: [PATCH 46/84] feat: remove CommitSkipPatterns - already available in 1.9.x Keep only branch and path skip trigger logic. Commit message skip is handled by the existing Contains(VCS_DEPLOYMENT_SKIP_PATTERNS) check. Co-Authored-By: Claude Sonnet 4.6 --- app/config/collections/projects.php | 22 -- .../Vcs/Validator/CommitSkipPatterns.php | 85 ------- .../Vcs/Validator/CommitSkipPatternsTest.php | 215 ------------------ 3 files changed, 322 deletions(-) delete mode 100644 src/Appwrite/Vcs/Validator/CommitSkipPatterns.php delete mode 100644 tests/unit/Vcs/Validator/CommitSkipPatternsTest.php diff --git a/app/config/collections/projects.php b/app/config/collections/projects.php index 30c82fbef0..120c9704ce 100644 --- a/app/config/collections/projects.php +++ b/app/config/collections/projects.php @@ -863,17 +863,6 @@ return [ 'array' => true, 'filters' => [], ], - [ - '$id' => ID::custom('providerCommitSkipPatterns'), - 'type' => Database::VAR_STRING, - 'format' => '', - 'size' => 128, - 'signed' => true, - 'required' => false, - 'default' => [], - 'array' => true, - 'filters' => [], - ], ], 'indexes' => [ [ @@ -1375,17 +1364,6 @@ return [ 'array' => true, 'filters' => [], ], - [ - '$id' => ID::custom('providerCommitSkipPatterns'), - 'type' => Database::VAR_STRING, - 'format' => '', - 'size' => 128, - 'signed' => true, - 'required' => false, - 'default' => [], - 'array' => true, - 'filters' => [], - ], ], 'indexes' => [ [ diff --git a/src/Appwrite/Vcs/Validator/CommitSkipPatterns.php b/src/Appwrite/Vcs/Validator/CommitSkipPatterns.php deleted file mode 100644 index 9dbe45ba83..0000000000 --- a/src/Appwrite/Vcs/Validator/CommitSkipPatterns.php +++ /dev/null @@ -1,85 +0,0 @@ -patterns as $pattern) { - if (!is_string($pattern)) { - continue; - } - - $pattern = trim($pattern); - if ($pattern === '') { - continue; - } - - // Split on whitespace; each token is regex-quoted. Tokens are rejoined - // with \s+ (required space) so that "skipappwrite" does NOT match the - // pattern "skip appwrite". The only exception: when the preceding token - // ends with ":" (git trailer style), \s* is used so that - // "skip-checks:true" still matches the pattern "skip-checks: true". - $tokens = preg_split('/\s+/', $pattern); - $regexParts = []; - $count = count($tokens); - for ($i = 0; $i < $count; $i++) { - $regexParts[] = preg_quote($tokens[$i], '~'); - if ($i < $count - 1) { - $regexParts[] = str_ends_with($tokens[$i], ':') ? '\s*' : '\s+'; - } - } - $regexBody = implode('', $regexParts); - - // (?assertTrue($validator->isValid('fix: update readme')); - $this->assertTrue($validator->isValid('[skip deploy] docs only')); - $this->assertTrue($validator->isValid('')); - } - - // ------------------------------------------------------------------------- - // Single pattern — directive match - // ------------------------------------------------------------------------- - - public function testSinglePatternMatchSkips(): void - { - $validator = new CommitSkipPatterns(['[skip deploy]']); - $this->assertFalse($validator->isValid('[skip deploy] docs only')); - $this->assertFalse($validator->isValid('chore: update deps [skip deploy]')); - $this->assertFalse($validator->isValid('prefix [skip deploy] suffix')); - } - - public function testSinglePatternNoMatchProceeds(): void - { - $validator = new CommitSkipPatterns(['[skip deploy]']); - $this->assertTrue($validator->isValid('fix: real bug fix')); - $this->assertTrue($validator->isValid('feat: add new feature')); - $this->assertTrue($validator->isValid('skip deploy without brackets')); - $this->assertTrue($validator->isValid('prefix[skip deploy]suffix')); - } - - // ------------------------------------------------------------------------- - // Case insensitivity - // ------------------------------------------------------------------------- - - public function testCaseInsensitiveMatch(): void - { - $validator = new CommitSkipPatterns(['[skip deploy]']); - $this->assertFalse($validator->isValid('[SKIP DEPLOY] uppercase')); - $this->assertFalse($validator->isValid('[Skip Deploy] mixed case')); - $this->assertFalse($validator->isValid('[skip DEPLOY] partial upper')); - } - - public function testPatternItselfCaseInsensitive(): void - { - $validator = new CommitSkipPatterns(['[SKIP DEPLOY]']); - $this->assertFalse($validator->isValid('[skip deploy] lowercase message')); - $this->assertFalse($validator->isValid('[Skip Deploy] mixed message')); - } - - // ------------------------------------------------------------------------- - // Array of patterns — any match skips (OR semantics) - // ------------------------------------------------------------------------- - - public function testMultiplePatternsFirstMatches(): void - { - $validator = new CommitSkipPatterns(['[skip deploy]', '[skip ci]', '[no deploy]']); - $this->assertFalse($validator->isValid('[skip deploy] docs only')); - } - - public function testMultiplePatternsSecondMatches(): void - { - $validator = new CommitSkipPatterns(['[skip deploy]', '[skip ci]', '[no deploy]']); - $this->assertFalse($validator->isValid('chore: update readme [skip ci]')); - } - - public function testMultiplePatternsThirdMatches(): void - { - $validator = new CommitSkipPatterns(['[skip deploy]', '[skip ci]', '[no deploy]']); - $this->assertFalse($validator->isValid('[no deploy] just docs')); - } - - public function testMultiplePatternsNoneMatchProceeds(): void - { - $validator = new CommitSkipPatterns(['[skip deploy]', '[skip ci]', '[no deploy]']); - $this->assertTrue($validator->isValid('feat: completely new feature')); - $this->assertTrue($validator->isValid('fix: important bug fix')); - } - - // ------------------------------------------------------------------------- - // Common real-world skip conventions - // ------------------------------------------------------------------------- - - public function testCommonSkipCiPattern(): void - { - $validator = new CommitSkipPatterns(['[skip ci]']); - $this->assertFalse($validator->isValid('[skip ci] update changelog')); - $this->assertFalse($validator->isValid('[SKIP CI]')); - $this->assertTrue($validator->isValid('feat: something real')); - } - - public function testNoDeployPattern(): void - { - $validator = new CommitSkipPatterns(['[no deploy]']); - $this->assertFalse($validator->isValid('[no deploy] tweak docs')); - $this->assertTrue($validator->isValid('deploy this please')); - } - - // ------------------------------------------------------------------------- - // Edge cases - // ------------------------------------------------------------------------- - - public function testEmptyCommitMessageNeverSkipsWithPatterns(): void - { - $validator = new CommitSkipPatterns(['[skip deploy]']); - $this->assertTrue($validator->isValid('')); - } - - public function testBlankPatternsInArrayAreIgnored(): void - { - $validator = new CommitSkipPatterns(['', ' ', '[skip deploy]']); - $this->assertTrue($validator->isValid('normal commit message')); - $this->assertFalse($validator->isValid('[skip deploy] docs')); - } - - public function testPatternMustBeStandaloneDirective(): void - { - $validator = new CommitSkipPatterns(['[skip deploy]']); - $this->assertTrue($validator->isValid('skippy the kangaroo')); - $this->assertTrue($validator->isValid('prefix[skip deploy]suffix')); - } - - public function testMultilineCommitMessage(): void - { - $validator = new CommitSkipPatterns(['[skip deploy]']); - $msg = "feat: add new stuff\n\nMore detail here.\n\n[skip deploy]"; - $this->assertFalse($validator->isValid($msg)); - } - - public function testWhitespaceInsideDirectiveIsNormalized(): void - { - $validator = new CommitSkipPatterns([' [skip deploy] ']); - $this->assertFalse($validator->isValid('[skip deploy] docs only')); - $this->assertFalse($validator->isValid('[SKIP DEPLOY] docs only')); - } - - public function testTrailerDirectiveCanSkip(): void - { - $validator = new CommitSkipPatterns(['skip-checks: true']); - $msg = "feat: add new stuff\n\nMore detail here.\n\nskip-checks:true"; - $this->assertFalse($validator->isValid($msg)); - } - - // ------------------------------------------------------------------------- - // Plain-word patterns: "skip appwrite" and "appwrite skip" - // ------------------------------------------------------------------------- - - public function testSkipAppwritePatternSkips(): void - { - $validator = new CommitSkipPatterns(['skip appwrite']); - $this->assertFalse($validator->isValid('docs: update readme skip appwrite')); - $this->assertFalse($validator->isValid('skip appwrite')); - } - - public function testSkipAppwritePatternCaseInsensitive(): void - { - $validator = new CommitSkipPatterns(['skip appwrite']); - $this->assertFalse($validator->isValid('SKIP APPWRITE')); - $this->assertFalse($validator->isValid('Skip Appwrite')); - $this->assertFalse($validator->isValid('SKIP appwrite')); - } - - public function testSkipAppwritePatternNoMatchProceeds(): void - { - $validator = new CommitSkipPatterns(['skip appwrite']); - $this->assertTrue($validator->isValid('feat: real feature')); - $this->assertTrue($validator->isValid('skipappwrite')); // no space — not standalone - $this->assertTrue($validator->isValid('appwrite is great')); - } - - public function testAppwriteSkipPatternSkips(): void - { - $validator = new CommitSkipPatterns(['appwrite skip']); - $this->assertFalse($validator->isValid('appwrite skip ci')); - $this->assertFalse($validator->isValid('docs appwrite skip')); - $this->assertFalse($validator->isValid('appwrite skip')); - } - - public function testAppwriteSkipPatternCaseInsensitive(): void - { - $validator = new CommitSkipPatterns(['appwrite skip']); - $this->assertFalse($validator->isValid('APPWRITE SKIP')); - $this->assertFalse($validator->isValid('Appwrite Skip')); - $this->assertFalse($validator->isValid('appwrite SKIP')); - } - - public function testAppwriteSkipPatternNoMatchProceeds(): void - { - $validator = new CommitSkipPatterns(['appwrite skip']); - $this->assertTrue($validator->isValid('feat: deploy appwrite changes')); - $this->assertTrue($validator->isValid('appwriteskip')); // no space — not standalone - $this->assertTrue($validator->isValid('skip the appwrite stuff')); - } - - public function testBothAppwritePatternsInArray(): void - { - $validator = new CommitSkipPatterns(['skip appwrite', 'appwrite skip']); - $this->assertFalse($validator->isValid('skip appwrite')); - $this->assertFalse($validator->isValid('appwrite skip')); - $this->assertFalse($validator->isValid('SKIP APPWRITE')); - $this->assertFalse($validator->isValid('APPWRITE SKIP')); - $this->assertTrue($validator->isValid('feat: deploy appwrite changes')); - } -} From 74a4ae19eea38d4cb61686ee3e65cee79b30f6f5 Mon Sep 17 00:00:00 2001 From: harsh mahajan Date: Tue, 19 May 2026 11:28:04 +0530 Subject: [PATCH 47/84] refactor: remove unnecessary comments Co-Authored-By: Claude Sonnet 4.6 --- .../Modules/VCS/Http/GitHub/Authorize/External/Update.php | 2 +- .../Platform/Modules/VCS/Http/GitHub/Events/Create.php | 2 +- src/Appwrite/Vcs/Validator/BuildTrigger.php | 6 ------ 3 files changed, 2 insertions(+), 8 deletions(-) diff --git a/src/Appwrite/Platform/Modules/VCS/Http/GitHub/Authorize/External/Update.php b/src/Appwrite/Platform/Modules/VCS/Http/GitHub/Authorize/External/Update.php index fed7248ddf..86ac0899d1 100644 --- a/src/Appwrite/Platform/Modules/VCS/Http/GitHub/Authorize/External/Update.php +++ b/src/Appwrite/Platform/Modules/VCS/Http/GitHub/Authorize/External/Update.php @@ -133,7 +133,7 @@ class Update extends Action $prFiles = $github->getPullRequestFiles($owner, $providerRepositoryName, $providerPullRequestId); $providerAffectedFiles = [ ...array_column($prFiles, 'filename'), - ...array_filter(array_column($prFiles, 'previous_filename')) // Filter out null values + ...array_filter(array_column($prFiles, 'previous_filename')) ]; $this->createGitDeployments($github, $providerInstallationId, $repositories, $providerBranch, $providerBranchUrl, $providerRepositoryName, $providerRepositoryUrl, $providerRepositoryOwner, $providerCommitHash, $providerCommitAuthor, $providerCommitAuthorUrl, $providerCommitMessage, $providerCommitUrl, $providerPullRequestId, $providerAffectedFiles, true, $dbForPlatform, $authorization, $publisherForBuilds, $getProjectDB, $platform); diff --git a/src/Appwrite/Platform/Modules/VCS/Http/GitHub/Events/Create.php b/src/Appwrite/Platform/Modules/VCS/Http/GitHub/Events/Create.php index fd8a48ac15..7ce9ece505 100644 --- a/src/Appwrite/Platform/Modules/VCS/Http/GitHub/Events/Create.php +++ b/src/Appwrite/Platform/Modules/VCS/Http/GitHub/Events/Create.php @@ -215,7 +215,7 @@ class Create extends Action $prFiles = $github->getPullRequestFiles($providerRepositoryOwner, $providerRepositoryName, $providerPullRequestId); $providerAffectedFiles = [ ...array_column($prFiles, 'filename'), - ...array_filter(array_column($prFiles, 'previous_filename')) // Filter out null values + ...array_filter(array_column($prFiles, 'previous_filename')) ]; $repositories = $authorization->skip(fn () => $dbForPlatform->find('repositories', [ diff --git a/src/Appwrite/Vcs/Validator/BuildTrigger.php b/src/Appwrite/Vcs/Validator/BuildTrigger.php index 22037c8907..be8b9c43d1 100644 --- a/src/Appwrite/Vcs/Validator/BuildTrigger.php +++ b/src/Appwrite/Vcs/Validator/BuildTrigger.php @@ -24,7 +24,6 @@ class BuildTrigger extends Validator $exclude = array_filter($this->patterns, fn ($p) => str_starts_with($p, '!')); if (empty($include)) { - // Only exclusions: pass everything unless excluded. foreach ($exclude as $pattern) { if ($this->matchGlob($value, substr($pattern, 1))) { return false; @@ -33,31 +32,26 @@ class BuildTrigger extends Validator return true; } - // A pattern is "specific" when it contains no wildcard characters. $isSpecific = fn ($pattern) => !str_contains($pattern, '*') && !str_contains($pattern, '?'); - // 1. Specific inclusion always wins — an explicit exact match is never blocked. foreach ($include as $pattern) { if ($isSpecific($pattern) && $this->matchGlob($value, $pattern)) { return true; } } - // 2. Any exclusion (specific or wildcard) overrides a wildcard inclusion — refines broad patterns. foreach ($exclude as $pattern) { if ($this->matchGlob($value, substr($pattern, 1))) { return false; } } - // 3. Wildcard inclusion — no exclusion blocked it. foreach ($include as $pattern) { if (!$isSpecific($pattern) && $this->matchGlob($value, $pattern)) { return true; } } - // No inclusion matched. return false; } From b2ebfa9bb9d9c83b2fd8172dc15e5a3147b69cc5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Matej=20Ba=C4=8Do?= Date: Tue, 19 May 2026 17:20:15 +0200 Subject: [PATCH 48/84] Revert unwanted tests --- tests/e2e/Scopes/SideServerOrganization.php | 81 ------------------- .../Organization/ProjectsCustomServerTest.php | 14 ---- 2 files changed, 95 deletions(-) delete mode 100644 tests/e2e/Scopes/SideServerOrganization.php delete mode 100644 tests/e2e/Services/Organization/ProjectsCustomServerTest.php diff --git a/tests/e2e/Scopes/SideServerOrganization.php b/tests/e2e/Scopes/SideServerOrganization.php deleted file mode 100644 index 45fa48451f..0000000000 --- a/tests/e2e/Scopes/SideServerOrganization.php +++ /dev/null @@ -1,81 +0,0 @@ -client->call(Client::METHOD_POST, '/teams', [ - 'origin' => 'http://localhost', - 'content-type' => 'application/json', - 'cookie' => 'a_session_console=' . $this->getRoot()['session'], - 'x-appwrite-project' => 'console', - ], [ - 'teamId' => $teamId, - 'name' => 'Organization Test', - ]); - if (\in_array($team['headers']['status-code'], [201, 409])) { - break; - } - \usleep(500000); - } - $this->assertContains($team['headers']['status-code'], [201, 409]); - $teamId = $team['body']['$id'] ?? $teamId; - - $key = $this->client->call(Client::METHOD_POST, '/v1/organization/keys', [ - 'origin' => 'http://localhost', - 'content-type' => 'application/json', - 'cookie' => 'a_session_console=' . $this->getRoot()['session'], - 'x-appwrite-project' => 'console', - 'x-appwrite-organization' => $teamId, - ], [ - 'keyId' => ID::unique(), - 'name' => 'Organization Key', - 'scopes' => ['projects.read', 'projects.write'], - ]); - - $this->assertEquals(201, $key['headers']['status-code']); - $this->assertNotEmpty($key['body']['secret']); - - self::$organization = [ - '$id' => $teamId, - 'apiKey' => $key['body']['secret'], - ]; - - return self::$organization; - } - - public function getHeaders(bool $devKey = false): array - { - $organization = $this->getOrganization(); - - return [ - 'x-appwrite-key' => $organization['apiKey'], - 'x-appwrite-organization' => $organization['$id'], - ]; - } - - /** - * @return string - */ - public function getSide() - { - return 'server'; - } -} diff --git a/tests/e2e/Services/Organization/ProjectsCustomServerTest.php b/tests/e2e/Services/Organization/ProjectsCustomServerTest.php deleted file mode 100644 index 68caa2f299..0000000000 --- a/tests/e2e/Services/Organization/ProjectsCustomServerTest.php +++ /dev/null @@ -1,14 +0,0 @@ - Date: Wed, 20 May 2026 13:49:29 +0200 Subject: [PATCH 49/84] PR cleanup --- docs/references/projects/create-jwt.md | 1 - docs/references/projects/create-smtp-test.md | 1 - docs/references/projects/create.md | 1 - docs/references/projects/delete-email-template.md | 1 - docs/references/projects/delete.md | 1 - docs/references/projects/get-email-template.md | 1 - docs/references/projects/get.md | 1 - docs/references/projects/update-auth-status.md | 1 - docs/references/projects/update-email-template.md | 1 - docs/references/projects/update-mock-numbers.md | 1 - docs/references/projects/update-oauth2.md | 1 - docs/references/projects/update-smtp.md | 1 - docs/references/projects/update.md | 1 - 13 files changed, 13 deletions(-) delete mode 100644 docs/references/projects/create-jwt.md delete mode 100644 docs/references/projects/create-smtp-test.md delete mode 100644 docs/references/projects/create.md delete mode 100644 docs/references/projects/delete-email-template.md delete mode 100644 docs/references/projects/delete.md delete mode 100644 docs/references/projects/get-email-template.md delete mode 100644 docs/references/projects/get.md delete mode 100644 docs/references/projects/update-auth-status.md delete mode 100644 docs/references/projects/update-email-template.md delete mode 100644 docs/references/projects/update-mock-numbers.md delete mode 100644 docs/references/projects/update-oauth2.md delete mode 100644 docs/references/projects/update-smtp.md delete mode 100644 docs/references/projects/update.md diff --git a/docs/references/projects/create-jwt.md b/docs/references/projects/create-jwt.md deleted file mode 100644 index 9a6f8ebf6b..0000000000 --- a/docs/references/projects/create-jwt.md +++ /dev/null @@ -1 +0,0 @@ -Create a new JWT token. This token can be used to authenticate users with custom scopes and expiration time. \ No newline at end of file diff --git a/docs/references/projects/create-smtp-test.md b/docs/references/projects/create-smtp-test.md deleted file mode 100644 index 63cea9d21f..0000000000 --- a/docs/references/projects/create-smtp-test.md +++ /dev/null @@ -1 +0,0 @@ -Send a test email to verify SMTP configuration. \ No newline at end of file diff --git a/docs/references/projects/create.md b/docs/references/projects/create.md deleted file mode 100644 index d502c269ef..0000000000 --- a/docs/references/projects/create.md +++ /dev/null @@ -1 +0,0 @@ -Create a new project. You can create a maximum of 100 projects per account. \ No newline at end of file diff --git a/docs/references/projects/delete-email-template.md b/docs/references/projects/delete-email-template.md deleted file mode 100644 index 332b1d6117..0000000000 --- a/docs/references/projects/delete-email-template.md +++ /dev/null @@ -1 +0,0 @@ -Reset a custom email template to its default value. This endpoint removes any custom content and restores the template to its original state. \ No newline at end of file diff --git a/docs/references/projects/delete.md b/docs/references/projects/delete.md deleted file mode 100644 index 4a8070c082..0000000000 --- a/docs/references/projects/delete.md +++ /dev/null @@ -1 +0,0 @@ -Delete a project by its unique ID. \ No newline at end of file diff --git a/docs/references/projects/get-email-template.md b/docs/references/projects/get-email-template.md deleted file mode 100644 index 6119a0a183..0000000000 --- a/docs/references/projects/get-email-template.md +++ /dev/null @@ -1 +0,0 @@ -Get a custom email template for the specified locale and type. This endpoint returns the template content, subject, and other configuration details. \ No newline at end of file diff --git a/docs/references/projects/get.md b/docs/references/projects/get.md deleted file mode 100644 index b7a1165adc..0000000000 --- a/docs/references/projects/get.md +++ /dev/null @@ -1 +0,0 @@ -Get a project by its unique ID. This endpoint allows you to retrieve the project's details, including its name, description, team, region, and other metadata. \ No newline at end of file diff --git a/docs/references/projects/update-auth-status.md b/docs/references/projects/update-auth-status.md deleted file mode 100644 index 5d39ec29c4..0000000000 --- a/docs/references/projects/update-auth-status.md +++ /dev/null @@ -1 +0,0 @@ -Update the status of a specific authentication method. Use this endpoint to enable or disable different authentication methods such as email, magic urls or sms in your project. \ No newline at end of file diff --git a/docs/references/projects/update-email-template.md b/docs/references/projects/update-email-template.md deleted file mode 100644 index d2bf124541..0000000000 --- a/docs/references/projects/update-email-template.md +++ /dev/null @@ -1 +0,0 @@ -Update a custom email template for the specified locale and type. Use this endpoint to modify the content of your email templates. \ No newline at end of file diff --git a/docs/references/projects/update-mock-numbers.md b/docs/references/projects/update-mock-numbers.md deleted file mode 100644 index 7fa92455c1..0000000000 --- a/docs/references/projects/update-mock-numbers.md +++ /dev/null @@ -1 +0,0 @@ -Update the list of mock phone numbers for testing. Use these numbers to bypass SMS verification in development. \ No newline at end of file diff --git a/docs/references/projects/update-oauth2.md b/docs/references/projects/update-oauth2.md deleted file mode 100644 index 2285135991..0000000000 --- a/docs/references/projects/update-oauth2.md +++ /dev/null @@ -1 +0,0 @@ -Update the OAuth2 provider configurations. Use this endpoint to set up or update the OAuth2 provider credentials or enable/disable providers. \ No newline at end of file diff --git a/docs/references/projects/update-smtp.md b/docs/references/projects/update-smtp.md deleted file mode 100644 index 7d898e1ed1..0000000000 --- a/docs/references/projects/update-smtp.md +++ /dev/null @@ -1 +0,0 @@ -Update the SMTP configuration for your project. Use this endpoint to configure your project's SMTP provider with your custom settings for sending transactional emails. \ No newline at end of file diff --git a/docs/references/projects/update.md b/docs/references/projects/update.md deleted file mode 100644 index 60c072c477..0000000000 --- a/docs/references/projects/update.md +++ /dev/null @@ -1 +0,0 @@ -Update a project by its unique ID. \ No newline at end of file From cbcf86e362ef271979ee1f7ece03b1bb82b4cf84 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Matej=20Ba=C4=8Do?= Date: Wed, 20 May 2026 13:49:40 +0200 Subject: [PATCH 50/84] Add missing delete endpoint --- .../Organization/Http/Projects/Delete.php | 93 +++++++++++++++++++ .../Modules/Organization/Services/Http.php | 2 + 2 files changed, 95 insertions(+) create mode 100644 src/Appwrite/Platform/Modules/Organization/Http/Projects/Delete.php diff --git a/src/Appwrite/Platform/Modules/Organization/Http/Projects/Delete.php b/src/Appwrite/Platform/Modules/Organization/Http/Projects/Delete.php new file mode 100644 index 0000000000..fc8d5cccfc --- /dev/null +++ b/src/Appwrite/Platform/Modules/Organization/Http/Projects/Delete.php @@ -0,0 +1,93 @@ +setHttpMethod(Action::HTTP_REQUEST_METHOD_DELETE) + ->setHttpPath('/v1/organization/projects/:projectId') + ->desc('Delete organization project') + ->groups(['api', 'organization']) + ->label('scope', 'projects.write') + ->label('audits.event', 'projects.delete') + ->label('audits.resource', 'project/{request.projectId}') + ->label('sdk', new Method( + namespace: 'organization', + group: 'projects', + name: 'deleteProject', + description: <<param('projectId', '', new UID(), 'Project unique ID.') + ->inject('response') + ->inject('dbForPlatform') + ->inject('publisherForDeletes') + ->inject('authorization') + ->inject('team') + ->callback($this->action(...)); + } + + public function action( + string $projectId, + Response $response, + Database $dbForPlatform, + DeletePublisher $publisherForDeletes, + Authorization $authorization, + Document $team, + ) { + $project = $dbForPlatform->getDocument('projects', $projectId); + + if ($project->isEmpty()) { + throw new Exception(Exception::PROJECT_NOT_FOUND); + } + + if ($project->getAttribute('teamInternalId') !== $team->getSequence()) { + throw new Exception(Exception::PROJECT_NOT_FOUND); + } + + if (!$authorization->skip(fn () => $dbForPlatform->deleteDocument('projects', $project->getId()))) { + throw new Exception(Exception::GENERAL_SERVER_ERROR, 'Failed to remove project from DB'); + } + + $publisherForDeletes->enqueue(new DeleteMessage( + project: $project, + type: DELETE_TYPE_DOCUMENT, + document: $project, + )); + + $response->noContent(); + } +} diff --git a/src/Appwrite/Platform/Modules/Organization/Services/Http.php b/src/Appwrite/Platform/Modules/Organization/Services/Http.php index 4a7cd69220..49a8f7d832 100644 --- a/src/Appwrite/Platform/Modules/Organization/Services/Http.php +++ b/src/Appwrite/Platform/Modules/Organization/Services/Http.php @@ -4,6 +4,7 @@ namespace Appwrite\Platform\Modules\Organization\Services; use Appwrite\Platform\Modules\Organization\Http\Init as Init; use Appwrite\Platform\Modules\Organization\Http\Projects\Create as CreateProject; +use Appwrite\Platform\Modules\Organization\Http\Projects\Delete as DeleteProject; use Appwrite\Platform\Modules\Organization\Http\Projects\Get as GetProject; use Appwrite\Platform\Modules\Organization\Http\Projects\Update as UpdateProject; use Appwrite\Platform\Modules\Organization\Http\Projects\XList as ListProjects; @@ -23,5 +24,6 @@ class Http extends Service $this->addAction(ListProjects::getName(), new ListProjects()); $this->addAction(GetProject::getName(), new GetProject()); $this->addAction(UpdateProject::getName(), new UpdateProject()); + $this->addAction(DeleteProject::getName(), new DeleteProject()); } } From 4400eedbae2894c7e8d974f0a6f42290b8058dd2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Matej=20Ba=C4=8Do?= Date: Wed, 20 May 2026 13:56:47 +0200 Subject: [PATCH 51/84] Add proper test coverage --- .../Services/Organization/ProjectsBase.php | 458 ++++++++++++++++++ 1 file changed, 458 insertions(+) diff --git a/tests/e2e/Services/Organization/ProjectsBase.php b/tests/e2e/Services/Organization/ProjectsBase.php index eff7c827a3..4e18050670 100644 --- a/tests/e2e/Services/Organization/ProjectsBase.php +++ b/tests/e2e/Services/Organization/ProjectsBase.php @@ -2,14 +2,123 @@ namespace Tests\E2E\Services\Organization; +use Appwrite\Extend\Exception; use Tests\E2E\Client; +use Utopia\Database\Document; use Utopia\Database\Helpers\ID; +use Utopia\Database\Query; use Utopia\System\System; trait ProjectsBase { + private static array $cachedOrganization = []; + private static array $cachedProjectData = []; + + /** + * Setup and cache an organization (team) for organization endpoint tests. + */ + protected function setupOrganization(): array + { + if (!empty(self::$cachedOrganization)) { + return self::$cachedOrganization; + } + + $teamId = ID::unique(); + $team = null; + for ($i = 0; $i < 3; $i++) { + $team = $this->client->call(Client::METHOD_POST, '/teams', array_merge([ + 'content-type' => 'application/json', + 'x-appwrite-project' => $this->getProject()['$id'], + ], $this->getHeaders()), [ + 'teamId' => $teamId, + 'name' => 'Organization Test', + ]); + if (\in_array($team['headers']['status-code'], [201, 409])) { + break; + } + \usleep(500000); + } + $this->assertContains($team['headers']['status-code'], [201, 409], 'Setup organization (team) failed'); + + self::$cachedOrganization = [ + 'teamId' => $team['body']['$id'] ?? $teamId, + ]; + + return self::$cachedOrganization; + } + + protected function getOrganizationHeaders(): array + { + $organization = $this->setupOrganization(); + + return array_merge($this->getHeaders(), [ + 'x-appwrite-organization' => $organization['teamId'], + ]); + } + + /** + * Setup and cache a project created via organization endpoints. + */ + protected function setupOrganizationProject(): array + { + if (!empty(self::$cachedProjectData)) { + return self::$cachedProjectData; + } + + $project = null; + for ($i = 0; $i < 3; $i++) { + $project = $this->client->call(Client::METHOD_POST, '/v1/organization/projects', array_merge([ + 'content-type' => 'application/json', + 'x-appwrite-project' => $this->getProject()['$id'], + ], $this->getOrganizationHeaders()), [ + 'projectId' => ID::unique(), + 'name' => 'Organization Project Test', + 'region' => System::getEnv('_APP_REGION', 'default'), + ]); + if ($project['headers']['status-code'] === 201) { + break; + } + \usleep(500000); + } + $this->assertEquals(201, $project['headers']['status-code'], 'Setup organization project failed'); + + self::$cachedProjectData = [ + 'projectId' => $project['body']['$id'], + 'teamId' => $this->setupOrganization()['teamId'], + ]; + + return self::$cachedProjectData; + } + public function testCreateProject(): void { + $organization = $this->setupOrganization(); + $teamId = $organization['teamId']; + + /** + * Test for SUCCESS + */ + $response = $this->client->call(Client::METHOD_POST, '/v1/organization/projects', array_merge([ + 'content-type' => 'application/json', + 'x-appwrite-project' => $this->getProject()['$id'], + ], $this->getOrganizationHeaders()), [ + 'projectId' => ID::unique(), + 'name' => 'Organization Project Test', + 'region' => System::getEnv('_APP_REGION', 'default'), + ]); + + $this->assertEquals(201, $response['headers']['status-code']); + $this->assertNotEmpty($response['body']['$id']); + $this->assertEquals('Organization Project Test', $response['body']['name']); + $this->assertEquals($teamId, $response['body']['teamId']); + $this->assertEquals(PROJECT_STATUS_ACTIVE, $response['body']['status']); + $this->assertArrayHasKey('platforms', $response['body']); + $this->assertArrayHasKey('webhooks', $response['body']); + $this->assertArrayHasKey('keys', $response['body']); + + /** + * Test for FAILURE - missing organization header + */ $response = $this->client->call(Client::METHOD_POST, '/v1/organization/projects', array_merge([ 'content-type' => 'application/json', 'x-appwrite-project' => $this->getProject()['$id'], @@ -19,8 +128,357 @@ trait ProjectsBase 'region' => System::getEnv('_APP_REGION', 'default'), ]); + $this->assertEquals(404, $response['headers']['status-code']); + + /** + * Test for FAILURE - empty name + */ + $response = $this->client->call(Client::METHOD_POST, '/v1/organization/projects', array_merge([ + 'content-type' => 'application/json', + 'x-appwrite-project' => $this->getProject()['$id'], + ], $this->getOrganizationHeaders()), [ + 'projectId' => ID::unique(), + 'name' => '', + 'region' => System::getEnv('_APP_REGION', 'default'), + ]); + + $this->assertEquals(400, $response['headers']['status-code']); + } + + public function testCreateDuplicateProject(): void + { + $organization = $this->setupOrganization(); + $projectId = ID::unique(); + + $response = $this->client->call(Client::METHOD_POST, '/v1/organization/projects', array_merge([ + 'content-type' => 'application/json', + 'x-appwrite-project' => $this->getProject()['$id'], + ], $this->getOrganizationHeaders()), [ + 'projectId' => $projectId, + 'name' => 'Original Organization Project', + 'region' => System::getEnv('_APP_REGION', 'default'), + ]); + $this->assertEquals(201, $response['headers']['status-code']); + + /** + * Test for FAILURE - duplicate project ID + */ + $response = $this->client->call(Client::METHOD_POST, '/v1/organization/projects', array_merge([ + 'content-type' => 'application/json', + 'x-appwrite-project' => $this->getProject()['$id'], + ], $this->getOrganizationHeaders()), [ + 'projectId' => $projectId, + 'name' => 'Duplicate Organization Project', + 'region' => System::getEnv('_APP_REGION', 'default'), + ]); + + $this->assertEquals(409, $response['headers']['status-code']); + $this->assertEquals(409, $response['body']['code']); + $this->assertEquals(Exception::PROJECT_ALREADY_EXISTS, $response['body']['type']); + } + + public function testGetProject(): void + { + $data = $this->setupOrganizationProject(); + $projectId = $data['projectId']; + + /** + * Test for SUCCESS + */ + $response = $this->client->call(Client::METHOD_GET, '/v1/organization/projects/' . $projectId, array_merge([ + 'content-type' => 'application/json', + 'x-appwrite-project' => $this->getProject()['$id'], + ], $this->getOrganizationHeaders())); + + $this->assertEquals(200, $response['headers']['status-code']); $this->assertNotEmpty($response['body']['$id']); + $this->assertEquals($projectId, $response['body']['$id']); $this->assertEquals('Organization Project Test', $response['body']['name']); + $this->assertEquals(PROJECT_STATUS_ACTIVE, $response['body']['status']); + $this->assertArrayHasKey('platforms', $response['body']); + $this->assertArrayHasKey('webhooks', $response['body']); + $this->assertArrayHasKey('keys', $response['body']); + + /** + * Test for FAILURE - project not found + */ + $response = $this->client->call(Client::METHOD_GET, '/v1/organization/projects/' . ID::unique(), array_merge([ + 'content-type' => 'application/json', + 'x-appwrite-project' => $this->getProject()['$id'], + ], $this->getOrganizationHeaders())); + + $this->assertEquals(404, $response['headers']['status-code']); + + /** + * Test for FAILURE - project from different organization + */ + $otherTeam = $this->client->call(Client::METHOD_POST, '/teams', array_merge([ + 'content-type' => 'application/json', + 'x-appwrite-project' => $this->getProject()['$id'], + ], $this->getHeaders()), [ + 'teamId' => ID::unique(), + 'name' => 'Other Organization', + ]); + $this->assertContains($otherTeam['headers']['status-code'], [201, 409]); + $otherTeamId = $otherTeam['body']['$id'] ?? $otherTeam['body']['teamId']; + + $otherProject = $this->client->call(Client::METHOD_POST, '/v1/organization/projects', array_merge([ + 'content-type' => 'application/json', + 'x-appwrite-project' => $this->getProject()['$id'], + ], array_merge($this->getHeaders(), [ + 'x-appwrite-organization' => $otherTeamId, + ])), [ + 'projectId' => ID::unique(), + 'name' => 'Other Organization Project', + 'region' => System::getEnv('_APP_REGION', 'default'), + ]); + $this->assertEquals(201, $otherProject['headers']['status-code']); + $otherProjectId = $otherProject['body']['$id']; + + $response = $this->client->call(Client::METHOD_GET, '/v1/organization/projects/' . $otherProjectId, array_merge([ + 'content-type' => 'application/json', + 'x-appwrite-project' => $this->getProject()['$id'], + ], $this->getOrganizationHeaders())); + + $this->assertEquals(404, $response['headers']['status-code']); + } + + public function testUpdateProject(): void + { + $data = $this->setupOrganizationProject(); + $projectId = $data['projectId']; + + /** + * Test for SUCCESS + */ + $response = $this->client->call(Client::METHOD_PATCH, '/v1/organization/projects/' . $projectId, array_merge([ + 'content-type' => 'application/json', + 'x-appwrite-project' => $this->getProject()['$id'], + ], $this->getOrganizationHeaders()), [ + 'name' => 'Updated Organization Project', + ]); + + $this->assertEquals(200, $response['headers']['status-code']); + $this->assertEquals($projectId, $response['body']['$id']); + $this->assertEquals('Updated Organization Project', $response['body']['name']); + + /** + * Test for FAILURE - project not found + */ + $response = $this->client->call(Client::METHOD_PATCH, '/v1/organization/projects/' . ID::unique(), array_merge([ + 'content-type' => 'application/json', + 'x-appwrite-project' => $this->getProject()['$id'], + ], $this->getOrganizationHeaders()), [ + 'name' => 'Should Fail', + ]); + + $this->assertEquals(404, $response['headers']['status-code']); + + /** + * Test for FAILURE - empty name + */ + $response = $this->client->call(Client::METHOD_PATCH, '/v1/organization/projects/' . $projectId, array_merge([ + 'content-type' => 'application/json', + 'x-appwrite-project' => $this->getProject()['$id'], + ], $this->getOrganizationHeaders()), [ + 'name' => '', + ]); + + $this->assertEquals(400, $response['headers']['status-code']); + } + + public function testDeleteProject(): void + { + $organization = $this->setupOrganization(); + + $project = $this->client->call(Client::METHOD_POST, '/v1/organization/projects', array_merge([ + 'content-type' => 'application/json', + 'x-appwrite-project' => $this->getProject()['$id'], + ], $this->getOrganizationHeaders()), [ + 'projectId' => ID::unique(), + 'name' => 'Project To Delete', + 'region' => System::getEnv('_APP_REGION', 'default'), + ]); + + $this->assertEquals(201, $project['headers']['status-code']); + $projectId = $project['body']['$id']; + + /** + * Test for SUCCESS + */ + $response = $this->client->call(Client::METHOD_DELETE, '/v1/organization/projects/' . $projectId, array_merge([ + 'content-type' => 'application/json', + 'x-appwrite-project' => $this->getProject()['$id'], + ], $this->getOrganizationHeaders())); + + $this->assertEquals(204, $response['headers']['status-code']); + + // Verify project is actually deleted + $response = $this->client->call(Client::METHOD_GET, '/v1/organization/projects/' . $projectId, array_merge([ + 'content-type' => 'application/json', + 'x-appwrite-project' => $this->getProject()['$id'], + ], $this->getOrganizationHeaders())); + + $this->assertEquals(404, $response['headers']['status-code']); + + /** + * Test for FAILURE - project not found (already deleted) + */ + $response = $this->client->call(Client::METHOD_DELETE, '/v1/organization/projects/' . $projectId, array_merge([ + 'content-type' => 'application/json', + 'x-appwrite-project' => $this->getProject()['$id'], + ], $this->getOrganizationHeaders())); + + $this->assertEquals(404, $response['headers']['status-code']); + } + + public function testListProjects(): void + { + $organization = $this->setupOrganization(); + $teamId = $organization['teamId']; + + // Create a second project in the same organization + $project2 = $this->client->call(Client::METHOD_POST, '/v1/organization/projects', array_merge([ + 'content-type' => 'application/json', + 'x-appwrite-project' => $this->getProject()['$id'], + ], $this->getOrganizationHeaders()), [ + 'projectId' => ID::unique(), + 'name' => 'Second Organization Project', + 'region' => System::getEnv('_APP_REGION', 'default'), + ]); + + $this->assertEquals(201, $project2['headers']['status-code']); + $project2Id = $project2['body']['$id']; + + /** + * Test for SUCCESS - basic list + */ + $response = $this->client->call(Client::METHOD_GET, '/v1/organization/projects', array_merge([ + 'content-type' => 'application/json', + 'x-appwrite-project' => $this->getProject()['$id'], + ], $this->getOrganizationHeaders())); + + $this->assertEquals(200, $response['headers']['status-code']); + $this->assertNotEmpty($response['body']); + $this->assertGreaterThan(0, count($response['body']['projects'])); + $this->assertGreaterThan(0, $response['body']['total']); + + /** + * Test search queries + */ + $response = $this->client->call(Client::METHOD_GET, '/v1/organization/projects', array_merge([ + 'content-type' => 'application/json', + 'x-appwrite-project' => $this->getProject()['$id'], + ], $this->getOrganizationHeaders(), [ + 'search' => 'Second Organization Project', + ])); + + $this->assertEquals(200, $response['headers']['status-code']); + $this->assertGreaterThan(0, $response['body']['total']); + $this->assertIsArray($response['body']['projects']); + $this->assertEquals('Second Organization Project', $response['body']['projects'][0]['name']); + + /** + * Test pagination with limit + */ + $response = $this->client->call(Client::METHOD_GET, '/v1/organization/projects', array_merge([ + 'content-type' => 'application/json', + 'x-appwrite-project' => $this->getProject()['$id'], + ], $this->getOrganizationHeaders()), [ + 'queries' => [ + Query::limit(1)->toString(), + ], + ]); + + $this->assertEquals(200, $response['headers']['status-code']); + $this->assertCount(1, $response['body']['projects']); + + /** + * Test pagination with offset + */ + $response = $this->client->call(Client::METHOD_GET, '/v1/organization/projects', array_merge([ + 'content-type' => 'application/json', + 'x-appwrite-project' => $this->getProject()['$id'], + ], $this->getOrganizationHeaders()), [ + 'queries' => [ + Query::offset(1)->toString(), + ], + ]); + + $this->assertEquals(200, $response['headers']['status-code']); + $this->assertNotEmpty($response['body']); + + /** + * Test query by name + */ + $response = $this->client->call(Client::METHOD_GET, '/v1/organization/projects', array_merge([ + 'content-type' => 'application/json', + 'x-appwrite-project' => $this->getProject()['$id'], + ], $this->getOrganizationHeaders()), [ + 'queries' => [ + Query::equal('name', ['Second Organization Project'])->toString(), + ], + ]); + + $this->assertEquals(200, $response['headers']['status-code']); + $this->assertGreaterThanOrEqual(1, count($response['body']['projects'])); + $this->assertEquals('Second Organization Project', $response['body']['projects'][0]['name']); + + /** + * Test cursor pagination + */ + $response = $this->client->call(Client::METHOD_GET, '/v1/organization/projects', array_merge([ + 'content-type' => 'application/json', + 'x-appwrite-project' => $this->getProject()['$id'], + ], $this->getOrganizationHeaders())); + + $this->assertEquals(200, $response['headers']['status-code']); + $this->assertNotEmpty($response['body']['projects']); + + $response = $this->client->call(Client::METHOD_GET, '/v1/organization/projects', array_merge([ + 'content-type' => 'application/json', + 'x-appwrite-project' => $this->getProject()['$id'], + ], $this->getOrganizationHeaders()), [ + 'queries' => [ + Query::cursorAfter(new Document(['$id' => $response['body']['projects'][0]['$id']]))->toString(), + ], + ]); + + $this->assertEquals(200, $response['headers']['status-code']); + $this->assertNotEmpty($response['body']); + + /** + * Test for FAILURE - invalid cursor + */ + $response = $this->client->call(Client::METHOD_GET, '/v1/organization/projects', array_merge([ + 'content-type' => 'application/json', + 'x-appwrite-project' => $this->getProject()['$id'], + ], $this->getOrganizationHeaders()), [ + 'queries' => [ + Query::cursorAfter(new Document(['$id' => 'unknown']))->toString(), + ], + ]); + + $this->assertEquals(400, $response['headers']['status-code']); + } + + public function testListProjectsQuerySelect(): void + { + $data = $this->setupOrganizationProject(); + $projectId = $data['projectId']; + + $response = $this->client->call(Client::METHOD_GET, '/v1/organization/projects', array_merge([ + 'content-type' => 'application/json', + 'x-appwrite-project' => $this->getProject()['$id'], + ], $this->getOrganizationHeaders()), [ + 'queries' => [ + Query::select(['name'])->toString(), + ], + ]); + + $this->assertEquals(200, $response['headers']['status-code']); + $this->assertNotEmpty($response['body']['projects']); + $this->assertEquals('Organization Project Test', $response['body']['projects'][0]['name']); } } From a3ae9f39ec5c24d11772b99cfd9585878e51c867 Mon Sep 17 00:00:00 2001 From: harsh mahajan Date: Wed, 20 May 2026 23:40:41 +0530 Subject: [PATCH 52/84] Fix SMTP empty sender regressions --- .../Modules/Project/Http/Project/SMTP/Update.php | 2 +- .../Services/Projects/ProjectsConsoleClientTest.php | 10 ++++++++++ 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/src/Appwrite/Platform/Modules/Project/Http/Project/SMTP/Update.php b/src/Appwrite/Platform/Modules/Project/Http/Project/SMTP/Update.php index ef2e478d96..b99a9db3c2 100644 --- a/src/Appwrite/Platform/Modules/Project/Http/Project/SMTP/Update.php +++ b/src/Appwrite/Platform/Modules/Project/Http/Project/SMTP/Update.php @@ -121,7 +121,7 @@ class Update extends Action // Validate when the caller is explicitly enabling or hasn't expressed a preference // (so a credentials-only PATCH can auto-enable). Skip only when the caller is // explicitly keeping/turning SMTP off. - if (\is_null($enabled) || $enabled === true) { + if ((\is_null($enabled) || $enabled === true) && !empty($smtp['senderEmail'] ?? '')) { $mail = new PHPMailer(true); $mail->isSMTP(); diff --git a/tests/e2e/Services/Projects/ProjectsConsoleClientTest.php b/tests/e2e/Services/Projects/ProjectsConsoleClientTest.php index aa5e6911f1..ec82d44b0c 100644 --- a/tests/e2e/Services/Projects/ProjectsConsoleClientTest.php +++ b/tests/e2e/Services/Projects/ProjectsConsoleClientTest.php @@ -1801,6 +1801,16 @@ class ProjectsConsoleClientTest extends Scope $this->assertEquals('verification', $response['body']['type']); $this->assertEquals('en-us', $response['body']['locale']); + /** Ensure cached project state starts with SMTP disabled */ + $response = $this->client->call(Client::METHOD_PATCH, '/projects/' . $id . '/smtp', array_merge([ + 'content-type' => 'application/json', + 'x-appwrite-project' => $this->getProject()['$id'], + 'x-appwrite-response-format' => '1.9.1', + ], $this->getHeaders()), [ + 'enabled' => false, + ]); + $this->assertEquals(200, $response['headers']['status-code']); + /** Update Email template, fail due to SMTP disabled */ $response = $this->client->call(Client::METHOD_PATCH, '/projects/' . $id . '/templates/email/verification/en-us', array_merge([ 'content-type' => 'application/json', From 436064e7cc19d0f4086f394e8eb72e1dd03407a4 Mon Sep 17 00:00:00 2001 From: harsh mahajan Date: Wed, 20 May 2026 23:44:11 +0530 Subject: [PATCH 53/84] Revert test fixture change --- .../Services/Projects/ProjectsConsoleClientTest.php | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/tests/e2e/Services/Projects/ProjectsConsoleClientTest.php b/tests/e2e/Services/Projects/ProjectsConsoleClientTest.php index ec82d44b0c..aa5e6911f1 100644 --- a/tests/e2e/Services/Projects/ProjectsConsoleClientTest.php +++ b/tests/e2e/Services/Projects/ProjectsConsoleClientTest.php @@ -1801,16 +1801,6 @@ class ProjectsConsoleClientTest extends Scope $this->assertEquals('verification', $response['body']['type']); $this->assertEquals('en-us', $response['body']['locale']); - /** Ensure cached project state starts with SMTP disabled */ - $response = $this->client->call(Client::METHOD_PATCH, '/projects/' . $id . '/smtp', array_merge([ - 'content-type' => 'application/json', - 'x-appwrite-project' => $this->getProject()['$id'], - 'x-appwrite-response-format' => '1.9.1', - ], $this->getHeaders()), [ - 'enabled' => false, - ]); - $this->assertEquals(200, $response['headers']['status-code']); - /** Update Email template, fail due to SMTP disabled */ $response = $this->client->call(Client::METHOD_PATCH, '/projects/' . $id . '/templates/email/verification/en-us', array_merge([ 'content-type' => 'application/json', From 41ff2ed48e683d2d1adbad9fd9aedaab637c07b1 Mon Sep 17 00:00:00 2001 From: Jake Barnby Date: Thu, 21 May 2026 10:37:36 +1200 Subject: [PATCH 54/84] chore: update lock --- composer.lock | 153 ++++++++++++-------------------------------------- 1 file changed, 37 insertions(+), 116 deletions(-) diff --git a/composer.lock b/composer.lock index a954399162..5be223d686 100644 --- a/composer.lock +++ b/composer.lock @@ -4245,16 +4245,16 @@ }, { "name": "utopia-php/emails", - "version": "0.7.0", + "version": "0.7.1", "source": { "type": "git", "url": "https://github.com/utopia-php/emails.git", - "reference": "115e24aa908e2b1f06c7ff3b94434a0bdbed9107" + "reference": "a5f1d111e5023918731f2de96d348f5b6a0de143" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/utopia-php/emails/zipball/115e24aa908e2b1f06c7ff3b94434a0bdbed9107", - "reference": "115e24aa908e2b1f06c7ff3b94434a0bdbed9107", + "url": "https://api.github.com/repos/utopia-php/emails/zipball/a5f1d111e5023918731f2de96d348f5b6a0de143", + "reference": "a5f1d111e5023918731f2de96d348f5b6a0de143", "shasum": "" }, "require": { @@ -4300,9 +4300,9 @@ ], "support": { "issues": "https://github.com/utopia-php/emails/issues", - "source": "https://github.com/utopia-php/emails/tree/0.7.0" + "source": "https://github.com/utopia-php/emails/tree/0.7.1" }, - "time": "2026-05-13T05:01:26+00:00" + "time": "2026-05-20T13:05:30+00:00" }, { "name": "utopia-php/fetch", @@ -4346,16 +4346,16 @@ }, { "name": "utopia-php/http", - "version": "2.0.0-rc1", + "version": "2.0.0-rc2", "source": { "type": "git", "url": "https://github.com/utopia-php/http.git", - "reference": "3e3b431d443844c6bf810120dee735f45880856f" + "reference": "17f3d5e966ada8a5c041717436f069f269aef2b3" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/utopia-php/http/zipball/3e3b431d443844c6bf810120dee735f45880856f", - "reference": "3e3b431d443844c6bf810120dee735f45880856f", + "url": "https://api.github.com/repos/utopia-php/http/zipball/17f3d5e966ada8a5c041717436f069f269aef2b3", + "reference": "17f3d5e966ada8a5c041717436f069f269aef2b3", "shasum": "" }, "require": { @@ -4396,9 +4396,9 @@ ], "support": { "issues": "https://github.com/utopia-php/http/issues", - "source": "https://github.com/utopia-php/http/tree/2.0.0-rc1" + "source": "https://github.com/utopia-php/http/tree/2.0.0-rc2" }, - "time": "2026-05-05T15:00:03+00:00" + "time": "2026-05-20T11:13:49+00:00" }, { "name": "utopia-php/image", @@ -5638,16 +5638,16 @@ "packages-dev": [ { "name": "appwrite/sdk-generator", - "version": "1.31.0", + "version": "1.31.1", "source": { "type": "git", "url": "https://github.com/appwrite/sdk-generator.git", - "reference": "a7119db15696131a86d477b3bed348beda85523f" + "reference": "5699f6da951aef9378fabdcf12f40a9a54fb3128" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/appwrite/sdk-generator/zipball/a7119db15696131a86d477b3bed348beda85523f", - "reference": "a7119db15696131a86d477b3bed348beda85523f", + "url": "https://api.github.com/repos/appwrite/sdk-generator/zipball/5699f6da951aef9378fabdcf12f40a9a54fb3128", + "reference": "5699f6da951aef9378fabdcf12f40a9a54fb3128", "shasum": "" }, "require": { @@ -5656,7 +5656,7 @@ "ext-mbstring": "*", "matthiasmullie/minify": "1.3.*", "php": ">=8.3", - "twig/twig": "3.14.*" + "twig/twig": "3.26.*" }, "require-dev": { "brianium/paratest": "7.*", @@ -5683,9 +5683,9 @@ "description": "Appwrite PHP library for generating API SDKs for multiple programming languages and platforms", "support": { "issues": "https://github.com/appwrite/sdk-generator/issues", - "source": "https://github.com/appwrite/sdk-generator/tree/1.31.0" + "source": "https://github.com/appwrite/sdk-generator/tree/1.31.1" }, - "time": "2026-05-20T11:16:09+00:00" + "time": "2026-05-20T22:22:59+00:00" }, { "name": "brianium/paratest", @@ -6951,16 +6951,16 @@ }, { "name": "sebastian/comparator", - "version": "7.1.6", + "version": "7.1.7", "source": { "type": "git", "url": "https://github.com/sebastianbergmann/comparator.git", - "reference": "c769009dee98f494e0edc3fd4f4087501688f11e" + "reference": "0ed818fb2660fd80d71fbb982c80153bba8da7ef" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/sebastianbergmann/comparator/zipball/c769009dee98f494e0edc3fd4f4087501688f11e", - "reference": "c769009dee98f494e0edc3fd4f4087501688f11e", + "url": "https://api.github.com/repos/sebastianbergmann/comparator/zipball/0ed818fb2660fd80d71fbb982c80153bba8da7ef", + "reference": "0ed818fb2660fd80d71fbb982c80153bba8da7ef", "shasum": "" }, "require": { @@ -6968,10 +6968,10 @@ "ext-mbstring": "*", "php": ">=8.3", "sebastian/diff": "^7.0", - "sebastian/exporter": "^7.0" + "sebastian/exporter": "^7.0.3" }, "require-dev": { - "phpunit/phpunit": "^12.2" + "phpunit/phpunit": "^12.5.25" }, "suggest": { "ext-bcmath": "For comparing BcMath\\Number objects" @@ -7019,7 +7019,7 @@ "support": { "issues": "https://github.com/sebastianbergmann/comparator/issues", "security": "https://github.com/sebastianbergmann/comparator/security/policy", - "source": "https://github.com/sebastianbergmann/comparator/tree/7.1.6" + "source": "https://github.com/sebastianbergmann/comparator/tree/7.1.7" }, "funding": [ { @@ -7039,7 +7039,7 @@ "type": "tidelift" } ], - "time": "2026-04-14T08:23:15+00:00" + "time": "2026-05-20T11:50:17+00:00" }, { "name": "sebastian/complexity", @@ -8213,86 +8213,6 @@ ], "time": "2024-09-09T11:45:10+00:00" }, - { - "name": "symfony/polyfill-php81", - "version": "v1.37.0", - "source": { - "type": "git", - "url": "https://github.com/symfony/polyfill-php81.git", - "reference": "4a4cfc2d253c21a5ad0e53071df248ed48c6ce5c" - }, - "dist": { - "type": "zip", - "url": "https://api.github.com/repos/symfony/polyfill-php81/zipball/4a4cfc2d253c21a5ad0e53071df248ed48c6ce5c", - "reference": "4a4cfc2d253c21a5ad0e53071df248ed48c6ce5c", - "shasum": "" - }, - "require": { - "php": ">=7.2" - }, - "type": "library", - "extra": { - "thanks": { - "url": "https://github.com/symfony/polyfill", - "name": "symfony/polyfill" - } - }, - "autoload": { - "files": [ - "bootstrap.php" - ], - "psr-4": { - "Symfony\\Polyfill\\Php81\\": "" - }, - "classmap": [ - "Resources/stubs" - ] - }, - "notification-url": "https://packagist.org/downloads/", - "license": [ - "MIT" - ], - "authors": [ - { - "name": "Nicolas Grekas", - "email": "p@tchwork.com" - }, - { - "name": "Symfony Community", - "homepage": "https://symfony.com/contributors" - } - ], - "description": "Symfony polyfill backporting some PHP 8.1+ features to lower PHP versions", - "homepage": "https://symfony.com", - "keywords": [ - "compatibility", - "polyfill", - "portable", - "shim" - ], - "support": { - "source": "https://github.com/symfony/polyfill-php81/tree/v1.37.0" - }, - "funding": [ - { - "url": "https://symfony.com/sponsor", - "type": "custom" - }, - { - "url": "https://github.com/fabpot", - "type": "github" - }, - { - "url": "https://github.com/nicolas-grekas", - "type": "github" - }, - { - "url": "https://tidelift.com/funding/github/packagist/symfony/symfony", - "type": "tidelift" - } - ], - "time": "2024-09-09T11:45:10+00:00" - }, { "name": "symfony/process", "version": "v8.0.11", @@ -8549,26 +8469,27 @@ }, { "name": "twig/twig", - "version": "3.14.x-dev", + "version": "v3.26.0", "source": { "type": "git", "url": "https://github.com/twigphp/Twig.git", - "reference": "0b6f9d8370bb3b7f1ce5313ed8feb0fafd6e399a" + "reference": "1fcae487b180d78e6351f4e0afa91f9eab96a2bc" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/twigphp/Twig/zipball/0b6f9d8370bb3b7f1ce5313ed8feb0fafd6e399a", - "reference": "0b6f9d8370bb3b7f1ce5313ed8feb0fafd6e399a", + "url": "https://api.github.com/repos/twigphp/Twig/zipball/1fcae487b180d78e6351f4e0afa91f9eab96a2bc", + "reference": "1fcae487b180d78e6351f4e0afa91f9eab96a2bc", "shasum": "" }, "require": { - "php": ">=8.0.2", + "php": ">=8.1.0", "symfony/deprecation-contracts": "^2.5|^3", "symfony/polyfill-ctype": "^1.8", - "symfony/polyfill-mbstring": "^1.3", - "symfony/polyfill-php81": "^1.29" + "symfony/polyfill-mbstring": "^1.3" }, "require-dev": { + "php-cs-fixer/shim": "^3.0@stable", + "phpstan/phpstan": "^2.0@stable", "psr/container": "^1.0|^2.0", "symfony/phpunit-bridge": "^5.4.9|^6.4|^7.0" }, @@ -8612,7 +8533,7 @@ ], "support": { "issues": "https://github.com/twigphp/Twig/issues", - "source": "https://github.com/twigphp/Twig/tree/v3.14.2" + "source": "https://github.com/twigphp/Twig/tree/v3.26.0" }, "funding": [ { @@ -8624,7 +8545,7 @@ "type": "tidelift" } ], - "time": "2024-11-07T12:36:22+00:00" + "time": "2026-05-20T07:31:59+00:00" } ], "aliases": [], From 52d7ebd41ebc97273fe06e3c2a9568e3c3484b3f Mon Sep 17 00:00:00 2001 From: Jake Barnby Date: Thu, 21 May 2026 10:59:37 +1200 Subject: [PATCH 55/84] chore: revert to 2.0.0-rc.1 --- composer.json | 2 +- composer.lock | 147 ++++++++++++++++++++++++++++++++++++++------------ 2 files changed, 113 insertions(+), 36 deletions(-) diff --git a/composer.json b/composer.json index d4472c6868..34a0238b7a 100644 --- a/composer.json +++ b/composer.json @@ -67,7 +67,7 @@ "utopia-php/emails": "0.7.*", "utopia-php/dns": "1.7.*", "utopia-php/dsn": "0.2.1", - "utopia-php/http": "^2.0@RC", + "utopia-php/http": "2.0.0-rc1", "utopia-php/fetch": "^1.1", "utopia-php/validators": "0.2.*", "utopia-php/image": "0.8.*", diff --git a/composer.lock b/composer.lock index 5be223d686..8145a642cc 100644 --- a/composer.lock +++ b/composer.lock @@ -4,7 +4,7 @@ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", "This file is @generated automatically" ], - "content-hash": "b645c7da1728536497fe8186b158f9c6", + "content-hash": "597066d71be48add0c649828d820a505", "packages": [ { "name": "adhocore/jwt", @@ -4346,16 +4346,16 @@ }, { "name": "utopia-php/http", - "version": "2.0.0-rc2", + "version": "2.0.0-rc1", "source": { "type": "git", "url": "https://github.com/utopia-php/http.git", - "reference": "17f3d5e966ada8a5c041717436f069f269aef2b3" + "reference": "3e3b431d443844c6bf810120dee735f45880856f" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/utopia-php/http/zipball/17f3d5e966ada8a5c041717436f069f269aef2b3", - "reference": "17f3d5e966ada8a5c041717436f069f269aef2b3", + "url": "https://api.github.com/repos/utopia-php/http/zipball/3e3b431d443844c6bf810120dee735f45880856f", + "reference": "3e3b431d443844c6bf810120dee735f45880856f", "shasum": "" }, "require": { @@ -4396,9 +4396,9 @@ ], "support": { "issues": "https://github.com/utopia-php/http/issues", - "source": "https://github.com/utopia-php/http/tree/2.0.0-rc2" + "source": "https://github.com/utopia-php/http/tree/2.0.0-rc1" }, - "time": "2026-05-20T11:13:49+00:00" + "time": "2026-05-05T15:00:03+00:00" }, { "name": "utopia-php/image", @@ -5638,16 +5638,16 @@ "packages-dev": [ { "name": "appwrite/sdk-generator", - "version": "1.31.1", + "version": "1.31.0", "source": { "type": "git", "url": "https://github.com/appwrite/sdk-generator.git", - "reference": "5699f6da951aef9378fabdcf12f40a9a54fb3128" + "reference": "a7119db15696131a86d477b3bed348beda85523f" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/appwrite/sdk-generator/zipball/5699f6da951aef9378fabdcf12f40a9a54fb3128", - "reference": "5699f6da951aef9378fabdcf12f40a9a54fb3128", + "url": "https://api.github.com/repos/appwrite/sdk-generator/zipball/a7119db15696131a86d477b3bed348beda85523f", + "reference": "a7119db15696131a86d477b3bed348beda85523f", "shasum": "" }, "require": { @@ -5656,7 +5656,7 @@ "ext-mbstring": "*", "matthiasmullie/minify": "1.3.*", "php": ">=8.3", - "twig/twig": "3.26.*" + "twig/twig": "3.14.*" }, "require-dev": { "brianium/paratest": "7.*", @@ -5683,9 +5683,9 @@ "description": "Appwrite PHP library for generating API SDKs for multiple programming languages and platforms", "support": { "issues": "https://github.com/appwrite/sdk-generator/issues", - "source": "https://github.com/appwrite/sdk-generator/tree/1.31.1" + "source": "https://github.com/appwrite/sdk-generator/tree/1.31.0" }, - "time": "2026-05-20T22:22:59+00:00" + "time": "2026-05-20T11:16:09+00:00" }, { "name": "brianium/paratest", @@ -6951,16 +6951,16 @@ }, { "name": "sebastian/comparator", - "version": "7.1.7", + "version": "7.1.6", "source": { "type": "git", "url": "https://github.com/sebastianbergmann/comparator.git", - "reference": "0ed818fb2660fd80d71fbb982c80153bba8da7ef" + "reference": "c769009dee98f494e0edc3fd4f4087501688f11e" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/sebastianbergmann/comparator/zipball/0ed818fb2660fd80d71fbb982c80153bba8da7ef", - "reference": "0ed818fb2660fd80d71fbb982c80153bba8da7ef", + "url": "https://api.github.com/repos/sebastianbergmann/comparator/zipball/c769009dee98f494e0edc3fd4f4087501688f11e", + "reference": "c769009dee98f494e0edc3fd4f4087501688f11e", "shasum": "" }, "require": { @@ -6968,10 +6968,10 @@ "ext-mbstring": "*", "php": ">=8.3", "sebastian/diff": "^7.0", - "sebastian/exporter": "^7.0.3" + "sebastian/exporter": "^7.0" }, "require-dev": { - "phpunit/phpunit": "^12.5.25" + "phpunit/phpunit": "^12.2" }, "suggest": { "ext-bcmath": "For comparing BcMath\\Number objects" @@ -7019,7 +7019,7 @@ "support": { "issues": "https://github.com/sebastianbergmann/comparator/issues", "security": "https://github.com/sebastianbergmann/comparator/security/policy", - "source": "https://github.com/sebastianbergmann/comparator/tree/7.1.7" + "source": "https://github.com/sebastianbergmann/comparator/tree/7.1.6" }, "funding": [ { @@ -7039,7 +7039,7 @@ "type": "tidelift" } ], - "time": "2026-05-20T11:50:17+00:00" + "time": "2026-04-14T08:23:15+00:00" }, { "name": "sebastian/complexity", @@ -8213,6 +8213,86 @@ ], "time": "2024-09-09T11:45:10+00:00" }, + { + "name": "symfony/polyfill-php81", + "version": "v1.37.0", + "source": { + "type": "git", + "url": "https://github.com/symfony/polyfill-php81.git", + "reference": "4a4cfc2d253c21a5ad0e53071df248ed48c6ce5c" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/symfony/polyfill-php81/zipball/4a4cfc2d253c21a5ad0e53071df248ed48c6ce5c", + "reference": "4a4cfc2d253c21a5ad0e53071df248ed48c6ce5c", + "shasum": "" + }, + "require": { + "php": ">=7.2" + }, + "type": "library", + "extra": { + "thanks": { + "url": "https://github.com/symfony/polyfill", + "name": "symfony/polyfill" + } + }, + "autoload": { + "files": [ + "bootstrap.php" + ], + "psr-4": { + "Symfony\\Polyfill\\Php81\\": "" + }, + "classmap": [ + "Resources/stubs" + ] + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Nicolas Grekas", + "email": "p@tchwork.com" + }, + { + "name": "Symfony Community", + "homepage": "https://symfony.com/contributors" + } + ], + "description": "Symfony polyfill backporting some PHP 8.1+ features to lower PHP versions", + "homepage": "https://symfony.com", + "keywords": [ + "compatibility", + "polyfill", + "portable", + "shim" + ], + "support": { + "source": "https://github.com/symfony/polyfill-php81/tree/v1.37.0" + }, + "funding": [ + { + "url": "https://symfony.com/sponsor", + "type": "custom" + }, + { + "url": "https://github.com/fabpot", + "type": "github" + }, + { + "url": "https://github.com/nicolas-grekas", + "type": "github" + }, + { + "url": "https://tidelift.com/funding/github/packagist/symfony/symfony", + "type": "tidelift" + } + ], + "time": "2024-09-09T11:45:10+00:00" + }, { "name": "symfony/process", "version": "v8.0.11", @@ -8469,27 +8549,26 @@ }, { "name": "twig/twig", - "version": "v3.26.0", + "version": "3.14.x-dev", "source": { "type": "git", "url": "https://github.com/twigphp/Twig.git", - "reference": "1fcae487b180d78e6351f4e0afa91f9eab96a2bc" + "reference": "0b6f9d8370bb3b7f1ce5313ed8feb0fafd6e399a" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/twigphp/Twig/zipball/1fcae487b180d78e6351f4e0afa91f9eab96a2bc", - "reference": "1fcae487b180d78e6351f4e0afa91f9eab96a2bc", + "url": "https://api.github.com/repos/twigphp/Twig/zipball/0b6f9d8370bb3b7f1ce5313ed8feb0fafd6e399a", + "reference": "0b6f9d8370bb3b7f1ce5313ed8feb0fafd6e399a", "shasum": "" }, "require": { - "php": ">=8.1.0", + "php": ">=8.0.2", "symfony/deprecation-contracts": "^2.5|^3", "symfony/polyfill-ctype": "^1.8", - "symfony/polyfill-mbstring": "^1.3" + "symfony/polyfill-mbstring": "^1.3", + "symfony/polyfill-php81": "^1.29" }, "require-dev": { - "php-cs-fixer/shim": "^3.0@stable", - "phpstan/phpstan": "^2.0@stable", "psr/container": "^1.0|^2.0", "symfony/phpunit-bridge": "^5.4.9|^6.4|^7.0" }, @@ -8533,7 +8612,7 @@ ], "support": { "issues": "https://github.com/twigphp/Twig/issues", - "source": "https://github.com/twigphp/Twig/tree/v3.26.0" + "source": "https://github.com/twigphp/Twig/tree/v3.14.2" }, "funding": [ { @@ -8545,14 +8624,12 @@ "type": "tidelift" } ], - "time": "2026-05-20T07:31:59+00:00" + "time": "2024-11-07T12:36:22+00:00" } ], "aliases": [], "minimum-stability": "dev", - "stability-flags": { - "utopia-php/http": 5 - }, + "stability-flags": {}, "prefer-stable": true, "prefer-lowest": false, "platform": { From c6ac0f28e4a99e5ee3aba317528f3b917fdd3e9a Mon Sep 17 00:00:00 2001 From: Jake Barnby Date: Thu, 21 May 2026 12:16:06 +1200 Subject: [PATCH 56/84] chore: restore twig security update --- composer.lock | 113 ++++++++------------------------------------------ 1 file changed, 17 insertions(+), 96 deletions(-) diff --git a/composer.lock b/composer.lock index 8145a642cc..a0a687d8ae 100644 --- a/composer.lock +++ b/composer.lock @@ -5638,16 +5638,16 @@ "packages-dev": [ { "name": "appwrite/sdk-generator", - "version": "1.31.0", + "version": "1.31.1", "source": { "type": "git", "url": "https://github.com/appwrite/sdk-generator.git", - "reference": "a7119db15696131a86d477b3bed348beda85523f" + "reference": "5699f6da951aef9378fabdcf12f40a9a54fb3128" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/appwrite/sdk-generator/zipball/a7119db15696131a86d477b3bed348beda85523f", - "reference": "a7119db15696131a86d477b3bed348beda85523f", + "url": "https://api.github.com/repos/appwrite/sdk-generator/zipball/5699f6da951aef9378fabdcf12f40a9a54fb3128", + "reference": "5699f6da951aef9378fabdcf12f40a9a54fb3128", "shasum": "" }, "require": { @@ -5656,7 +5656,7 @@ "ext-mbstring": "*", "matthiasmullie/minify": "1.3.*", "php": ">=8.3", - "twig/twig": "3.14.*" + "twig/twig": "3.26.*" }, "require-dev": { "brianium/paratest": "7.*", @@ -5683,9 +5683,9 @@ "description": "Appwrite PHP library for generating API SDKs for multiple programming languages and platforms", "support": { "issues": "https://github.com/appwrite/sdk-generator/issues", - "source": "https://github.com/appwrite/sdk-generator/tree/1.31.0" + "source": "https://github.com/appwrite/sdk-generator/tree/1.31.1" }, - "time": "2026-05-20T11:16:09+00:00" + "time": "2026-05-20T22:22:59+00:00" }, { "name": "brianium/paratest", @@ -8213,86 +8213,6 @@ ], "time": "2024-09-09T11:45:10+00:00" }, - { - "name": "symfony/polyfill-php81", - "version": "v1.37.0", - "source": { - "type": "git", - "url": "https://github.com/symfony/polyfill-php81.git", - "reference": "4a4cfc2d253c21a5ad0e53071df248ed48c6ce5c" - }, - "dist": { - "type": "zip", - "url": "https://api.github.com/repos/symfony/polyfill-php81/zipball/4a4cfc2d253c21a5ad0e53071df248ed48c6ce5c", - "reference": "4a4cfc2d253c21a5ad0e53071df248ed48c6ce5c", - "shasum": "" - }, - "require": { - "php": ">=7.2" - }, - "type": "library", - "extra": { - "thanks": { - "url": "https://github.com/symfony/polyfill", - "name": "symfony/polyfill" - } - }, - "autoload": { - "files": [ - "bootstrap.php" - ], - "psr-4": { - "Symfony\\Polyfill\\Php81\\": "" - }, - "classmap": [ - "Resources/stubs" - ] - }, - "notification-url": "https://packagist.org/downloads/", - "license": [ - "MIT" - ], - "authors": [ - { - "name": "Nicolas Grekas", - "email": "p@tchwork.com" - }, - { - "name": "Symfony Community", - "homepage": "https://symfony.com/contributors" - } - ], - "description": "Symfony polyfill backporting some PHP 8.1+ features to lower PHP versions", - "homepage": "https://symfony.com", - "keywords": [ - "compatibility", - "polyfill", - "portable", - "shim" - ], - "support": { - "source": "https://github.com/symfony/polyfill-php81/tree/v1.37.0" - }, - "funding": [ - { - "url": "https://symfony.com/sponsor", - "type": "custom" - }, - { - "url": "https://github.com/fabpot", - "type": "github" - }, - { - "url": "https://github.com/nicolas-grekas", - "type": "github" - }, - { - "url": "https://tidelift.com/funding/github/packagist/symfony/symfony", - "type": "tidelift" - } - ], - "time": "2024-09-09T11:45:10+00:00" - }, { "name": "symfony/process", "version": "v8.0.11", @@ -8549,26 +8469,27 @@ }, { "name": "twig/twig", - "version": "3.14.x-dev", + "version": "v3.26.0", "source": { "type": "git", "url": "https://github.com/twigphp/Twig.git", - "reference": "0b6f9d8370bb3b7f1ce5313ed8feb0fafd6e399a" + "reference": "1fcae487b180d78e6351f4e0afa91f9eab96a2bc" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/twigphp/Twig/zipball/0b6f9d8370bb3b7f1ce5313ed8feb0fafd6e399a", - "reference": "0b6f9d8370bb3b7f1ce5313ed8feb0fafd6e399a", + "url": "https://api.github.com/repos/twigphp/Twig/zipball/1fcae487b180d78e6351f4e0afa91f9eab96a2bc", + "reference": "1fcae487b180d78e6351f4e0afa91f9eab96a2bc", "shasum": "" }, "require": { - "php": ">=8.0.2", + "php": ">=8.1.0", "symfony/deprecation-contracts": "^2.5|^3", "symfony/polyfill-ctype": "^1.8", - "symfony/polyfill-mbstring": "^1.3", - "symfony/polyfill-php81": "^1.29" + "symfony/polyfill-mbstring": "^1.3" }, "require-dev": { + "php-cs-fixer/shim": "^3.0@stable", + "phpstan/phpstan": "^2.0@stable", "psr/container": "^1.0|^2.0", "symfony/phpunit-bridge": "^5.4.9|^6.4|^7.0" }, @@ -8612,7 +8533,7 @@ ], "support": { "issues": "https://github.com/twigphp/Twig/issues", - "source": "https://github.com/twigphp/Twig/tree/v3.14.2" + "source": "https://github.com/twigphp/Twig/tree/v3.26.0" }, "funding": [ { @@ -8624,7 +8545,7 @@ "type": "tidelift" } ], - "time": "2024-11-07T12:36:22+00:00" + "time": "2026-05-20T07:31:59+00:00" } ], "aliases": [], From fd145e988ad47699441d0b1f0823db12aa9ab823 Mon Sep 17 00:00:00 2001 From: Jake Barnby Date: Thu, 21 May 2026 12:18:11 +1200 Subject: [PATCH 57/84] test: align versions endpoint expectations --- tests/e2e/General/HTTPTest.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/e2e/General/HTTPTest.php b/tests/e2e/General/HTTPTest.php index 450e4f2378..0358281eb7 100644 --- a/tests/e2e/General/HTTPTest.php +++ b/tests/e2e/General/HTTPTest.php @@ -101,7 +101,7 @@ class HTTPTest extends Scope $body = $response['body']; $this->assertEquals(200, $response['headers']['status-code']); $this->assertIsString($body['server']); - $this->assertIsString($body['client-web']); + $this->assertIsString($body['server-web']); $this->assertIsString($body['client-flutter']); $this->assertIsString($body['console-web']); $this->assertIsString($body['server-nodejs']); From 349ac6bbc13c4f3075a1fa0be94360936a68fec1 Mon Sep 17 00:00:00 2001 From: Jake Barnby Date: Thu, 21 May 2026 16:47:45 +1200 Subject: [PATCH 58/84] test: stabilize account log pagination --- .../Account/AccountCustomClientTest.php | 166 ++++++++---------- 1 file changed, 72 insertions(+), 94 deletions(-) diff --git a/tests/e2e/Services/Account/AccountCustomClientTest.php b/tests/e2e/Services/Account/AccountCustomClientTest.php index 160ee39e21..5b0d947198 100644 --- a/tests/e2e/Services/Account/AccountCustomClientTest.php +++ b/tests/e2e/Services/Account/AccountCustomClientTest.php @@ -1026,123 +1026,101 @@ class AccountCustomClientTest extends Scope // Use fresh account for predictable log count $data = $this->createFreshAccountWithSession(); $session = $data['session']; + $headers = array_merge([ + 'origin' => 'http://localhost', + 'content-type' => 'application/json', + 'x-appwrite-project' => $this->getProject()['$id'], + 'cookie' => 'a_session_' . $this->getProject()['$id'] . '=' . $session, + ]); /** * Test for SUCCESS */ - $response = $this->client->call(Client::METHOD_GET, '/account/logs', array_merge([ - 'origin' => 'http://localhost', - 'content-type' => 'application/json', - 'x-appwrite-project' => $this->getProject()['$id'], - 'cookie' => 'a_session_' . $this->getProject()['$id'] . '=' . $session, - ])); + $this->assertEventually(function () use ($headers) { + $response = $this->client->call(Client::METHOD_GET, '/account/logs', $headers); - $this->assertEquals(200, $response['headers']['status-code']); - $this->assertIsArray($response['body']['logs']); - $this->assertNotEmpty($response['body']['logs']); - // Fresh account: session.create is always logged. user.create audit may or may not - // be present depending on async audit processing timing. - $logCount = count($response['body']['logs']); - $this->assertContains($logCount, [1, 2]); - $this->assertIsNumeric($response['body']['total']); + $this->assertEquals(200, $response['headers']['status-code']); + $this->assertIsArray($response['body']['logs']); + $this->assertNotEmpty($response['body']['logs']); + $logCount = count($response['body']['logs']); + $this->assertContains($logCount, [1, 2]); + $this->assertIsNumeric($response['body']['total']); - // Check session.create log (logs[0] - most recent) - $this->assertEquals('Windows', $response['body']['logs'][0]['osName']); - $this->assertEquals('WIN', $response['body']['logs'][0]['osCode']); - $this->assertEquals('10', $response['body']['logs'][0]['osVersion']); + $this->assertEquals('session.create', $response['body']['logs'][0]['event']); + $this->assertEquals('Windows', $response['body']['logs'][0]['osName']); + $this->assertEquals('WIN', $response['body']['logs'][0]['osCode']); + $this->assertEquals('10', $response['body']['logs'][0]['osVersion']); - $this->assertEquals('browser', $response['body']['logs'][0]['clientType']); - $this->assertEquals('Chrome', $response['body']['logs'][0]['clientName']); - $this->assertEquals('CH', $response['body']['logs'][0]['clientCode']); - $this->assertEquals('70.0', $response['body']['logs'][0]['clientVersion']); - $this->assertEquals('Blink', $response['body']['logs'][0]['clientEngine']); + $this->assertEquals('browser', $response['body']['logs'][0]['clientType']); + $this->assertEquals('Chrome', $response['body']['logs'][0]['clientName']); + $this->assertEquals('CH', $response['body']['logs'][0]['clientCode']); + $this->assertEquals('70.0', $response['body']['logs'][0]['clientVersion']); + $this->assertEquals('Blink', $response['body']['logs'][0]['clientEngine']); - $this->assertEquals('desktop', $response['body']['logs'][0]['deviceName']); - $this->assertEquals('', $response['body']['logs'][0]['deviceBrand']); - $this->assertEquals('', $response['body']['logs'][0]['deviceModel']); - $this->assertEquals(filter_var($response['body']['logs'][0]['ip'], FILTER_VALIDATE_IP), $response['body']['logs'][0]['ip']); + $this->assertEquals('desktop', $response['body']['logs'][0]['deviceName']); + $this->assertEquals('', $response['body']['logs'][0]['deviceBrand']); + $this->assertEquals('', $response['body']['logs'][0]['deviceModel']); + $this->assertEquals(filter_var($response['body']['logs'][0]['ip'], FILTER_VALIDATE_IP), $response['body']['logs'][0]['ip']); - $this->assertEquals('--', $response['body']['logs'][0]['countryCode']); - $this->assertEquals('Unknown', $response['body']['logs'][0]['countryName']); + $this->assertEquals('--', $response['body']['logs'][0]['countryCode']); + $this->assertEquals('Unknown', $response['body']['logs'][0]['countryName']); - if ($logCount === 2) { - // Check user.create log (logs[1] - oldest) - $this->assertEquals('user.create', $response['body']['logs'][1]['event']); - $this->assertEquals(filter_var($response['body']['logs'][1]['ip'], FILTER_VALIDATE_IP), $response['body']['logs'][1]['ip']); - $this->assertTrue((new DatetimeValidator())->isValid($response['body']['logs'][1]['time'])); - } + if ($logCount === 2) { + $this->assertEquals('user.create', $response['body']['logs'][1]['event']); + $this->assertEquals(filter_var($response['body']['logs'][1]['ip'], FILTER_VALIDATE_IP), $response['body']['logs'][1]['ip']); + $this->assertTrue((new DatetimeValidator())->isValid($response['body']['logs'][1]['time'])); + } - $responseLimit = $this->client->call(Client::METHOD_GET, '/account/logs', array_merge([ - 'origin' => 'http://localhost', - 'content-type' => 'application/json', - 'x-appwrite-project' => $this->getProject()['$id'], - 'cookie' => 'a_session_' . $this->getProject()['$id'] . '=' . $session, - ]), [ - 'queries' => [ - Query::limit(1)->toString() - ] - ]); + $responseLimit = $this->client->call(Client::METHOD_GET, '/account/logs', $headers, [ + 'queries' => [ + Query::limit(1)->toString() + ] + ]); - $this->assertEquals(200, $responseLimit['headers']['status-code']); - $this->assertIsArray($responseLimit['body']['logs']); - $this->assertNotEmpty($responseLimit['body']['logs']); - $this->assertCount(1, $responseLimit['body']['logs']); - $this->assertIsNumeric($responseLimit['body']['total']); + $this->assertEquals(200, $responseLimit['headers']['status-code']); + $this->assertIsArray($responseLimit['body']['logs']); + $this->assertNotEmpty($responseLimit['body']['logs']); + $this->assertCount(1, $responseLimit['body']['logs']); + $this->assertIsNumeric($responseLimit['body']['total']); - $this->assertEquals($response['body']['logs'][0], $responseLimit['body']['logs'][0]); + $this->assertEquals($response['body']['logs'][0], $responseLimit['body']['logs'][0]); - $responseOffset = $this->client->call(Client::METHOD_GET, '/account/logs', array_merge([ - 'origin' => 'http://localhost', - 'content-type' => 'application/json', - 'x-appwrite-project' => $this->getProject()['$id'], - 'cookie' => 'a_session_' . $this->getProject()['$id'] . '=' . $session, - ]), [ - 'queries' => [ - Query::offset(1)->toString() - ] - ]); + $responseOffset = $this->client->call(Client::METHOD_GET, '/account/logs', $headers, [ + 'queries' => [ + Query::offset(1)->toString() + ] + ]); - $this->assertEquals($responseOffset['headers']['status-code'], 200); - $this->assertIsArray($responseOffset['body']['logs']); - // With offset(1), remaining logs = logCount - 1 - $this->assertCount($logCount - 1, $responseOffset['body']['logs']); - $this->assertIsNumeric($responseOffset['body']['total']); + $this->assertEquals(200, $responseOffset['headers']['status-code']); + $this->assertIsArray($responseOffset['body']['logs']); + $this->assertCount($logCount - 1, $responseOffset['body']['logs']); + $this->assertIsNumeric($responseOffset['body']['total']); - if ($logCount === 2) { - $this->assertEquals($response['body']['logs'][1], $responseOffset['body']['logs'][0]); - } + if ($logCount === 2) { + $this->assertEquals($response['body']['logs'][1], $responseOffset['body']['logs'][0]); + } - $responseLimitOffset = $this->client->call(Client::METHOD_GET, '/account/logs', array_merge([ - 'origin' => 'http://localhost', - 'content-type' => 'application/json', - 'x-appwrite-project' => $this->getProject()['$id'], - 'cookie' => 'a_session_' . $this->getProject()['$id'] . '=' . $session, - ]), [ - 'queries' => [ - Query::offset(1)->toString(), - Query::limit(1)->toString() - ] - ]); + $responseLimitOffset = $this->client->call(Client::METHOD_GET, '/account/logs', $headers, [ + 'queries' => [ + Query::offset(1)->toString(), + Query::limit(1)->toString() + ] + ]); - $this->assertEquals(200, $responseLimitOffset['headers']['status-code']); - $this->assertIsArray($responseLimitOffset['body']['logs']); - // With offset(1)+limit(1), remaining logs = min(1, logCount - 1) - $this->assertCount(min(1, $logCount - 1), $responseLimitOffset['body']['logs']); - $this->assertIsNumeric($responseLimitOffset['body']['total']); + $this->assertEquals(200, $responseLimitOffset['headers']['status-code']); + $this->assertIsArray($responseLimitOffset['body']['logs']); + $this->assertCount(min(1, $logCount - 1), $responseLimitOffset['body']['logs']); + $this->assertIsNumeric($responseLimitOffset['body']['total']); - if ($logCount === 2) { - $this->assertEquals($response['body']['logs'][1], $responseLimitOffset['body']['logs'][0]); - } + if ($logCount === 2) { + $this->assertEquals($response['body']['logs'][1], $responseLimitOffset['body']['logs'][0]); + } + }); /** * Test for total=false */ - $logsWithIncludeTotalFalse = $this->client->call(Client::METHOD_GET, '/account/logs', array_merge([ - 'origin' => 'http://localhost', - 'content-type' => 'application/json', - 'x-appwrite-project' => $this->getProject()['$id'], - 'cookie' => 'a_session_' . $this->getProject()['$id'] . '=' . $session, - ]), [ + $logsWithIncludeTotalFalse = $this->client->call(Client::METHOD_GET, '/account/logs', $headers, [ 'total' => false ]); From 238b4e447d46ffdcfb049ddd4ec3d5467874ccd2 Mon Sep 17 00:00:00 2001 From: Jake Barnby Date: Thu, 21 May 2026 18:38:59 +1200 Subject: [PATCH 59/84] test: stabilize function logging executions --- .../Functions/FunctionsCustomServerTest.php | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/tests/e2e/Services/Functions/FunctionsCustomServerTest.php b/tests/e2e/Services/Functions/FunctionsCustomServerTest.php index b1f07c3f9d..44d5d274da 100644 --- a/tests/e2e/Services/Functions/FunctionsCustomServerTest.php +++ b/tests/e2e/Services/Functions/FunctionsCustomServerTest.php @@ -2778,17 +2778,17 @@ class FunctionsCustomServerTest extends Scope $this->assertEmpty($executions['body']['executions'][0]['logs']); $this->assertEmpty($executions['body']['executions'][0]['errors']); - // Ensure executions count - $executions = $this->listExecutions($functionId); + $this->assertEventually(function () use ($functionId) { + $executions = $this->listExecutions($functionId); - $this->assertEquals(200, $executions['headers']['status-code']); - $this->assertCount(3, $executions['body']['executions']); + $this->assertEquals(200, $executions['headers']['status-code']); + $this->assertCount(3, $executions['body']['executions']); - // Double check logs and errors are empty - foreach ($executions['body']['executions'] as $execution) { - $this->assertEmpty($execution['logs']); - $this->assertEmpty($execution['errors']); - } + foreach ($executions['body']['executions'] as $execution) { + $this->assertEmpty($execution['logs']); + $this->assertEmpty($execution['errors']); + } + }, 10000, 500); $this->cleanupFunction($functionId); } From 9bcb4d7ca725bd760d24ce8c03bca5830597f074 Mon Sep 17 00:00:00 2001 From: harsh mahajan Date: Thu, 21 May 2026 15:31:05 +0530 Subject: [PATCH 60/84] Clarify renamed PR file filtering --- .../Modules/VCS/Http/GitHub/Authorize/External/Update.php | 1 + src/Appwrite/Platform/Modules/VCS/Http/GitHub/Events/Create.php | 1 + 2 files changed, 2 insertions(+) diff --git a/src/Appwrite/Platform/Modules/VCS/Http/GitHub/Authorize/External/Update.php b/src/Appwrite/Platform/Modules/VCS/Http/GitHub/Authorize/External/Update.php index 86ac0899d1..993740c61a 100644 --- a/src/Appwrite/Platform/Modules/VCS/Http/GitHub/Authorize/External/Update.php +++ b/src/Appwrite/Platform/Modules/VCS/Http/GitHub/Authorize/External/Update.php @@ -133,6 +133,7 @@ class Update extends Action $prFiles = $github->getPullRequestFiles($owner, $providerRepositoryName, $providerPullRequestId); $providerAffectedFiles = [ ...array_column($prFiles, 'filename'), + // Only renamed files include previous_filename; skip missing values from other file changes. ...array_filter(array_column($prFiles, 'previous_filename')) ]; diff --git a/src/Appwrite/Platform/Modules/VCS/Http/GitHub/Events/Create.php b/src/Appwrite/Platform/Modules/VCS/Http/GitHub/Events/Create.php index 7ce9ece505..e139ff68d8 100644 --- a/src/Appwrite/Platform/Modules/VCS/Http/GitHub/Events/Create.php +++ b/src/Appwrite/Platform/Modules/VCS/Http/GitHub/Events/Create.php @@ -215,6 +215,7 @@ class Create extends Action $prFiles = $github->getPullRequestFiles($providerRepositoryOwner, $providerRepositoryName, $providerPullRequestId); $providerAffectedFiles = [ ...array_column($prFiles, 'filename'), + // Only renamed files include previous_filename; skip missing values from other file changes. ...array_filter(array_column($prFiles, 'previous_filename')) ]; From c1e902c79ce8c9356f0484e6cbf6382f304a6a6d Mon Sep 17 00:00:00 2001 From: harsh mahajan Date: Thu, 21 May 2026 15:32:35 +0530 Subject: [PATCH 61/84] Restore deployments on branch creation --- .../Platform/Modules/VCS/Http/GitHub/Events/Create.php | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/src/Appwrite/Platform/Modules/VCS/Http/GitHub/Events/Create.php b/src/Appwrite/Platform/Modules/VCS/Http/GitHub/Events/Create.php index e139ff68d8..c79df05f8a 100644 --- a/src/Appwrite/Platform/Modules/VCS/Http/GitHub/Events/Create.php +++ b/src/Appwrite/Platform/Modules/VCS/Http/GitHub/Events/Create.php @@ -133,7 +133,6 @@ class Create extends Action callable $getProjectDB, array $platform, ) { - $providerBranchCreated = $parsedPayload["branchCreated"] ?? false; $providerBranchDeleted = $parsedPayload["branchDeleted"] ?? false; $providerBranch = $parsedPayload["branch"] ?? ''; $providerBranchUrl = $parsedPayload["branchUrl"] ?? ''; @@ -162,8 +161,8 @@ class Create extends Action Query::limit(100), ])); - // Create new deployment only on push (not committed by us) and not when branch is created or deleted - if ($providerCommitAuthorEmail !== APP_VCS_GITHUB_EMAIL && !$providerBranchCreated && !$providerBranchDeleted) { + // Create new deployment only on push (not committed by us) and not when branch is deleted + if ($providerCommitAuthorEmail !== APP_VCS_GITHUB_EMAIL && !$providerBranchDeleted) { $providerAffectedFiles = $parsedPayload['affectedFiles'] ?? []; $this->createGitDeployments($github, $providerInstallationId, $repositories, $providerBranch, $providerBranchUrl, $providerRepositoryName, $providerRepositoryUrl, $providerRepositoryOwner, $providerCommitHash, $providerCommitAuthorName, $providerCommitAuthorUrl, $providerCommitMessage, $providerCommitUrl, '', $providerAffectedFiles, false, $dbForPlatform, $authorization, $publisherForBuilds, $getProjectDB, $platform); } From 01a6d6e4d68cc5c6bb9827b81374f266e3673df8 Mon Sep 17 00:00:00 2001 From: harsh mahajan Date: Thu, 21 May 2026 15:35:44 +0530 Subject: [PATCH 62/84] Inline VCS build trigger checks --- .../Modules/VCS/Http/GitHub/Deployment.php | 49 +++++++++---------- 1 file changed, 22 insertions(+), 27 deletions(-) diff --git a/src/Appwrite/Platform/Modules/VCS/Http/GitHub/Deployment.php b/src/Appwrite/Platform/Modules/VCS/Http/GitHub/Deployment.php index 76e0fbc2b9..0978122e02 100644 --- a/src/Appwrite/Platform/Modules/VCS/Http/GitHub/Deployment.php +++ b/src/Appwrite/Platform/Modules/VCS/Http/GitHub/Deployment.php @@ -105,11 +105,32 @@ trait Deployment continue; } - if (!$this->isResourceBuildable($resource, $providerBranch, $providerAffectedFiles, $logBase)) { + // Skip deployments when the branch or affected files do not match configured build triggers. + $branchTrigger = new BuildTrigger($resource->getAttribute('providerBranches', [])); + if (!$branchTrigger->isValid($providerBranch)) { + Span::add("{$logBase}.build.skipped.reason", 'branch'); Span::add("{$logBase}.build.skipped", 'true'); continue; } + $providerPaths = $resource->getAttribute('providerPaths', []); + if (!empty($providerPaths) && !empty($providerAffectedFiles)) { + $pathTrigger = new BuildTrigger($providerPaths); + $pathMatched = false; + foreach ($providerAffectedFiles as $file) { + if ($pathTrigger->isValid($file)) { + $pathMatched = true; + break; + } + } + + if (!$pathMatched) { + Span::add("{$logBase}.build.skipped.reason", 'path'); + Span::add("{$logBase}.build.skipped", 'true'); + continue; + } + } + $deploymentId = ID::unique(); $repositoryId = $repository->getId(); $repositoryInternalId = $repository->getSequence(); @@ -577,30 +598,4 @@ trait Deployment return System::getEnv('_APP_BUILDS_QUEUE_NAME', Event::BUILDS_QUEUE_NAME); } - private function isResourceBuildable(Document $resource, string $providerBranch, array $providerAffectedFiles, string $logBase): bool - { - $branchTrigger = new BuildTrigger($resource->getAttribute('providerBranches', [])); - if (!$branchTrigger->isValid($providerBranch)) { - Span::add("{$logBase}.build.skipped.reason", 'branch'); - return false; - } - - $providerPaths = $resource->getAttribute('providerPaths', []); - if (!empty($providerPaths) && !empty($providerAffectedFiles)) { - $pathTrigger = new BuildTrigger($providerPaths); - $pathMatched = false; - foreach ($providerAffectedFiles as $file) { - if ($pathTrigger->isValid($file)) { - $pathMatched = true; - break; - } - } - if (!$pathMatched) { - Span::add("{$logBase}.build.skipped.reason", 'path'); - return false; - } - } - - return true; - } } From 268dd501067e2617f8d81840110c9b52ce5b1018 Mon Sep 17 00:00:00 2001 From: harsh mahajan Date: Thu, 21 May 2026 18:43:21 +0530 Subject: [PATCH 63/84] Use Globstar validator directly, remove BuildTrigger wrapper Co-Authored-By: Claude Sonnet 4.6 --- composer.lock | 12 +- .../Modules/VCS/Http/GitHub/Deployment.php | 6 +- src/Appwrite/Vcs/Validator/BuildTrigger.php | 110 ----- tests/unit/Vcs/Validator/BuildTriggerTest.php | 466 ------------------ 4 files changed, 9 insertions(+), 585 deletions(-) delete mode 100644 src/Appwrite/Vcs/Validator/BuildTrigger.php delete mode 100644 tests/unit/Vcs/Validator/BuildTriggerTest.php diff --git a/composer.lock b/composer.lock index a0a687d8ae..07f8594b55 100644 --- a/composer.lock +++ b/composer.lock @@ -5355,16 +5355,16 @@ }, { "name": "utopia-php/validators", - "version": "0.2.3", + "version": "0.2.4", "source": { "type": "git", "url": "https://github.com/utopia-php/validators.git", - "reference": "9770269c8ed8e6909934965fa8722103c7434c23" + "reference": "b4ee60db4dbae5ffbe53968d01f69b6941251576" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/utopia-php/validators/zipball/9770269c8ed8e6909934965fa8722103c7434c23", - "reference": "9770269c8ed8e6909934965fa8722103c7434c23", + "url": "https://api.github.com/repos/utopia-php/validators/zipball/b4ee60db4dbae5ffbe53968d01f69b6941251576", + "reference": "b4ee60db4dbae5ffbe53968d01f69b6941251576", "shasum": "" }, "require": { @@ -5394,9 +5394,9 @@ ], "support": { "issues": "https://github.com/utopia-php/validators/issues", - "source": "https://github.com/utopia-php/validators/tree/0.2.3" + "source": "https://github.com/utopia-php/validators/tree/0.2.4" }, - "time": "2026-05-14T08:05:44+00:00" + "time": "2026-05-21T12:47:43+00:00" }, { "name": "utopia-php/vcs", diff --git a/src/Appwrite/Platform/Modules/VCS/Http/GitHub/Deployment.php b/src/Appwrite/Platform/Modules/VCS/Http/GitHub/Deployment.php index 0978122e02..260fec77af 100644 --- a/src/Appwrite/Platform/Modules/VCS/Http/GitHub/Deployment.php +++ b/src/Appwrite/Platform/Modules/VCS/Http/GitHub/Deployment.php @@ -8,7 +8,7 @@ use Appwrite\Event\Publisher\Build as BuildPublisher; use Appwrite\Extend\Exception; use Appwrite\Filter\BranchDomain as BranchDomainFilter; use Appwrite\Vcs\Comment; -use Appwrite\Vcs\Validator\BuildTrigger; +use Utopia\Validator\Globstar; use Utopia\Config\Config; use Utopia\Console; use Utopia\Database\Database; @@ -106,7 +106,7 @@ trait Deployment } // Skip deployments when the branch or affected files do not match configured build triggers. - $branchTrigger = new BuildTrigger($resource->getAttribute('providerBranches', [])); + $branchTrigger = new Globstar($resource->getAttribute('providerBranches', [])); if (!$branchTrigger->isValid($providerBranch)) { Span::add("{$logBase}.build.skipped.reason", 'branch'); Span::add("{$logBase}.build.skipped", 'true'); @@ -115,7 +115,7 @@ trait Deployment $providerPaths = $resource->getAttribute('providerPaths', []); if (!empty($providerPaths) && !empty($providerAffectedFiles)) { - $pathTrigger = new BuildTrigger($providerPaths); + $pathTrigger = new Globstar($providerPaths); $pathMatched = false; foreach ($providerAffectedFiles as $file) { if ($pathTrigger->isValid($file)) { diff --git a/src/Appwrite/Vcs/Validator/BuildTrigger.php b/src/Appwrite/Vcs/Validator/BuildTrigger.php deleted file mode 100644 index be8b9c43d1..0000000000 --- a/src/Appwrite/Vcs/Validator/BuildTrigger.php +++ /dev/null @@ -1,110 +0,0 @@ -patterns)) { - return true; - } - - $include = array_filter($this->patterns, fn ($p) => !str_starts_with($p, '!')); - $exclude = array_filter($this->patterns, fn ($p) => str_starts_with($p, '!')); - - if (empty($include)) { - foreach ($exclude as $pattern) { - if ($this->matchGlob($value, substr($pattern, 1))) { - return false; - } - } - return true; - } - - $isSpecific = fn ($pattern) => !str_contains($pattern, '*') && !str_contains($pattern, '?'); - - foreach ($include as $pattern) { - if ($isSpecific($pattern) && $this->matchGlob($value, $pattern)) { - return true; - } - } - - foreach ($exclude as $pattern) { - if ($this->matchGlob($value, substr($pattern, 1))) { - return false; - } - } - - foreach ($include as $pattern) { - if (!$isSpecific($pattern) && $this->matchGlob($value, $pattern)) { - return true; - } - } - - return false; - } - - public function getDescription(): string - { - return 'Value must match a specific inclusion, or a wildcard inclusion not overridden by any exclusion.'; - } - - public function isArray(): bool - { - return false; - } - - public function getType(): string - { - return self::TYPE_STRING; - } - - private function matchGlob(string $subject, string $pattern): bool - { - $regex = ''; - $len = strlen($pattern); - $i = 0; - - while ($i < $len) { - $char = $pattern[$i]; - - if ($char === '*' && isset($pattern[$i + 1]) && $pattern[$i + 1] === '*') { - $prevSlash = $i === 0 || $pattern[$i - 1] === '/'; - $nextSlash = isset($pattern[$i + 2]) && $pattern[$i + 2] === '/'; - - if ($prevSlash && $nextSlash) { - // a/**/b → zero or more intermediate dirs (matches a/b, a/x/b, a/x/y/b) - // **/foo → zero or more leading dirs (matches foo, a/foo, a/b/foo) - $regex .= '(?:.+/)?'; - $i += 3; // consume ** and the trailing / - } else { - // foo/** → everything inside (matches foo/a, foo/a/b) - $regex .= '.*'; - $i += 2; - } - } elseif ($char === '*') { - $regex .= '[^/]*'; // anything except a path separator - $i++; - } elseif ($char === '?') { - $regex .= '[^/]'; // any single character except a path separator - $i++; - } else { - $regex .= preg_quote($char, '~'); - $i++; - } - } - - return (bool) preg_match('~^' . $regex . '$~', $subject); - } -} diff --git a/tests/unit/Vcs/Validator/BuildTriggerTest.php b/tests/unit/Vcs/Validator/BuildTriggerTest.php deleted file mode 100644 index 66aa94abed..0000000000 --- a/tests/unit/Vcs/Validator/BuildTriggerTest.php +++ /dev/null @@ -1,466 +0,0 @@ -assertTrue($validator->isValid('main')); - $this->assertTrue($validator->isValid('feature/anything')); - $this->assertTrue($validator->isValid('src/deep/nested/file.php')); - } - - // ------------------------------------------------------------------------- - // Pure inclusion — OR semantics (any one match is enough) - // ------------------------------------------------------------------------- - - public function testSingleExactInclusion(): void - { - $validator = new BuildTrigger(['main']); - $this->assertTrue($validator->isValid('main')); - $this->assertFalse($validator->isValid('develop')); - $this->assertFalse($validator->isValid('main-extra')); - } - - public function testMultipleExactInclusionsOr(): void - { - $validator = new BuildTrigger(['main', 'develop', 'staging']); - $this->assertTrue($validator->isValid('main')); - $this->assertTrue($validator->isValid('develop')); - $this->assertTrue($validator->isValid('staging')); - $this->assertFalse($validator->isValid('feature/foo')); - $this->assertFalse($validator->isValid('production')); - } - - public function testSingleWildcardInclusion(): void - { - $validator = new BuildTrigger(['feature/*']); - $this->assertTrue($validator->isValid('feature/foo')); - $this->assertTrue($validator->isValid('feature/bar')); - $this->assertFalse($validator->isValid('feature/foo/bar')); // * does not cross / - $this->assertFalse($validator->isValid('main')); - } - - public function testWildcardWithDash(): void - { - $validator = new BuildTrigger(['feature/test-*']); - $this->assertTrue($validator->isValid('feature/test-1')); - $this->assertTrue($validator->isValid('feature/test-abc')); - $this->assertFalse($validator->isValid('feature/other')); - $this->assertFalse($validator->isValid('feature/test')); - } - - public function testQuestionMarkWildcard(): void - { - $validator = new BuildTrigger(['v?.?']); - $this->assertTrue($validator->isValid('v1.0')); - $this->assertTrue($validator->isValid('v2.5')); - $this->assertFalse($validator->isValid('v10.0')); // ? matches exactly one char, not two - $this->assertFalse($validator->isValid('v1/0')); // ? does not cross / - } - - public function testQuestionMarkDoesNotCrossSlash(): void - { - $validator = new BuildTrigger(['feature/?']); - $this->assertTrue($validator->isValid('feature/a')); - $this->assertTrue($validator->isValid('feature/z')); - $this->assertFalse($validator->isValid('feature/ab')); // ? matches only one char - $this->assertFalse($validator->isValid('feature/a/b')); // ? does not cross / - $this->assertFalse($validator->isValid('feature/')); - } - - public function testQuestionMarkMixedWithStar(): void - { - $validator = new BuildTrigger(['fix-?.*']); - $this->assertTrue($validator->isValid('fix-1.php')); - $this->assertTrue($validator->isValid('fix-a.js')); - $this->assertFalse($validator->isValid('fix-12.php')); // ? matches only one char - $this->assertFalse($validator->isValid('fix-.php')); // ? requires exactly one char - } - - public function testDoubleWildcardAtEnd(): void - { - $validator = new BuildTrigger(['src/**']); - $this->assertTrue($validator->isValid('src/foo.js')); - $this->assertTrue($validator->isValid('src/a/b/c.js')); - $this->assertTrue($validator->isValid('src/deep/nested/file.php')); - $this->assertFalse($validator->isValid('lib/foo.js')); - } - - public function testDoubleWildcardInMiddle(): void - { - $validator = new BuildTrigger(['a/**/b']); - $this->assertTrue($validator->isValid('a/b')); // zero intermediate dirs - $this->assertTrue($validator->isValid('a/x/b')); // one - $this->assertTrue($validator->isValid('a/x/y/b')); // two - $this->assertFalse($validator->isValid('a/b/c')); - $this->assertFalse($validator->isValid('x/a/b')); - } - - public function testDoubleWildcardAtStart(): void - { - $validator = new BuildTrigger(['**/foo']); - $this->assertTrue($validator->isValid('foo')); // zero leading dirs - $this->assertTrue($validator->isValid('a/foo')); // one - $this->assertTrue($validator->isValid('a/b/foo')); // two - $this->assertFalse($validator->isValid('foobar')); - $this->assertFalse($validator->isValid('a/foobar')); - } - - public function testMixedExactAndWildcardInclusions(): void - { - $validator = new BuildTrigger(['main', 'feature/*']); - $this->assertTrue($validator->isValid('main')); - $this->assertTrue($validator->isValid('feature/foo')); - $this->assertFalse($validator->isValid('develop')); - $this->assertFalse($validator->isValid('feature/foo/bar')); - } - - // ------------------------------------------------------------------------- - // Pure exclusion — AND semantics (must not match any exclusion) - // ------------------------------------------------------------------------- - - public function testSingleExactExclusion(): void - { - $validator = new BuildTrigger(['!main']); - $this->assertFalse($validator->isValid('main')); - $this->assertTrue($validator->isValid('develop')); - $this->assertTrue($validator->isValid('feature/foo')); - } - - public function testMultipleExactExclusionsAnd(): void - { - $validator = new BuildTrigger(['!main', '!develop']); - $this->assertFalse($validator->isValid('main')); - $this->assertFalse($validator->isValid('develop')); - $this->assertTrue($validator->isValid('staging')); // neither excluded - $this->assertTrue($validator->isValid('feature/foo')); - } - - public function testWildcardExclusion(): void - { - $validator = new BuildTrigger(['!feature/*']); - $this->assertFalse($validator->isValid('feature/foo')); - $this->assertFalse($validator->isValid('feature/bar')); - $this->assertTrue($validator->isValid('main')); - $this->assertTrue($validator->isValid('hotfix/urgent')); // not matched by feature/* - } - - public function testDoubleWildcardExclusion(): void - { - $validator = new BuildTrigger(['!src/**']); - $this->assertFalse($validator->isValid('src/foo.js')); - $this->assertFalse($validator->isValid('src/a/b/c.js')); - $this->assertTrue($validator->isValid('lib/foo.js')); - $this->assertTrue($validator->isValid('main')); - } - - // ------------------------------------------------------------------------- - // Mixed inclusion + exclusion - // ------------------------------------------------------------------------- - - public function testInclusionTakesPrecedenceWhenBothMatch(): void - { - // feature/abc matches both '!feature/*' (exclusion) and 'feature/abc' (inclusion) - // Inclusion is checked first, so it wins - $validator = new BuildTrigger(['!feature/*', 'feature/abc']); - $this->assertTrue($validator->isValid('feature/abc')); // inclusion wins - $this->assertFalse($validator->isValid('feature/xyz')); // only exclusion matches - $this->assertFalse($validator->isValid('main')); // no inclusion matches - } - - public function testInclusionWithNoMatchFails(): void - { - // Inclusions exist but none match — exclusion is irrelevant - $validator = new BuildTrigger(['main', '!develop']); - $this->assertTrue($validator->isValid('main')); - $this->assertFalse($validator->isValid('develop')); // excluded even if inclusion didn't match - $this->assertFalse($validator->isValid('staging')); // no inclusion match - } - - public function testExclusionBlocksWhenInclusionDoesNotMatch(): void - { - $validator = new BuildTrigger(['feature/*', '!hotfix/*']); - $this->assertTrue($validator->isValid('feature/foo')); // matches inclusion - $this->assertFalse($validator->isValid('hotfix/urgent')); // no inclusion match, also excluded - $this->assertFalse($validator->isValid('main')); // no inclusion match - } - - public function testMultipleInclusionsWithSingleExclusion(): void - { - // feature/wip matches wildcard inclusion feature/* but specific exclusion !feature/wip overrides it - $validator = new BuildTrigger(['main', 'develop', 'feature/*', '!feature/wip']); - $this->assertTrue($validator->isValid('main')); - $this->assertTrue($validator->isValid('develop')); - $this->assertTrue($validator->isValid('feature/foo')); - $this->assertFalse($validator->isValid('feature/wip')); // specific exclusion overrides wildcard inclusion - $this->assertFalse($validator->isValid('hotfix/urgent')); // no inclusion match - } - - public function testSingleInclusionWithMultipleExclusions(): void - { - // specific exclusions !feature/wip and !feature/experimental override wildcard inclusion feature/** - $validator = new BuildTrigger(['feature/**', '!feature/wip', '!feature/experimental']); - $this->assertTrue($validator->isValid('feature/foo')); - $this->assertTrue($validator->isValid('feature/a/b')); - $this->assertFalse($validator->isValid('feature/wip')); // specific exclusion wins - $this->assertFalse($validator->isValid('feature/experimental')); // specific exclusion wins - $this->assertFalse($validator->isValid('main')); // no inclusion match - } - - public function testMultipleInclusionsWithMultipleExclusions(): void - { - // specific exclusions override the wildcard inclusion; specific inclusion 'main' is unaffected - $validator = new BuildTrigger(['main', 'feature/**', '!feature/wip', '!feature/experimental']); - $this->assertTrue($validator->isValid('main')); // specific inclusion wins regardless - $this->assertTrue($validator->isValid('feature/foo')); - $this->assertTrue($validator->isValid('feature/a/b')); - $this->assertFalse($validator->isValid('feature/wip')); // specific exclusion wins - $this->assertFalse($validator->isValid('feature/experimental')); // specific exclusion wins - $this->assertFalse($validator->isValid('develop')); // no inclusion match - } - - public function testWildcardExclusionOverridesWildcardInclusion(): void - { - // src/** is a broad inclusion; !src/generated/** carves out the generated subtree - $validator = new BuildTrigger(['src/**', '!src/generated/**']); - $this->assertTrue($validator->isValid('src/components/Button.php')); - $this->assertTrue($validator->isValid('src/utils/helper.js')); - $this->assertFalse($validator->isValid('src/generated/Foo.php')); // wildcard exclusion wins - $this->assertFalse($validator->isValid('src/generated/bar/Baz.php')); // wildcard exclusion wins - $this->assertFalse($validator->isValid('lib/other.php')); // no inclusion match - } - - public function testSpecificInclusionOverridesWildcardExclusion(): void - { - // Narrow allowlist with a carve-out: exclude all of feature/* except feature/hotfix/critical - $validator = new BuildTrigger(['feature/hotfix/critical', '!feature/**']); - $this->assertTrue($validator->isValid('feature/hotfix/critical')); // inclusion wins - $this->assertFalse($validator->isValid('feature/foo')); // excluded - $this->assertFalse($validator->isValid('feature/hotfix/other')); // excluded - $this->assertFalse($validator->isValid('main')); // no inclusion match - } - - public function testOnlyExclusionsDefaultToTrueUnlessExcluded(): void - { - $validator = new BuildTrigger(['!main', '!develop']); - $this->assertFalse($validator->isValid('main')); - $this->assertFalse($validator->isValid('develop')); - $this->assertTrue($validator->isValid('staging')); // passes — no inclusions required - $this->assertTrue($validator->isValid('feature/foo')); - } - - // ------------------------------------------------------------------------- - // Standalone wildcards - // ------------------------------------------------------------------------- - - public function testStarAloneMatchesSingleSegmentOnly(): void - { - // * → ^[^/]*$ — matches any single segment; the [^/]* guard prevents crossing / - $validator = new BuildTrigger(['*']); - $this->assertTrue($validator->isValid('main')); - $this->assertTrue($validator->isValid('develop')); - $this->assertFalse($validator->isValid('feature/foo')); // * cannot cross / - $this->assertFalse($validator->isValid('a/b/c')); - } - - public function testDoubleStarAloneMatchesEverything(): void - { - // ** alone → ^.*$ — matches any string including paths with separators - $validator = new BuildTrigger(['**']); - $this->assertTrue($validator->isValid('main')); - $this->assertTrue($validator->isValid('feature/foo')); - $this->assertTrue($validator->isValid('src/a/b/c/d/file.php')); - } - - // ------------------------------------------------------------------------- - // Extension patterns — * scope vs. ** scope - // ------------------------------------------------------------------------- - - public function testStarDotExtMatchesRootLevelOnly(): void - { - // *.php → ^[^/]*\.php$ — root-level only; * cannot cross / - $validator = new BuildTrigger(['*.php']); - $this->assertTrue($validator->isValid('Foo.php')); - $this->assertTrue($validator->isValid('index.php')); - $this->assertFalse($validator->isValid('src/Foo.php')); // * does not cross / - $this->assertFalse($validator->isValid('a/b/Foo.php')); - $this->assertFalse($validator->isValid('Foo.js')); - } - - public function testDoubleStarSlashExtMatchesAnyDepth(): void - { - // **/*.php → ^(?:.+/)?[^/]*\.php$ — (?:.+/)? is optional so root also matches - $validator = new BuildTrigger(['**/*.php']); - $this->assertTrue($validator->isValid('Foo.php')); // root — zero leading dirs - $this->assertTrue($validator->isValid('src/Foo.php')); - $this->assertTrue($validator->isValid('src/components/Foo.php')); - $this->assertTrue($validator->isValid('a/b/c/d/Foo.php')); // four levels deep - $this->assertFalse($validator->isValid('Foo.js')); - $this->assertFalse($validator->isValid('src/Foo.js')); - } - - public function testDirPrefixDoubleStarExtPattern(): void - { - // src/**/*.php → ^src/(?:.+/)?[^/]*\.php$ — scoped to src/ at any depth - $validator = new BuildTrigger(['src/**/*.php']); - $this->assertTrue($validator->isValid('src/Foo.php')); - $this->assertTrue($validator->isValid('src/components/Foo.php')); - $this->assertTrue($validator->isValid('src/a/b/c/Foo.php')); - $this->assertFalse($validator->isValid('Foo.php')); // outside src/ - $this->assertFalse($validator->isValid('lib/Foo.php')); - $this->assertFalse($validator->isValid('src/Foo.js')); - } - - // ------------------------------------------------------------------------- - // Dots as literal characters - // ------------------------------------------------------------------------- - - public function testDotsInPatternAreLiteral(): void - { - // preg_quote escapes . to \. — dots are never regex wildcards - $validator = new BuildTrigger(['release-1.0.0']); - $this->assertTrue($validator->isValid('release-1.0.0')); - $this->assertFalse($validator->isValid('release-1X0Y0')); // X/Y must not satisfy a literal dot - $this->assertFalse($validator->isValid('release-1.0.0-hotfix')); // extra suffix rejected by $ anchor - } - - public function testVersionWildcardBranchPattern(): void - { - // v*.*.* → ^v[^/]*\.[^/]*\.[^/]*$ — dots literal; [^/]* is greedy and can consume dots, - // so v1.2.3.4 also matches (first [^/]* eats "1.2") — documents current behavior - $validator = new BuildTrigger(['v*.*.*']); - $this->assertTrue($validator->isValid('v1.2.3')); - $this->assertTrue($validator->isValid('v10.20.30')); - $this->assertTrue($validator->isValid('v1.2.3.4')); // greedy match — first [^/]* eats "1.2" - $this->assertFalse($validator->isValid('v1.2')); // only two dot-segments; third \.[^/]* fails - $this->assertFalse($validator->isValid('1.2.3')); // missing leading v - $this->assertFalse($validator->isValid('v1/2/3')); // [^/]* cannot cross / - } - - public function testDottedFilenamePattern(): void - { - // *.test.js → ^[^/]*\.test\.js$ — both dots literal; * stays in root segment - $validator = new BuildTrigger(['*.test.js']); - $this->assertTrue($validator->isValid('Button.test.js')); - $this->assertTrue($validator->isValid('App.test.js')); - $this->assertFalse($validator->isValid('ButtonXtestYjs')); // dots must be literal - $this->assertFalse($validator->isValid('src/Button.test.js')); // * does not cross / - $this->assertFalse($validator->isValid('Button.test.ts')); - } - - // ------------------------------------------------------------------------- - // Prefix wildcard - // ------------------------------------------------------------------------- - - public function testPrefixWildcardBranchPattern(): void - { - // main* → ^main[^/]*$ — suffix wildcard; [^/]* cannot cross / - $validator = new BuildTrigger(['main*']); - $this->assertTrue($validator->isValid('main')); // zero trailing chars - $this->assertTrue($validator->isValid('main-extra')); - $this->assertTrue($validator->isValid('mainline')); - $this->assertFalse($validator->isValid('main/branch')); // [^/]* cannot cross / - $this->assertFalse($validator->isValid('develop')); - } - - // ------------------------------------------------------------------------- - // Deep nesting - // ------------------------------------------------------------------------- - - public function testDoubleWildcardInMiddleDeepNesting(): void - { - // a/**/b → ^a/(?:.+/)?b$ — .+ inside (?:.+/)? matches any chars including /, - // so it handles arbitrarily many intermediate directories - $validator = new BuildTrigger(['a/**/b']); - $this->assertTrue($validator->isValid('a/x/y/z/b')); // three intermediate dirs - $this->assertTrue($validator->isValid('a/p/q/r/s/b')); // four intermediate dirs - $this->assertTrue($validator->isValid('a/1/2/3/4/5/b')); // five intermediate dirs - $this->assertFalse($validator->isValid('a/x/y/z/b/extra')); // trailing segment rejected - $this->assertFalse($validator->isValid('prefix/a/x/b')); // leading segment rejected - } - - public function testDoubleWildcardAtStartDeepNesting(): void - { - // **/README.md → ^(?:.+/)?README\.md$ — matches at any depth; $ anchor prevents suffixes - $validator = new BuildTrigger(['**/README.md']); - $this->assertTrue($validator->isValid('README.md')); // zero leading dirs - $this->assertTrue($validator->isValid('docs/README.md')); - $this->assertTrue($validator->isValid('a/b/c/d/README.md')); // four levels deep - $this->assertTrue($validator->isValid('x/y/z/w/v/README.md')); // five levels deep - $this->assertFalse($validator->isValid('a/b/c/README.md.bak')); // $ anchor — no suffix - $this->assertFalse($validator->isValid('a/b/c/README.md/extra')); // trailing segment rejected - } - - // ------------------------------------------------------------------------- - // Real-world path patterns - // ------------------------------------------------------------------------- - - public function testGeneratedFilesAnywhereExclusion(): void - { - // !**/generated/** → ^(?:.+/)?generated/.*$ — excludes generated/ at any depth - $validator = new BuildTrigger(['!**/generated/**']); - $this->assertFalse($validator->isValid('generated/Foo.php')); // root generated/ - $this->assertFalse($validator->isValid('src/generated/Foo.php')); - $this->assertFalse($validator->isValid('src/api/generated/Bar.php')); // deep generated/ - $this->assertFalse($validator->isValid('generated/sub/deep/File.php')); // deep inside root generated/ - $this->assertTrue($validator->isValid('src/components/Button.php')); // not under generated/ - $this->assertTrue($validator->isValid('main')); - } - - public function testMultipleExtensionInclusions(): void - { - // OR semantics: any PHP or JS file triggers; other extensions do not - $validator = new BuildTrigger(['**/*.php', '**/*.js']); - $this->assertTrue($validator->isValid('index.php')); - $this->assertTrue($validator->isValid('src/App.php')); - $this->assertTrue($validator->isValid('index.js')); - $this->assertTrue($validator->isValid('src/components/App.js')); - $this->assertFalse($validator->isValid('styles.css')); - $this->assertFalse($validator->isValid('src/styles.css')); - $this->assertFalse($validator->isValid('README.md')); - } - - // ------------------------------------------------------------------------- - // Named-prefix single-level branch - // ------------------------------------------------------------------------- - - public function testReleaseBranchPattern(): void - { - // release/* → ^release/[^/]*$ — one level only; * stops at the next / - $validator = new BuildTrigger(['release/*']); - $this->assertTrue($validator->isValid('release/1.0')); - $this->assertTrue($validator->isValid('release/hotfix')); - $this->assertTrue($validator->isValid('release/2024-01-15')); - $this->assertFalse($validator->isValid('release/1.0/patch')); // * stops at / - $this->assertFalse($validator->isValid('release')); // missing the /* segment - $this->assertFalse($validator->isValid('main')); - } - - // ------------------------------------------------------------------------- - // Case sensitivity - // ------------------------------------------------------------------------- - - public function testPatternMatchingIsCaseSensitive(): void - { - // preg_match is used without the i flag — matching is always case-sensitive - $branchValidator = new BuildTrigger(['main']); - $this->assertTrue($branchValidator->isValid('main')); - $this->assertFalse($branchValidator->isValid('Main')); - $this->assertFalse($branchValidator->isValid('MAIN')); - - $wildcardValidator = new BuildTrigger(['feature/*']); - $this->assertTrue($wildcardValidator->isValid('feature/foo')); - $this->assertFalse($wildcardValidator->isValid('Feature/foo')); - $this->assertFalse($wildcardValidator->isValid('FEATURE/foo')); - } -} From f62d765bbfd2e54040bfc4377eab39dede1df977 Mon Sep 17 00:00:00 2001 From: harsh mahajan Date: Thu, 21 May 2026 18:46:18 +0530 Subject: [PATCH 64/84] format --- src/Appwrite/Platform/Modules/VCS/Http/GitHub/Deployment.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Appwrite/Platform/Modules/VCS/Http/GitHub/Deployment.php b/src/Appwrite/Platform/Modules/VCS/Http/GitHub/Deployment.php index 260fec77af..27c4eacba3 100644 --- a/src/Appwrite/Platform/Modules/VCS/Http/GitHub/Deployment.php +++ b/src/Appwrite/Platform/Modules/VCS/Http/GitHub/Deployment.php @@ -8,7 +8,6 @@ use Appwrite\Event\Publisher\Build as BuildPublisher; use Appwrite\Extend\Exception; use Appwrite\Filter\BranchDomain as BranchDomainFilter; use Appwrite\Vcs\Comment; -use Utopia\Validator\Globstar; use Utopia\Config\Config; use Utopia\Console; use Utopia\Database\Database; @@ -23,6 +22,7 @@ use Utopia\DSN\DSN; use Utopia\Span\Span; use Utopia\System\System; use Utopia\Validator\Contains; +use Utopia\Validator\Globstar; use Utopia\VCS\Adapter\Git\GitHub; use Utopia\VCS\Exception\RepositoryNotFound; From 1538927486f903480ab24c83bae1711b595529d6 Mon Sep 17 00:00:00 2001 From: loks0n <22452787+loks0n@users.noreply.github.com> Date: Mon, 18 May 2026 12:59:05 +0100 Subject: [PATCH 65/84] chore: migrate to utopia-php/http feat-safe-wildcards Adopts the new safe-wildcard dispatch primitive from utopia-php/http#feat-safe-wildcards. Http::execute() is now the re-entrant dispatch entry point and Http::match() is pure (returns ?RouteMatch). The removed Http::getRoute()/setRoute(), Route::getMatchedPath(), Route::getPathValues() callsites are migrated to the new API. Co-Authored-By: Claude Opus 4.7 --- app/controllers/general.php | 14 +++++++------- app/controllers/mock.php | 2 +- app/controllers/shared/api.php | 12 ++++++------ app/controllers/shared/api/auth.php | 2 +- app/http.php | 4 ++-- app/init/resources/request.php | 4 ++-- composer.json | 2 +- composer.lock | 14 +++++++------- src/Appwrite/GraphQL/Resolvers.php | 10 ++-------- 9 files changed, 29 insertions(+), 35 deletions(-) diff --git a/app/controllers/general.php b/app/controllers/general.php index b39c2e2623..4b9c4f81b8 100644 --- a/app/controllers/general.php +++ b/app/controllers/general.php @@ -844,14 +844,14 @@ Http::init() // Only run Router when external domain if (!\in_array($hostname, $platformHostnames) || !empty($previewHostname)) { if (router($utopia, $dbForPlatform, $getProjectDB, $swooleRequest, $request, $response, $log, $queueForEvents, $bus, $executor, $geodb, $isResourceBlocked, $platform, $previewHostname, $authorization, $apiKey, $publisherForDeletes, $executionsRetentionCount)) { - $utopia->getRoute()?->label('router', true); + $utopia->match($request)?->route->label('router', true); } } /* * Request format */ - $route = $utopia->getRoute(); + $route = $utopia->match($request)?->route; $request->setRoute($route); if ($route === null) { @@ -876,7 +876,7 @@ Http::init() } if (version_compare($requestFormat, '1.8.0', '<')) { $dbForProject = $getProjectDB($project); - $request->addFilter(new RequestV20($dbForProject, $route->getPathValues($request))); + $request->addFilter(new RequestV20($dbForProject, $route->resolveParams($request->getURI(), $route->getPath()))); } if (version_compare($requestFormat, '1.9.0', '<')) { $request->addFilter(new RequestV21()); @@ -1154,7 +1154,7 @@ Http::options() // Only run Router when external domain if (!in_array($request->getHostname(), $platformHostnames) || !empty($previewHostname)) { if (router($utopia, $dbForPlatform, $getProjectDB, $swooleRequest, $request, $response, $log, $queueForEvents, $bus, $executor, $geodb, $isResourceBlocked, $platform, $previewHostname, $authorization, $apiKey, $publisherForDeletes, $executionsRetentionCount)) { - $utopia->getRoute()?->label('router', true); + $utopia->match($request)?->route->label('router', true); } } @@ -1189,7 +1189,7 @@ Http::error() ->inject('authorization') ->action(function (Throwable $error, Http $utopia, Request $request, Response $response, Document $project, ?Logger $logger, Log $log, Bus $bus, Document $devKey, Authorization $authorization) { $version = System::getEnv('_APP_VERSION', 'UNKNOWN'); - $route = $utopia->getRoute(); + $route = $utopia->match($request)?->route; $class = \get_class($error); $code = $error->getCode(); $message = $error->getMessage(); @@ -1555,7 +1555,7 @@ Http::get('/robots.txt') $response->text($template->render(false)); } else { if (router($utopia, $dbForPlatform, $getProjectDB, $swooleRequest, $request, $response, $log, $queueForEvents, $bus, $executor, $geodb, $isResourceBlocked, $platform, $previewHostname, $authorization, $apiKey, $publisherForDeletes, $executionsRetentionCount)) { - $utopia->getRoute()?->label('router', true); + $utopia->match($request)?->route->label('router', true); } } }); @@ -1589,7 +1589,7 @@ Http::get('/humans.txt') $response->text($template->render(false)); } else { if (router($utopia, $dbForPlatform, $getProjectDB, $swooleRequest, $request, $response, $log, $queueForEvents, $bus, $executor, $geodb, $isResourceBlocked, $platform, $previewHostname, $authorization, $apiKey, $publisherForDeletes, $executionsRetentionCount)) { - $utopia->getRoute()?->label('router', true); + $utopia->match($request)?->route->label('router', true); } } }); diff --git a/app/controllers/mock.php b/app/controllers/mock.php index 4e92b3482d..9daaa4a35b 100644 --- a/app/controllers/mock.php +++ b/app/controllers/mock.php @@ -289,7 +289,7 @@ Http::shutdown() ->action(function (Http $utopia, Response $response, Request $request) { $result = []; - $route = $utopia->getRoute(); + $route = $utopia->match($request)?->route; $path = APP_STORAGE_CACHE . '/tests.json'; $tests = (\file_exists($path)) ? \json_decode(\file_get_contents($path), true) : []; diff --git a/app/controllers/shared/api.php b/app/controllers/shared/api.php index 6e5167660a..7d0a1882d6 100644 --- a/app/controllers/shared/api.php +++ b/app/controllers/shared/api.php @@ -99,7 +99,7 @@ Http::init() ->inject('apiKey') ->inject('authorization') ->action(function (Http $utopia, Request $request, Database $dbForPlatform, Database $dbForProject, AuditContext $auditContext, Document $project, User $user, ?Document $session, array $servers, string $mode, Document $team, ?Key $apiKey, Authorization $authorization) { - $route = $utopia->getRoute(); + $route = $utopia->match($request)?->route; if ($route === null) { throw new AppwriteException(AppwriteException::GENERAL_ROUTE_NOT_FOUND); } @@ -495,7 +495,7 @@ Http::init() && ! $user->isPrivileged($roles) && $devKey->isEmpty(); - $route = $utopia->getRoute(); + $route = $utopia->match($request)?->route; if ($route === null) { throw new AppwriteException(AppwriteException::GENERAL_ROUTE_NOT_FOUND); } @@ -579,12 +579,12 @@ Http::init() $response->setUser($user); $request->setUser($user); - $route = $utopia->getRoute(); + $route = $utopia->match($request)?->route; if ($route === null) { throw new AppwriteException(AppwriteException::GENERAL_ROUTE_NOT_FOUND); } - $path = $route->getMatchedPath(); + $path = $request->getURI(); $databaseType = match (true) { str_contains($path, '/documentsdb') => DATABASE_TYPE_DOCUMENTSDB, str_contains($path, '/vectorsdb') => DATABASE_TYPE_VECTORSDB, @@ -623,7 +623,7 @@ Http::init() $useCache = $route->getLabel('cache', false); $storageCacheOperationsCounter = $telemetry->createCounter('storage.cache.operations.load'); if ($useCache) { - $route = $utopia->match($request); + $route = $utopia->match($request)->route; $roles = $authorization->getRoles(); $isAppUser = $user->isApp($roles); $isImageTransformation = $route->getPath() === '/v1/storage/buckets/:bucketId/files/:fileId/preview'; @@ -876,7 +876,7 @@ Http::shutdown() } } - $route = $utopia->getRoute(); + $route = $utopia->match($request)?->route; $requestParams = $route->getParamsValues(); /** diff --git a/app/controllers/shared/api/auth.php b/app/controllers/shared/api/auth.php index db98d97bf5..b1c4cb7538 100644 --- a/app/controllers/shared/api/auth.php +++ b/app/controllers/shared/api/auth.php @@ -49,7 +49,7 @@ Http::init() } } - $route = $utopia->match($request); + $route = $utopia->match($request)?->route; $isPrivilegedUser = $user->isPrivileged($authorization->getRoles()); $isAppUser = $user->isApp($authorization->getRoles()); diff --git a/app/http.php b/app/http.php index 6dc415f000..6226026a16 100644 --- a/app/http.php +++ b/app/http.php @@ -539,7 +539,7 @@ $swoole->onRequest(function ($utopiaRequest, $utopiaResponse) use ($files, $swoo $app->run($request, $response); - $route = $app->getRoute(); + $route = $app->match($request)?->route; Span::add('http.path', $route?->getPath() ?? 'unknown'); } catch (\Throwable $th) { Span::error($th); @@ -555,7 +555,7 @@ $swoole->onRequest(function ($utopiaRequest, $utopiaResponse) use ($files, $swoo // All good, user is optional information for logger } - $route = $app->getRoute(); + $route = $app->match($request)?->route; $log = $app->context()->get("log"); diff --git a/app/init/resources/request.php b/app/init/resources/request.php index 85d8db3698..8c55eaf3e0 100644 --- a/app/init/resources/request.php +++ b/app/init/resources/request.php @@ -596,7 +596,7 @@ return function (Container $context): void { // These endpoints moved from /v1/projects/:projectId/ to /v1/ // When accessed via the old alias path, extract projectId from the URI $deprecatedProjectPathPrefix = '/v1/projects/'; - $route = $utopia->match($request); + $route = $utopia->match($request)?->route; if (!empty($route)) { $isDeprecatedAlias = \str_starts_with($request->getURI(), $deprecatedProjectPathPrefix) && !\str_starts_with($route->getPath(), $deprecatedProjectPathPrefix); @@ -1093,7 +1093,7 @@ return function (Container $context): void { if ($project->getId() !== 'console') { $teamInternalId = $project->getAttribute('teamInternalId', ''); } else { - $route = $utopia->match($request); + $route = $utopia->match($request)?->route; $path = ! empty($route) ? $route->getPath() : $request->getURI(); $orgHeader = $request->getHeader('x-appwrite-organization', ''); if (str_starts_with($path, '/v1/projects/:projectId')) { diff --git a/composer.json b/composer.json index 34a0238b7a..082063bb32 100644 --- a/composer.json +++ b/composer.json @@ -67,7 +67,7 @@ "utopia-php/emails": "0.7.*", "utopia-php/dns": "1.7.*", "utopia-php/dsn": "0.2.1", - "utopia-php/http": "2.0.0-rc1", + "utopia-php/http": "2.0.0-rc2", "utopia-php/fetch": "^1.1", "utopia-php/validators": "0.2.*", "utopia-php/image": "0.8.*", diff --git a/composer.lock b/composer.lock index 07f8594b55..79b7db5389 100644 --- a/composer.lock +++ b/composer.lock @@ -4,7 +4,7 @@ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", "This file is @generated automatically" ], - "content-hash": "597066d71be48add0c649828d820a505", + "content-hash": "fafd8dc07538185b1753e9c16b622002", "packages": [ { "name": "adhocore/jwt", @@ -4346,16 +4346,16 @@ }, { "name": "utopia-php/http", - "version": "2.0.0-rc1", + "version": "2.0.0-rc2", "source": { "type": "git", "url": "https://github.com/utopia-php/http.git", - "reference": "3e3b431d443844c6bf810120dee735f45880856f" + "reference": "17f3d5e966ada8a5c041717436f069f269aef2b3" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/utopia-php/http/zipball/3e3b431d443844c6bf810120dee735f45880856f", - "reference": "3e3b431d443844c6bf810120dee735f45880856f", + "url": "https://api.github.com/repos/utopia-php/http/zipball/17f3d5e966ada8a5c041717436f069f269aef2b3", + "reference": "17f3d5e966ada8a5c041717436f069f269aef2b3", "shasum": "" }, "require": { @@ -4396,9 +4396,9 @@ ], "support": { "issues": "https://github.com/utopia-php/http/issues", - "source": "https://github.com/utopia-php/http/tree/2.0.0-rc1" + "source": "https://github.com/utopia-php/http/tree/2.0.0-rc2" }, - "time": "2026-05-05T15:00:03+00:00" + "time": "2026-05-20T11:13:49+00:00" }, { "name": "utopia-php/image", diff --git a/src/Appwrite/GraphQL/Resolvers.php b/src/Appwrite/GraphQL/Resolvers.php index 4471ab53a7..ab98e6df0c 100644 --- a/src/Appwrite/GraphQL/Resolvers.php +++ b/src/Appwrite/GraphQL/Resolvers.php @@ -342,7 +342,6 @@ class Resolvers $lock->acquire(); - $original = $utopia->getRoute(); try { $request = clone $request; $request->addHeader('x-appwrite-source', 'graphql'); @@ -363,10 +362,9 @@ class Resolvers $resolverResponse->setContentType(Response::CONTENT_TYPE_NULL); $resolverResponse->setSent(false); - $route = $utopia->match($request, fresh: true); - $request->setRoute($route); + $request->setRoute($utopia->match($request)?->route); - $utopia->execute($route, $request, $resolverResponse); + $utopia->execute($request, $resolverResponse); self::mergeResponseSideEffects($resolverResponse, $response); @@ -385,10 +383,6 @@ class Resolvers $reject($e); return; } finally { - if ($original !== null) { - $utopia->setRoute($original); - } - $lock->release(); unset(self::$locks[\spl_object_hash($utopia)]); } From 933fffd763f1f8487f824ad88533adf15d6a6dc9 Mon Sep 17 00:00:00 2001 From: loks0n <22452787+loks0n@users.noreply.github.com> Date: Mon, 18 May 2026 13:06:07 +0100 Subject: [PATCH 66/84] Use route template instead of request URI for documentsdb path check MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The documentsdb/vectorsdb routes are registered with setHttpPath('/v1/documentsdb/...') with no aliases, so getPath() returns a template containing the substring we're matching against — and matches the prior getMatchedPath() semantics without depending on the raw request URI. Co-Authored-By: Claude Opus 4.7 --- app/controllers/shared/api.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/controllers/shared/api.php b/app/controllers/shared/api.php index 7d0a1882d6..42e515d3fd 100644 --- a/app/controllers/shared/api.php +++ b/app/controllers/shared/api.php @@ -584,7 +584,7 @@ Http::init() throw new AppwriteException(AppwriteException::GENERAL_ROUTE_NOT_FOUND); } - $path = $request->getURI(); + $path = $route->getPath(); $databaseType = match (true) { str_contains($path, '/documentsdb') => DATABASE_TYPE_DOCUMENTSDB, str_contains($path, '/vectorsdb') => DATABASE_TYPE_VECTORSDB, From dd0c8af160f48ab5502a41f4b46bb655748a2b8b Mon Sep 17 00:00:00 2001 From: loks0n <22452787+loks0n@users.noreply.github.com> Date: Mon, 18 May 2026 13:34:24 +0100 Subject: [PATCH 67/84] Use 'route' injection in shutdown hooks The 'route' injection introduced in utopia-php/http feat-safe-wildcards is frame-local and non-nullable inside a matched action's hooks, so the shutdown handlers in api.php and mock.php no longer need to call match() and dereference a nullable result. Co-Authored-By: Claude Opus 4.7 --- app/controllers/mock.php | 7 +++---- app/controllers/shared/api.php | 6 +++--- 2 files changed, 6 insertions(+), 7 deletions(-) diff --git a/app/controllers/mock.php b/app/controllers/mock.php index 9daaa4a35b..00389085af 100644 --- a/app/controllers/mock.php +++ b/app/controllers/mock.php @@ -13,6 +13,7 @@ use Utopia\Database\Helpers\Permission; use Utopia\Database\Helpers\Role; use Utopia\Database\Validator\UID; use Utopia\Http\Http; +use Utopia\Http\Route; use Utopia\Locale\Locale; use Utopia\System\System; use Utopia\Validator\Text; @@ -283,13 +284,11 @@ Http::get('/v1/mock/github/callback') Http::shutdown() ->groups(['mock']) - ->inject('utopia') ->inject('response') - ->inject('request') - ->action(function (Http $utopia, Response $response, Request $request) { + ->inject('route') + ->action(function (Response $response, Route $route) { $result = []; - $route = $utopia->match($request)?->route; $path = APP_STORAGE_CACHE . '/tests.json'; $tests = (\file_exists($path)) ? \json_decode(\file_get_contents($path), true) : []; diff --git a/app/controllers/shared/api.php b/app/controllers/shared/api.php index 42e515d3fd..b7a151c3d2 100644 --- a/app/controllers/shared/api.php +++ b/app/controllers/shared/api.php @@ -37,6 +37,7 @@ use Utopia\Database\Validator\Authorization; use Utopia\Database\Validator\Authorization\Input; use Utopia\Database\Validator\Roles; use Utopia\Http\Http; +use Utopia\Http\Route; use Utopia\Span\Span; use Utopia\System\System; use Utopia\Telemetry\Adapter as Telemetry; @@ -800,7 +801,7 @@ Http::shutdown() Http::shutdown() ->groups(['api']) - ->inject('utopia') + ->inject('route') ->inject('request') ->inject('response') ->inject('project') @@ -820,7 +821,7 @@ Http::shutdown() ->inject('bus') ->inject('apiKey') ->inject('mode') - ->action(function (Http $utopia, Request $request, Response $response, Document $project, User $user, Event $queueForEvents, AuditContext $auditContext, Audit $publisherForAudits, Context $usage, UsagePublisher $publisherForUsage, FunctionPublisher $publisherForFunctions, Event $queueForWebhooks, Realtime $queueForRealtime, Database $dbForProject, Authorization $authorization, callable $timelimit, EventProcessor $eventProcessor, Bus $bus, ?Key $apiKey, string $mode) use ($parseLabel) { + ->action(function (Route $route, Request $request, Response $response, Document $project, User $user, Event $queueForEvents, AuditContext $auditContext, Audit $publisherForAudits, Context $usage, UsagePublisher $publisherForUsage, FunctionPublisher $publisherForFunctions, Event $queueForWebhooks, Realtime $queueForRealtime, Database $dbForProject, Authorization $authorization, callable $timelimit, EventProcessor $eventProcessor, Bus $bus, ?Key $apiKey, string $mode) use ($parseLabel) { $responsePayload = $response->getPayload(); @@ -876,7 +877,6 @@ Http::shutdown() } } - $route = $utopia->match($request)?->route; $requestParams = $route->getParamsValues(); /** From 690c72b7899520ec133ec7e85bff83c49071af89 Mon Sep 17 00:00:00 2001 From: loks0n <22452787+loks0n@users.noreply.github.com> Date: Mon, 18 May 2026 13:43:32 +0100 Subject: [PATCH 68/84] Use 'route' injection in remaining api/auth init hooks The 'route' injection is frame-local and non-nullable inside a matched action's hooks. Replaces \$utopia->match() lookups in api.php and auth.php init hooks, drops the dead \$utopia inject from the session shutdown hook, and removes the now-redundant null guards. Co-Authored-By: Claude Opus 4.7 --- app/controllers/shared/api.php | 30 +++++++---------------------- app/controllers/shared/api/auth.php | 7 +++---- 2 files changed, 10 insertions(+), 27 deletions(-) diff --git a/app/controllers/shared/api.php b/app/controllers/shared/api.php index b7a151c3d2..f2373572b7 100644 --- a/app/controllers/shared/api.php +++ b/app/controllers/shared/api.php @@ -86,7 +86,7 @@ $parseLabel = function (string $label, array $responsePayload, array $requestPar Http::init() ->groups(['api']) - ->inject('utopia') + ->inject('route') ->inject('request') ->inject('dbForPlatform') ->inject('dbForProject') @@ -99,11 +99,7 @@ Http::init() ->inject('team') ->inject('apiKey') ->inject('authorization') - ->action(function (Http $utopia, Request $request, Database $dbForPlatform, Database $dbForProject, AuditContext $auditContext, Document $project, User $user, ?Document $session, array $servers, string $mode, Document $team, ?Key $apiKey, Authorization $authorization) { - $route = $utopia->match($request)?->route; - if ($route === null) { - throw new AppwriteException(AppwriteException::GENERAL_ROUTE_NOT_FOUND); - } + ->action(function (Route $route, Request $request, Database $dbForPlatform, Database $dbForProject, AuditContext $auditContext, Document $project, User $user, ?Document $session, array $servers, string $mode, Document $team, ?Key $apiKey, Authorization $authorization) { /** * Handle user authentication and session validation. @@ -478,7 +474,7 @@ Http::init() Http::init() ->groups(['api']) - ->inject('utopia') + ->inject('route') ->inject('request') ->inject('response') ->inject('project') @@ -486,7 +482,7 @@ Http::init() ->inject('timelimit') ->inject('devKey') ->inject('authorization') - ->action(function (Http $utopia, Request $request, Response $response, Document $project, User $user, callable $timelimit, Document $devKey, Authorization $authorization) { + ->action(function (Route $route, Request $request, Response $response, Document $project, User $user, callable $timelimit, Document $devKey, Authorization $authorization) { $response->setUser($user); $request->setUser($user); @@ -496,11 +492,6 @@ Http::init() && ! $user->isPrivileged($roles) && $devKey->isEmpty(); - $route = $utopia->match($request)?->route; - if ($route === null) { - throw new AppwriteException(AppwriteException::GENERAL_ROUTE_NOT_FOUND); - } - $abuseKeyLabel = $route->getLabel('abuse-key', 'url:{url},ip:{ip}'); $abuseKeyLabel = (! is_array($abuseKeyLabel)) ? [$abuseKeyLabel] : $abuseKeyLabel; $closestLimit = null; @@ -557,7 +548,7 @@ Http::init() Http::init() ->groups(['api']) - ->inject('utopia') + ->inject('route') ->inject('request') ->inject('response') ->inject('project') @@ -575,16 +566,11 @@ Http::init() ->inject('platform') ->inject('authorization') ->inject('cacheControlForStorage') - ->action(function (Http $utopia, Request $request, Response $response, Document $project, User $user, Event $queueForEvents, AuditContext $auditContext, Context $usage, FunctionPublisher $publisherForFunctions, Database $dbForProject, Document $resourceToken, string $mode, ?Key $apiKey, array $plan, Telemetry $telemetry, array $platform, Authorization $authorization, callable $cacheControlForStorage) { + ->action(function (Route $route, Request $request, Response $response, Document $project, User $user, Event $queueForEvents, AuditContext $auditContext, Context $usage, FunctionPublisher $publisherForFunctions, Database $dbForProject, Document $resourceToken, string $mode, ?Key $apiKey, array $plan, Telemetry $telemetry, array $platform, Authorization $authorization, callable $cacheControlForStorage) { $response->setUser($user); $request->setUser($user); - $route = $utopia->match($request)?->route; - if ($route === null) { - throw new AppwriteException(AppwriteException::GENERAL_ROUTE_NOT_FOUND); - } - $path = $route->getPath(); $databaseType = match (true) { str_contains($path, '/documentsdb') => DATABASE_TYPE_DOCUMENTSDB, @@ -624,7 +610,6 @@ Http::init() $useCache = $route->getLabel('cache', false); $storageCacheOperationsCounter = $telemetry->createCounter('storage.cache.operations.load'); if ($useCache) { - $route = $utopia->match($request)->route; $roles = $authorization->getRoles(); $isAppUser = $user->isApp($roles); $isImageTransformation = $route->getPath() === '/v1/storage/buckets/:bucketId/files/:fileId/preview'; @@ -762,12 +747,11 @@ Http::init() */ Http::shutdown() ->groups(['session']) - ->inject('utopia') ->inject('request') ->inject('response') ->inject('project') ->inject('dbForProject') - ->action(function (Http $utopia, Request $request, Response $response, Document $project, Database $dbForProject) { + ->action(function (Request $request, Response $response, Document $project, Database $dbForProject) { $sessionLimit = $project->getAttribute('auths', [])['maxSessions'] ?? 0; if ($sessionLimit === 0) { diff --git a/app/controllers/shared/api/auth.php b/app/controllers/shared/api/auth.php index b1c4cb7538..4fda054fd6 100644 --- a/app/controllers/shared/api/auth.php +++ b/app/controllers/shared/api/auth.php @@ -9,6 +9,7 @@ use Utopia\Database\DateTime; use Utopia\Database\Document; use Utopia\Database\Validator\Authorization; use Utopia\Http\Http; +use Utopia\Http\Route; use Utopia\System\System; Http::init() @@ -32,13 +33,13 @@ Http::init() Http::init() ->groups(['auth']) - ->inject('utopia') + ->inject('route') ->inject('request') ->inject('project') ->inject('geodb') ->inject('user') ->inject('authorization') - ->action(function (Http $utopia, Request $request, Document $project, Reader $geodb, User $user, Authorization $authorization) { + ->action(function (Route $route, Request $request, Document $project, Reader $geodb, User $user, Authorization $authorization) { $denylist = System::getEnv('_APP_CONSOLE_COUNTRIES_DENYLIST', ''); if (!empty($denylist && $project->getId() === 'console')) { $countries = explode(',', $denylist); @@ -49,8 +50,6 @@ Http::init() } } - $route = $utopia->match($request)?->route; - $isPrivilegedUser = $user->isPrivileged($authorization->getRoles()); $isAppUser = $user->isApp($authorization->getRoles()); From 035cbacbfb4a555f3b766883bb0ebba5f00184d5 Mon Sep 17 00:00:00 2001 From: loks0n <22452787+loks0n@users.noreply.github.com> Date: Mon, 18 May 2026 14:08:32 +0100 Subject: [PATCH 69/84] Use 'params' injection in V20 filter Drops the redundant Route::resolveParams() call. The matched path params are now provided directly via the new frame-local 'params' injection from utopia-php/http, avoiding a second URL parse. Co-Authored-By: Claude Opus 4.7 --- app/controllers/general.php | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/app/controllers/general.php b/app/controllers/general.php index 4b9c4f81b8..219c14774f 100644 --- a/app/controllers/general.php +++ b/app/controllers/general.php @@ -835,7 +835,8 @@ Http::init() ->inject('authorization') ->inject('publisherForDeletes') ->inject('executionsRetentionCount') - ->action(function (Http $utopia, SwooleRequest $swooleRequest, Request $request, Response $response, Log $log, Document $project, Database $dbForPlatform, callable $getProjectDB, Locale $locale, array $localeCodes, Reader $geodb, Event $queueForEvents, Bus $bus, Executor $executor, array $platform, callable $isResourceBlocked, string $previewHostname, Document $devKey, ?Key $apiKey, Cors $cors, Authorization $authorization, DeletePublisher $publisherForDeletes, int $executionsRetentionCount) { + ->inject('params') + ->action(function (Http $utopia, SwooleRequest $swooleRequest, Request $request, Response $response, Log $log, Document $project, Database $dbForPlatform, callable $getProjectDB, Locale $locale, array $localeCodes, Reader $geodb, Event $queueForEvents, Bus $bus, Executor $executor, array $platform, callable $isResourceBlocked, string $previewHostname, Document $devKey, ?Key $apiKey, Cors $cors, Authorization $authorization, DeletePublisher $publisherForDeletes, int $executionsRetentionCount, array $params) { /* * Appwrite Router */ @@ -876,7 +877,7 @@ Http::init() } if (version_compare($requestFormat, '1.8.0', '<')) { $dbForProject = $getProjectDB($project); - $request->addFilter(new RequestV20($dbForProject, $route->resolveParams($request->getURI(), $route->getPath()))); + $request->addFilter(new RequestV20($dbForProject, $params)); } if (version_compare($requestFormat, '1.9.0', '<')) { $request->addFilter(new RequestV21()); From e364082577e2a7621d3a6d0a3c8a1127e913b111 Mon Sep 17 00:00:00 2001 From: Prem Palanisamy Date: Fri, 22 May 2026 07:26:01 +0100 Subject: [PATCH 70/84] fix(project): cast smtpPort to int in response model --- src/Appwrite/Utopia/Response/Model/Project.php | 4 ++-- tests/e2e/Services/Project/ProjectConsoleClientTest.php | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/Appwrite/Utopia/Response/Model/Project.php b/src/Appwrite/Utopia/Response/Model/Project.php index af2a21d551..c788833e88 100644 --- a/src/Appwrite/Utopia/Response/Model/Project.php +++ b/src/Appwrite/Utopia/Response/Model/Project.php @@ -94,7 +94,7 @@ class Project extends Model ->addRule('smtpPort', [ 'type' => self::TYPE_INTEGER, 'description' => 'SMTP server port', - 'default' => '', + 'default' => 0, 'example' => 25, ]) ->addRule('smtpUsername', [ @@ -225,7 +225,7 @@ class Project extends Model $document->setAttribute('smtpReplyToEmail', $smtp['replyToEmail'] ?? $smtp['replyTo'] ?? ''); // Includes backwards compatibility $document->setAttribute('smtpReplyToName', $smtp['replyToName'] ?? ''); $document->setAttribute('smtpHost', $smtp['host'] ?? ''); - $document->setAttribute('smtpPort', $smtp['port'] ?? ''); + $document->setAttribute('smtpPort', (int) ($smtp['port'] ?? 0)); $document->setAttribute('smtpUsername', $smtp['username'] ?? ''); $document->setAttribute('smtpPassword', ''); // Write-only: never expose the stored value $document->setAttribute('smtpSecure', $smtp['secure'] ?? ''); diff --git a/tests/e2e/Services/Project/ProjectConsoleClientTest.php b/tests/e2e/Services/Project/ProjectConsoleClientTest.php index a4c8b73efc..3328c7602f 100644 --- a/tests/e2e/Services/Project/ProjectConsoleClientTest.php +++ b/tests/e2e/Services/Project/ProjectConsoleClientTest.php @@ -103,7 +103,7 @@ class ProjectConsoleClientTest extends Scope $this->assertSame('', $response['body']['smtpReplyToEmail']); $this->assertSame('', $response['body']['smtpReplyToName']); $this->assertSame('', $response['body']['smtpHost']); - $this->assertSame('', $response['body']['smtpPort']); + $this->assertSame(0, $response['body']['smtpPort']); $this->assertSame('', $response['body']['smtpUsername']); $this->assertSame('', $response['body']['smtpPassword']); $this->assertSame('', $response['body']['smtpSecure']); From cf1623bc91b0351bdcaf662727a00e23e0d55f9b Mon Sep 17 00:00:00 2001 From: harsh mahajan Date: Fri, 22 May 2026 12:27:05 +0530 Subject: [PATCH 71/84] Expose providerBranches and providerPaths in Function and Site response models These fields were already persisted on update but omitted from the response model, causing them to disappear after a page refresh in the console. Co-Authored-By: Harsh Mahajan --- src/Appwrite/Utopia/Response/Model/Func.php | 14 ++++++++++++++ src/Appwrite/Utopia/Response/Model/Site.php | 14 ++++++++++++++ 2 files changed, 28 insertions(+) diff --git a/src/Appwrite/Utopia/Response/Model/Func.php b/src/Appwrite/Utopia/Response/Model/Func.php index 3aea364fe5..fa6040904c 100644 --- a/src/Appwrite/Utopia/Response/Model/Func.php +++ b/src/Appwrite/Utopia/Response/Model/Func.php @@ -182,6 +182,20 @@ class Func extends Model 'default' => false, 'example' => false, ]) + ->addRule('providerBranches', [ + 'type' => self::TYPE_STRING, + 'description' => 'List of branch name patterns that trigger automatic deployments. Supports glob wildcards. Empty list deploys on all branches.', + 'default' => [], + 'example' => ['main', 'feat/*'], + 'array' => true, + ]) + ->addRule('providerPaths', [ + 'type' => self::TYPE_STRING, + 'description' => 'List of file path patterns that trigger automatic deployments. Supports glob wildcards. Empty list deploys on all file changes.', + 'default' => [], + 'example' => ['src/**', '!docs/**'], + 'array' => true, + ]) ->addRule('buildSpecification', [ 'type' => self::TYPE_STRING, 'description' => 'Machine specification for deployment builds.', diff --git a/src/Appwrite/Utopia/Response/Model/Site.php b/src/Appwrite/Utopia/Response/Model/Site.php index 941b6104df..330dd1c777 100644 --- a/src/Appwrite/Utopia/Response/Model/Site.php +++ b/src/Appwrite/Utopia/Response/Model/Site.php @@ -173,6 +173,20 @@ class Site extends Model 'default' => false, 'example' => false, ]) + ->addRule('providerBranches', [ + 'type' => self::TYPE_STRING, + 'description' => 'List of branch name patterns that trigger automatic deployments. Supports glob wildcards. Empty list deploys on all branches.', + 'default' => [], + 'example' => ['main', 'feat/*'], + 'array' => true, + ]) + ->addRule('providerPaths', [ + 'type' => self::TYPE_STRING, + 'description' => 'List of file path patterns that trigger automatic deployments. Supports glob wildcards. Empty list deploys on all file changes.', + 'default' => [], + 'example' => ['src/**', '!docs/**'], + 'array' => true, + ]) ->addRule('buildSpecification', [ 'type' => self::TYPE_STRING, 'description' => 'Machine specification for deployment builds.', From e3768ce8eedd7ec9638ad45ca3671026ead37a3d Mon Sep 17 00:00:00 2001 From: harsh mahajan Date: Fri, 22 May 2026 13:03:48 +0530 Subject: [PATCH 72/84] Fix missing platform variables in SMTP test email template The SMTP test email uses email-base-styled.tpl as its base template, which contains {{platform}}, {{logoUrl}}, {{accentColor}}, and social/ legal link placeholders. These were never passed as template variables, causing them to render as literal strings (e.g. "{{platform}} logo"). Inject the platform config and pass the variables to MailMessage, matching the pattern used by OTP and magic-url email flows. Co-Authored-By: Harsh Mahajan --- .../Http/Project/SMTP/Tests/Create.php | 22 ++++++++++++------- 1 file changed, 14 insertions(+), 8 deletions(-) diff --git a/src/Appwrite/Platform/Modules/Project/Http/Project/SMTP/Tests/Create.php b/src/Appwrite/Platform/Modules/Project/Http/Project/SMTP/Tests/Create.php index 8c87a41475..804964733d 100644 --- a/src/Appwrite/Platform/Modules/Project/Http/Project/SMTP/Tests/Create.php +++ b/src/Appwrite/Platform/Modules/Project/Http/Project/SMTP/Tests/Create.php @@ -69,6 +69,7 @@ class Create extends Action ->inject('response') ->inject('project') ->inject('publisherForMails') + ->inject('platform') ->inject('plan') ->callback($this->action(...)); } @@ -89,6 +90,7 @@ class Create extends Action Response $response, Document $project, MailPublisher $publisherForMails, + array $platform, array $plan ): void { // Backwards compatibility: use inline params if provided, otherwise fall back to project SMTP config. @@ -144,14 +146,7 @@ class Create extends Action $template = Template::fromFile(APP_CE_CONFIG_DIR . '/locale/templates/email-smtp-test.tpl'); $template ->setParam('{{from}}', "{$senderName} ({$senderEmail})") - ->setParam('{{replyTo}}', "{$replyToNameDisplay} ({$replyToEmailDisplay})") - ->setParam('{{logoUrl}}', $plan['logoUrl'] ?? APP_EMAIL_LOGO_URL) - ->setParam('{{accentColor}}', $plan['accentColor'] ?? APP_EMAIL_ACCENT_COLOR) - ->setParam('{{twitterUrl}}', $plan['twitterUrl'] ?? APP_SOCIAL_TWITTER) - ->setParam('{{discordUrl}}', $plan['discordUrl'] ?? APP_SOCIAL_DISCORD) - ->setParam('{{githubUrl}}', $plan['githubUrl'] ?? APP_SOCIAL_GITHUB_APPWRITE) - ->setParam('{{termsUrl}}', $plan['termsUrl'] ?? APP_EMAIL_TERMS_URL) - ->setParam('{{privacyUrl}}', $plan['privacyUrl'] ?? APP_EMAIL_PRIVACY_URL); + ->setParam('{{replyTo}}', "{$replyToNameDisplay} ({$replyToEmailDisplay})"); foreach ($emails as $email) { $publisherForMails->enqueue(new MailMessage( @@ -171,6 +166,17 @@ class Create extends Action 'senderEmail' => $senderEmail, 'senderName' => $senderName, ], + variables: [ + 'platform' => $platform['platformName'] ?? APP_NAME, + 'logoUrl' => $platform['logoUrl'] ?? APP_EMAIL_LOGO_URL, + 'accentColor' => $platform['accentColor'] ?? APP_EMAIL_ACCENT_COLOR, + 'twitter' => $platform['twitterUrl'] ?? APP_SOCIAL_TWITTER, + 'discord' => $platform['discordUrl'] ?? APP_SOCIAL_DISCORD, + 'github' => $platform['githubUrl'] ?? APP_SOCIAL_GITHUB_APPWRITE, + 'terms' => $platform['termsUrl'] ?? APP_EMAIL_TERMS_URL, + 'privacy' => $platform['privacyUrl'] ?? APP_EMAIL_PRIVACY_URL, + ], + platform: $platform, )); } From 2628cc31fc7aa19150597cd2f2e4d4e45fa9a63f Mon Sep 17 00:00:00 2001 From: harsh mahajan Date: Fri, 22 May 2026 13:12:50 +0530 Subject: [PATCH 73/84] Remove unused $plan injection --- .../Platform/Modules/Project/Http/Project/SMTP/Tests/Create.php | 2 -- 1 file changed, 2 deletions(-) diff --git a/src/Appwrite/Platform/Modules/Project/Http/Project/SMTP/Tests/Create.php b/src/Appwrite/Platform/Modules/Project/Http/Project/SMTP/Tests/Create.php index 804964733d..fa35b8d6d5 100644 --- a/src/Appwrite/Platform/Modules/Project/Http/Project/SMTP/Tests/Create.php +++ b/src/Appwrite/Platform/Modules/Project/Http/Project/SMTP/Tests/Create.php @@ -70,7 +70,6 @@ class Create extends Action ->inject('project') ->inject('publisherForMails') ->inject('platform') - ->inject('plan') ->callback($this->action(...)); } @@ -91,7 +90,6 @@ class Create extends Action Document $project, MailPublisher $publisherForMails, array $platform, - array $plan ): void { // Backwards compatibility: use inline params if provided, otherwise fall back to project SMTP config. // When inline params are provided they are treated as self-contained — project config is ignored From 4dec4f2ff25302747aae094616bbf4ea64bc32cc Mon Sep 17 00:00:00 2001 From: harsh mahajan Date: Fri, 22 May 2026 15:32:44 +0530 Subject: [PATCH 74/84] Fix organization project API headers and queries --- app/config/cors.php | 1 + src/Appwrite/Utopia/Database/Validator/Queries/Projects.php | 1 + 2 files changed, 2 insertions(+) diff --git a/app/config/cors.php b/app/config/cors.php index 0454a24495..8147ec8fe5 100644 --- a/app/config/cors.php +++ b/app/config/cors.php @@ -22,6 +22,7 @@ return [ 'X-Appwrite-Locale', 'X-Appwrite-Mode', 'X-Appwrite-JWT', + 'X-Appwrite-Organization', 'X-Appwrite-Response-Format', 'X-Appwrite-Timeout', 'X-Appwrite-ID', diff --git a/src/Appwrite/Utopia/Database/Validator/Queries/Projects.php b/src/Appwrite/Utopia/Database/Validator/Queries/Projects.php index 50c9d850f3..f56dc35953 100644 --- a/src/Appwrite/Utopia/Database/Validator/Queries/Projects.php +++ b/src/Appwrite/Utopia/Database/Validator/Queries/Projects.php @@ -7,6 +7,7 @@ class Projects extends Base public const ALLOWED_ATTRIBUTES = [ 'name', 'teamId', + 'status', 'labels', 'search' ]; From e831b3e952b0d87889aea42b4715d4e1e2e93db5 Mon Sep 17 00:00:00 2001 From: harsh mahajan Date: Fri, 22 May 2026 15:39:16 +0530 Subject: [PATCH 75/84] Add project status index --- app/config/collections/platform.php | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/app/config/collections/platform.php b/app/config/collections/platform.php index 7496b7a9a7..e7d10e73e9 100644 --- a/app/config/collections/platform.php +++ b/app/config/collections/platform.php @@ -376,6 +376,13 @@ $platformCollections = [ 'lengths' => [Database::LENGTH_KEY], 'orders' => [Database::ORDER_ASC], ], + [ + '$id' => ID::custom('_key_status'), + 'type' => Database::INDEX_KEY, + 'attributes' => ['status'], + 'lengths' => [], + 'orders' => [], + ], [ '$id' => ID::custom('_key_pingCount'), 'type' => Database::INDEX_KEY, From 6a4dcd76a79aed79fef6cdc32c17bb13fb7c0a95 Mon Sep 17 00:00:00 2001 From: harsh mahajan Date: Fri, 22 May 2026 15:45:32 +0530 Subject: [PATCH 76/84] Keep organization projects schema unchanged --- app/config/collections/platform.php | 7 ------- .../Utopia/Database/Validator/Queries/Projects.php | 1 - 2 files changed, 8 deletions(-) diff --git a/app/config/collections/platform.php b/app/config/collections/platform.php index e7d10e73e9..7496b7a9a7 100644 --- a/app/config/collections/platform.php +++ b/app/config/collections/platform.php @@ -376,13 +376,6 @@ $platformCollections = [ 'lengths' => [Database::LENGTH_KEY], 'orders' => [Database::ORDER_ASC], ], - [ - '$id' => ID::custom('_key_status'), - 'type' => Database::INDEX_KEY, - 'attributes' => ['status'], - 'lengths' => [], - 'orders' => [], - ], [ '$id' => ID::custom('_key_pingCount'), 'type' => Database::INDEX_KEY, diff --git a/src/Appwrite/Utopia/Database/Validator/Queries/Projects.php b/src/Appwrite/Utopia/Database/Validator/Queries/Projects.php index f56dc35953..50c9d850f3 100644 --- a/src/Appwrite/Utopia/Database/Validator/Queries/Projects.php +++ b/src/Appwrite/Utopia/Database/Validator/Queries/Projects.php @@ -7,7 +7,6 @@ class Projects extends Base public const ALLOWED_ATTRIBUTES = [ 'name', 'teamId', - 'status', 'labels', 'search' ]; From f1abdde9cf55f9266db83d4d69f36884b2bc149c Mon Sep 17 00:00:00 2001 From: Chirag Aggarwal Date: Sat, 23 May 2026 19:14:59 +0530 Subject: [PATCH 77/84] Replace builds worker logs with span attributes --- .../Modules/Functions/Workers/Builds.php | 102 +++++++++--------- 1 file changed, 49 insertions(+), 53 deletions(-) diff --git a/src/Appwrite/Platform/Modules/Functions/Workers/Builds.php b/src/Appwrite/Platform/Modules/Functions/Workers/Builds.php index 5aa95d3bf2..1d4a8dd689 100644 --- a/src/Appwrite/Platform/Modules/Functions/Workers/Builds.php +++ b/src/Appwrite/Platform/Modules/Functions/Workers/Builds.php @@ -104,8 +104,6 @@ class Builds extends Action Executor $executor, array $plan ): void { - Console::log('Build action started'); - $payload = $message->getPayload(); if (empty($payload)) { @@ -113,6 +111,8 @@ class Builds extends Action } $type = $payload['type'] ?? ''; + Span::add('build.type', $type); + $resource = new Document($payload['resource'] ?? []); $deployment = new Document($payload['deployment'] ?? []); $template = new Document($payload['template'] ?? []); @@ -124,7 +124,6 @@ class Builds extends Action switch ($type) { case BUILD_TYPE_DEPLOYMENT: case BUILD_TYPE_RETRY: - Console::info('Creating build for deployment: ' . $deployment->getId()); $github = new GitHub($cache); $this->buildDeployment( $deviceForFunctions, @@ -193,8 +192,6 @@ class Builds extends Action Span::add('deployment.id', $deployment->getId()); Span::add('build.timeout', $timeout); - Console::info('Deployment action started'); - $startTime = DateTime::now(); $durationStart = \microtime(true); @@ -268,7 +265,7 @@ class Builds extends Action $resource = $dbForProject->updateDocument($resource->getCollection(), $resource->getId(), new Document(['latestDeploymentStatus' => $deployment->getAttribute('status', '')])); } - Console::log('Status marked as processing'); + Span::add('deployment.status', 'processing'); $queueForRealtime ->setPayload($deployment->getArrayCopy()) @@ -359,7 +356,7 @@ class Builds extends Action ->setPayload($deployment->getArrayCopy()) ->trigger(); - Console::log('Template cloned'); + Span::add('build.source_size', $deployment->getAttribute('sourceSize')); } } elseif ($isVcsEnabled) { // VCS and VCS+Temaplte @@ -403,8 +400,6 @@ class Builds extends Action throw new \Exception('Unable to clone code repository: ' . $stderr); } - Console::log('Git repository cloned'); - // Local refactoring for function folder with spaces if (str_contains($rootDirectory, ' ')) { $rootDirectoryWithoutSpaces = str_replace(' ', '', $rootDirectory); @@ -478,8 +473,6 @@ class Builds extends Action $queueForRealtime ->setPayload($deployment->getArrayCopy()) ->trigger(); - - Console::log('Git template pushed'); } $tmpPath = '/tmp/builds/' . $deploymentId; @@ -531,18 +524,17 @@ class Builds extends Action ->setPayload($deployment->getArrayCopy()) ->trigger(); - Console::log('Git source uploaded'); + Span::add('build.source_size', $deployment->getAttribute('sourceSize')); $this->runGitAction('processing', $github, $providerCommitHash, $owner, $repositoryName, $project, $resource, $deployment->getId(), $dbForProject, $dbForPlatform, $queueForRealtime, $platform); } - Console::log('Status marked as building'); - /** Request the executor to build the code... */ $deployment->setAttribute('status', 'building'); $deployment = $dbForProject->updateDocument('deployments', $deployment->getId(), new Document([ 'status' => 'building', ])); + Span::add('deployment.status', 'building'); if ($deployment->getSequence() === $resource->getAttribute('latestDeploymentInternalId', '')) { $resource = $dbForProject->updateDocument($resource->getCollection(), $resource->getId(), new Document(['latestDeploymentStatus' => $deployment->getAttribute('status', '')])); @@ -687,11 +679,10 @@ class Builds extends Action } $isCanceled = false; - - Console::log('Runtime creation started'); + $span = Span::current(); Co::join([ - Co\go(function () use ($executor, &$response, $project, $deployment, $source, $resource, $runtime, $vars, $command, $cpus, $memory, $timeout, &$err, $version) { + Co\go(function () use ($executor, &$response, $project, $deployment, $source, $resource, $runtime, $vars, $command, $cpus, $memory, $timeout, &$err, $version, $span) { try { if ($version === 'v2') { $command = 'tar -zxf /tmp/code.tar.gz -C /usr/code && cd /usr/local/src/ && ./build.sh'; @@ -739,16 +730,18 @@ class Builds extends Action outputDirectory: $outputDirectory ?? '' ); - Console::log('createRuntime finished'); } catch (ExecutorTimeout $error) { - Console::warning('createRuntime timed out'); + $span?->set('build.runtime.timed_out', true); + $span?->set('build.runtime.error_type', $error::class); + $span?->set('build.runtime.error_message', $error->getMessage()); $err = new AppwriteException(AppwriteException::BUILD_TIMEOUT, previous: $error); } catch (\Throwable $error) { - Console::warning('createRuntime failed'); + $span?->set('build.runtime.error_type', $error::class); + $span?->set('build.runtime.error_message', $error->getMessage()); $err = $error; } }), - Co\go(function () use ($executor, $project, &$deployment, &$response, $dbForProject, $timeout, &$err, $queueForRealtime, &$isCanceled) { + Co\go(function () use ($executor, $project, &$deployment, &$response, $dbForProject, $timeout, &$err, $queueForRealtime, &$isCanceled, $span) { try { $insideSeparation = false; @@ -756,7 +749,7 @@ class Builds extends Action deploymentId: $deployment->getId(), projectId: $project->getId(), timeout: $timeout, - callback: function ($logs) use (&$response, &$err, $dbForProject, &$isCanceled, &$deployment, $queueForRealtime, &$insideSeparation) { + callback: function ($logs) use (&$response, &$err, $dbForProject, &$isCanceled, &$deployment, $queueForRealtime, &$insideSeparation, $span) { if ($isCanceled) { return; } @@ -767,7 +760,7 @@ class Builds extends Action if ($deployment->getAttribute('status') === 'canceled') { $isCanceled = true; - Console::info('Ignoring realtime logs because build has been canceled'); + $span?->set('build.logs.ignored_reason', 'canceled'); return; } @@ -836,9 +829,10 @@ class Builds extends Action } } ); - Console::warning('listLogs finished'); + $span?->set('build.logs.finished', true); } catch (\Throwable $error) { - Console::warning('listLogs failed'); + $span?->set('build.logs.error_type', $error::class); + $span?->set('build.logs.error_message', $error->getMessage()); if (empty($err)) { $err = $error; } @@ -846,8 +840,6 @@ class Builds extends Action }), ]); - Console::log('Runtime creation finished'); - $latestDeployment = $dbForProject->getDocument('deployments', $deploymentId); if ($latestDeployment->getAttribute('status') === 'canceled') { $this->cancelDeployment($deployment->getId(), $dbForProject, $queueForRealtime); @@ -870,6 +862,8 @@ class Builds extends Action $deployment->setAttribute('buildPath', $response['path']); $deployment->setAttribute('buildSize', $response['size']); $deployment->setAttribute('totalSize', $deployment->getAttribute('buildSize', 0) + $deployment->getAttribute('sourceSize', 0)); + Span::add('build.size', $deployment->getAttribute('buildSize')); + Span::add('build.total_size', $deployment->getAttribute('totalSize')); $logs = ''; foreach ($response['output'] as $log) { @@ -908,8 +902,8 @@ class Builds extends Action $deployment->setAttribute('adapter', $detection->getName()); $deployment->setAttribute('fallbackFile', $detection->getFallbackFile() ?? ''); - - Console::log('Adapter detected'); + Span::add('build.adapter', $deployment->getAttribute('adapter')); + Span::add('build.fallback_file', $deployment->getAttribute('fallbackFile')); } elseif ($adapter === 'ssr' && $detection->getName() === 'static') { throw new \Exception('Adapter mismatch. Detected: ' . $detection->getName() . ' does not match with the set adapter: ' . $adapter); } @@ -927,8 +921,6 @@ class Builds extends Action ->setPayload($deployment->getArrayCopy()) ->trigger(); - Console::log('Build details stored'); - $this->afterBuildSuccess($queueForRealtime, $dbForProject, $deployment, $runtime, $adapter); $logs = $deployment->getAttribute('buildLogs', ''); @@ -942,8 +934,7 @@ class Builds extends Action 'buildLogs' => $deployment->getAttribute('buildLogs'), 'status' => 'ready', ])); - - Console::log('Status marked as ready'); + Span::add('deployment.status', 'ready'); if ($deployment->getSequence() === $resource->getAttribute('latestDeploymentInternalId', '')) { $resource = $dbForProject->updateDocument($resource->getCollection(), $resource->getId(), new Document(['latestDeploymentStatus' => $deployment->getAttribute('status', '')])); @@ -969,7 +960,7 @@ class Builds extends Action if ($currentActiveStartTime < $deploymentStartTime) { $activateBuild = true; } else { - Console::info('Skipping auto-activation as current deployment is more recent'); + Span::add('build.auto_activation.skipped_reason', 'current_deployment_newer'); } } } else { @@ -1031,7 +1022,7 @@ class Builds extends Action break; } - Console::log('Deployment activated'); + Span::add('build.activated', true); } $this->afterDeploymentSuccess( @@ -1099,7 +1090,7 @@ class Builds extends Action ])); }, $queries); - Console::log('Preview rule created'); + Span::add('build.preview_rule_created', true); } } @@ -1109,6 +1100,7 @@ class Builds extends Action 'buildEndedAt' => $endTime, 'buildDuration' => \intval(\ceil($durationEnd - $durationStart)), ])); + Span::add('build.duration', $deployment->getAttribute('buildDuration')); $queueForRealtime ->setPayload($deployment->getArrayCopy()) ->trigger(); @@ -1119,8 +1111,6 @@ class Builds extends Action return; } - Console::log('Build duration updated'); - /** Update function schedule */ // Inform scheduler if function is still active @@ -1144,23 +1134,21 @@ class Builds extends Action deploymentId: $deployment->getId(), )); - Console::log('Site screenshot queued'); + Span::add('build.screenshot_queued', true); } - - Console::info('Deployment action finished'); } catch (\Throwable $th) { - Console::warning('Build failed:'); - Console::error($th->getMessage()); - Console::error($th->getFile()); - Console::error($th->getLine()); - Console::error($th->getTraceAsString()); - if ($dbForProject->getDocument('deployments', $deploymentId)->getAttribute('status') === 'canceled') { $this->cancelDeployment($deployment->getId(), $dbForProject, $queueForRealtime); return; } + Span::add('build.error.stage', 'deployment'); + Span::add('build.error.type', $th::class); + Span::add('build.error.message', $th->getMessage()); + Span::add('build.error.file', $th->getFile()); + Span::add('build.error.line', $th->getLine()); + // Color message red $message = $th->getMessage(); if (! \str_contains($message, '')) { @@ -1182,6 +1170,8 @@ class Builds extends Action $deployment->setAttribute('buildEndedAt', $endTime); $deployment->setAttribute('buildDuration', \intval(\ceil($durationEnd - $durationStart))); $deployment->setAttribute('status', 'failed'); + Span::add('deployment.status', 'failed'); + Span::add('build.duration', $deployment->getAttribute('buildDuration')); $deployment->setAttribute('buildLogs', $message); $deployment = $dbForProject->updateDocument('deployments', $deploymentId, new Document([ @@ -1200,7 +1190,7 @@ class Builds extends Action ->trigger(); if ($isVcsEnabled) { - $this->runGitAction('failed', $github, $providerCommitHash, $owner, $repositoryName, $project, $resource, $deployment->getId(), $dbForProject, $dbForPlatform, $queueForRealtime, $platform); + $this->runGitAction('failed', $github, $providerCommitHash, $owner, $repositoryName, $project, $resource, $deployment->getId(), $dbForProject, $dbForPlatform, $queueForRealtime, $platform, true); } } finally { $queueForRealtime @@ -1360,7 +1350,8 @@ class Builds extends Action Database $dbForProject, Database $dbForPlatform, Realtime $queueForRealtime, - array $platform + array $platform, + bool $secondaryError = false ): void { $deployment = new Document(); @@ -1456,9 +1447,14 @@ class Builds extends Action } } } catch (\Throwable $th) { - Console::warning('Git action failed:'); - Console::warning($th->getMessage()); - Console::warning($th->getTraceAsString()); + $span = Span::current(); + $errorPrefix = $secondaryError ? 'build.error.secondary' : 'build.git_action.error'; + $span?->set("{$errorPrefix}.stage", 'git_action'); + $span?->set("{$errorPrefix}.status", $status); + $span?->set("{$errorPrefix}.type", $th::class); + $span?->set("{$errorPrefix}.message", $th->getMessage()); + $span?->set("{$errorPrefix}.file", $th->getFile()); + $span?->set("{$errorPrefix}.line", $th->getLine()); $logs = $deployment->getAttribute('buildLogs', ''); $date = \date('H:i:s'); @@ -1477,7 +1473,7 @@ class Builds extends Action private function cancelDeployment(string $deploymentId, Database $dbForProject, Realtime $queueForRealtime) { - Console::info('Build has been canceled'); + Span::add('deployment.status', 'canceled'); $deployment = $dbForProject->getDocument('deployments', $deploymentId); From 27370b6acbd53ad66d64994be9018e81a12ac43c Mon Sep 17 00:00:00 2001 From: Damodar Lohani Date: Mon, 18 May 2026 03:27:34 +0000 Subject: [PATCH 78/84] feat!: rename ACTIVITY_TYPE_* constants to ACTOR_TYPE_* Renames the actor identity constants used by the audit/auth flow: - ACTIVITY_TYPE_USER -> ACTOR_TYPE_USER ('user') - ACTIVITY_TYPE_ADMIN -> ACTOR_TYPE_ADMIN ('admin') - ACTIVITY_TYPE_GUEST -> ACTOR_TYPE_GUEST ('guest') - ACTIVITY_TYPE_KEY_PROJECT -> ACTOR_TYPE_KEY_PROJECT ('keyProject') - ACTIVITY_TYPE_KEY_ACCOUNT -> ACTOR_TYPE_KEY_ACCOUNT ('keyAccount') - ACTIVITY_TYPE_KEY_ORGANIZATION -> ACTOR_TYPE_KEY_ORGANIZATION ('keyOrganization') Values are unchanged. Call sites updated in: - app/controllers/shared/api.php - src/Appwrite/Platform/Workers/Audits.php Audit payload key rename (userType -> actorType) and utopia-php/audit bump will land in a follow-up PR. BREAKING CHANGE: ACTIVITY_TYPE_* global constants are removed. Any downstream extension or plugin importing those names must be updated to the ACTOR_TYPE_* equivalents. Co-Authored-By: Claude Opus 4.7 (1M context) --- app/controllers/shared/api.php | 14 +++++++------- app/init/constants.php | 14 +++++++------- src/Appwrite/Platform/Workers/Audits.php | 2 +- 3 files changed, 15 insertions(+), 15 deletions(-) diff --git a/app/controllers/shared/api.php b/app/controllers/shared/api.php index f2373572b7..2ee601f685 100644 --- a/app/controllers/shared/api.php +++ b/app/controllers/shared/api.php @@ -186,7 +186,7 @@ Http::init() $user = new User([ '$id' => '', 'status' => true, - 'type' => ACTIVITY_TYPE_KEY_PROJECT, + 'type' => ACTOR_TYPE_KEY_PROJECT, 'email' => 'app.' . $project->getId() . '@service.' . $request->getHostname(), 'password' => '', 'name' => $apiKey->getName(), @@ -258,9 +258,9 @@ Http::init() $userClone = clone $user; $userClone->setAttribute('type', match ($apiKey->getType()) { - API_KEY_STANDARD => ACTIVITY_TYPE_KEY_PROJECT, - API_KEY_ACCOUNT => ACTIVITY_TYPE_KEY_ACCOUNT, - default => ACTIVITY_TYPE_KEY_ORGANIZATION, + API_KEY_STANDARD => ACTOR_TYPE_KEY_PROJECT, + API_KEY_ACCOUNT => ACTOR_TYPE_KEY_ACCOUNT, + default => ACTOR_TYPE_KEY_ORGANIZATION, }); $auditContext->user = $userClone; } @@ -602,7 +602,7 @@ Http::init() $userClone = clone $user; // $user doesn't support `type` and can cause unintended effects. if (empty($user->getAttribute('type'))) { - $userClone->setAttribute('type', $mode === APP_MODE_ADMIN ? ACTIVITY_TYPE_ADMIN : ACTIVITY_TYPE_USER); + $userClone->setAttribute('type', $mode === APP_MODE_ADMIN ? ACTOR_TYPE_ADMIN : ACTOR_TYPE_USER); } $auditContext->user = $userClone; } @@ -913,7 +913,7 @@ Http::shutdown() $userClone = clone $user; // $user doesn't support `type` and can cause unintended effects. if (empty($user->getAttribute('type'))) { - $userClone->setAttribute('type', $mode === APP_MODE_ADMIN ? ACTIVITY_TYPE_ADMIN : ACTIVITY_TYPE_USER); + $userClone->setAttribute('type', $mode === APP_MODE_ADMIN ? ACTOR_TYPE_ADMIN : ACTOR_TYPE_USER); } $auditContext->user = $userClone; } elseif ($auditContext->user === null || $auditContext->user->isEmpty()) { @@ -928,7 +928,7 @@ Http::shutdown() $user = new User([ '$id' => '', 'status' => true, - 'type' => ACTIVITY_TYPE_GUEST, + 'type' => ACTOR_TYPE_GUEST, 'email' => 'guest.' . $project->getId() . '@service.' . $request->getHostname(), 'password' => '', 'name' => 'Guest', diff --git a/app/init/constants.php b/app/init/constants.php index b271b56a14..4bb607e2fb 100644 --- a/app/init/constants.php +++ b/app/init/constants.php @@ -159,14 +159,14 @@ const SESSION_PROVIDER_TOKEN = 'token'; const SESSION_PROVIDER_SERVER = 'server'; /** - * Activity associated with user or the app. + * Actor that performed the request (user, admin, guest, or API key). */ -const ACTIVITY_TYPE_USER = 'user'; -const ACTIVITY_TYPE_ADMIN = 'admin'; -const ACTIVITY_TYPE_GUEST = 'guest'; -const ACTIVITY_TYPE_KEY_PROJECT = 'keyProject'; -const ACTIVITY_TYPE_KEY_ACCOUNT = 'keyAccount'; -const ACTIVITY_TYPE_KEY_ORGANIZATION = 'keyOrganization'; +const ACTOR_TYPE_USER = 'user'; +const ACTOR_TYPE_ADMIN = 'admin'; +const ACTOR_TYPE_GUEST = 'guest'; +const ACTOR_TYPE_KEY_PROJECT = 'keyProject'; +const ACTOR_TYPE_KEY_ACCOUNT = 'keyAccount'; +const ACTOR_TYPE_KEY_ORGANIZATION = 'keyOrganization'; /** * MFA diff --git a/src/Appwrite/Platform/Workers/Audits.php b/src/Appwrite/Platform/Workers/Audits.php index f6b0345381..07d91ce009 100644 --- a/src/Appwrite/Platform/Workers/Audits.php +++ b/src/Appwrite/Platform/Workers/Audits.php @@ -91,7 +91,7 @@ class Audits extends Action $actorUserEmail = $impersonatorUserId ? $user->getAttribute('impersonatorUserEmail', '') : $user->getAttribute('email', ''); - $userType = $user->getAttribute('type', ACTIVITY_TYPE_USER); + $userType = $user->getAttribute('type', ACTOR_TYPE_USER); // Create event data $eventData = [ From 5f1e537e5355f17239d03bb4c1772acb94fa15c6 Mon Sep 17 00:00:00 2001 From: Damodar Lohani Date: Mon, 18 May 2026 04:55:01 +0000 Subject: [PATCH 79/84] chore: bump utopia-php/audit to ^2.4 --- composer.json | 2 +- composer.lock | 14 +++++++------- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/composer.json b/composer.json index 082063bb32..3ddd6ae119 100644 --- a/composer.json +++ b/composer.json @@ -54,7 +54,7 @@ "utopia-php/abuse": "1.3.*", "utopia-php/agents": "1.2.*", "utopia-php/analytics": "0.15.*", - "utopia-php/audit": "2.3.*", + "utopia-php/audit": "^2.4", "utopia-php/auth": "0.5.*", "utopia-php/cache": "^3.0", "utopia-php/cli": "0.23.*", diff --git a/composer.lock b/composer.lock index 79b7db5389..661558b63c 100644 --- a/composer.lock +++ b/composer.lock @@ -4,7 +4,7 @@ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", "This file is @generated automatically" ], - "content-hash": "fafd8dc07538185b1753e9c16b622002", + "content-hash": "b092fffec11494aea10b0c823b7837b8", "packages": [ { "name": "adhocore/jwt", @@ -3510,16 +3510,16 @@ }, { "name": "utopia-php/audit", - "version": "2.3.2", + "version": "2.4.1", "source": { "type": "git", "url": "https://github.com/utopia-php/audit.git", - "reference": "e7b4049fc2ee9be34bcc18771fa593db3b0e9fe3" + "reference": "eddd79d93f23ed2851c0df2b1e2e2dfb25ba06c6" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/utopia-php/audit/zipball/e7b4049fc2ee9be34bcc18771fa593db3b0e9fe3", - "reference": "e7b4049fc2ee9be34bcc18771fa593db3b0e9fe3", + "url": "https://api.github.com/repos/utopia-php/audit/zipball/eddd79d93f23ed2851c0df2b1e2e2dfb25ba06c6", + "reference": "eddd79d93f23ed2851c0df2b1e2e2dfb25ba06c6", "shasum": "" }, "require": { @@ -3554,9 +3554,9 @@ ], "support": { "issues": "https://github.com/utopia-php/audit/issues", - "source": "https://github.com/utopia-php/audit/tree/2.3.2" + "source": "https://github.com/utopia-php/audit/tree/2.4.1" }, - "time": "2026-05-14T04:00:37+00:00" + "time": "2026-05-20T06:25:45+00:00" }, { "name": "utopia-php/auth", From ce31a4f33621b5cc947be482976fdddb1a344eb0 Mon Sep 17 00:00:00 2001 From: Damodar Lohani Date: Mon, 18 May 2026 05:34:54 +0000 Subject: [PATCH 80/84] feat!: rename User::ROLE_APPS to ROLE_KEYS and isApp() to isKey() --- app/config/roles.php | 2 +- app/controllers/api/graphql.php | 2 +- app/controllers/shared/api.php | 12 +++---- app/controllers/shared/api/auth.php | 2 +- app/realtime.php | 2 +- src/Appwrite/Auth/Key.php | 6 ++-- .../Documents/Attribute/Decrement.php | 2 +- .../Documents/Attribute/Increment.php | 2 +- .../Collections/Documents/Create.php | 2 +- .../Collections/Documents/Delete.php | 2 +- .../Databases/Collections/Documents/Get.php | 2 +- .../Collections/Documents/Update.php | 2 +- .../Collections/Documents/Upsert.php | 2 +- .../Databases/Collections/Documents/XList.php | 2 +- .../Transactions/Operations/Create.php | 2 +- .../Http/Databases/Transactions/Update.php | 2 +- .../Functions/Http/Executions/Create.php | 2 +- .../Modules/Functions/Http/Executions/Get.php | 2 +- .../Functions/Http/Executions/XList.php | 2 +- .../Storage/Http/Buckets/Files/Create.php | 2 +- .../Storage/Http/Buckets/Files/Delete.php | 2 +- .../Http/Buckets/Files/Download/Get.php | 2 +- .../Storage/Http/Buckets/Files/Get.php | 2 +- .../Http/Buckets/Files/Preview/Get.php | 2 +- .../Storage/Http/Buckets/Files/Push/Get.php | 2 +- .../Storage/Http/Buckets/Files/Update.php | 4 +-- .../Storage/Http/Buckets/Files/View/Get.php | 2 +- .../Storage/Http/Buckets/Files/XList.php | 2 +- .../Modules/Teams/Http/Memberships/Create.php | 2 +- .../Modules/Teams/Http/Memberships/Get.php | 2 +- .../Modules/Teams/Http/Memberships/Update.php | 2 +- .../Modules/Teams/Http/Memberships/XList.php | 2 +- .../Modules/Teams/Http/Teams/Create.php | 2 +- .../Http/Tokens/Buckets/Files/Action.php | 2 +- .../Utopia/Database/Documents/User.php | 10 +++--- src/Appwrite/Utopia/Request.php | 2 +- src/Appwrite/Utopia/Response.php | 2 +- tests/unit/Auth/KeyTest.php | 16 +++++----- .../Utopia/Database/Documents/UserTest.php | 32 +++++++++---------- 39 files changed, 73 insertions(+), 73 deletions(-) diff --git a/app/config/roles.php b/app/config/roles.php index abb8d4481f..d5ae7c1331 100644 --- a/app/config/roles.php +++ b/app/config/roles.php @@ -150,7 +150,7 @@ return [ 'label' => 'Owner', 'scopes' => \array_merge($member, $admins), ], - User::ROLE_APPS => [ + User::ROLE_KEYS => [ 'label' => 'Applications', 'scopes' => ['global', 'health.read', 'graphql'], ], diff --git a/app/controllers/api/graphql.php b/app/controllers/api/graphql.php index 9ec2479749..4a509aefdd 100644 --- a/app/controllers/api/graphql.php +++ b/app/controllers/api/graphql.php @@ -39,7 +39,7 @@ Http::init() if ( array_key_exists('graphql', $project->getAttribute('apis', [])) && !$project->getAttribute('apis', [])['graphql'] - && !($user->isPrivileged($authorization->getRoles()) || $user->isApp($authorization->getRoles())) + && !($user->isPrivileged($authorization->getRoles()) || $user->isKey($authorization->getRoles())) ) { throw new AppwriteException(AppwriteException::GENERAL_API_DISABLED); } diff --git a/app/controllers/shared/api.php b/app/controllers/shared/api.php index 2ee601f685..494bd3da28 100644 --- a/app/controllers/shared/api.php +++ b/app/controllers/shared/api.php @@ -175,8 +175,8 @@ Http::init() $role = $apiKey->getRole(); $scopes = $apiKey->getScopes(); - // Handle special app role case - if ($apiKey->getRole() === User::ROLE_APPS) { + // Handle special key role case + if ($apiKey->getRole() === User::ROLE_KEYS) { // Disable authorization checks for project API keys // Dynamic supported for backwards compatibility if (($apiKey->getType() === API_KEY_STANDARD || $apiKey->getType() === API_KEY_EPHEMERAL || $apiKey->getType() === 'dynamic') && $apiKey->getProjectId() === $project->getId()) { @@ -425,7 +425,7 @@ Http::init() if ( array_key_exists($namespace, $project->getAttribute('services', [])) && ! $project->getAttribute('services', [])[$namespace] - && ! ($user->isPrivileged($authorization->getRoles()) || $user->isApp($authorization->getRoles())) + && ! ($user->isPrivileged($authorization->getRoles()) || $user->isKey($authorization->getRoles())) ) { throw new Exception(Exception::GENERAL_SERVICE_DISABLED); } @@ -435,7 +435,7 @@ Http::init() if ( array_key_exists('rest', $project->getAttribute('apis', [])) && ! $project->getAttribute('apis', [])['rest'] - && ! ($user->isPrivileged($authorization->getRoles()) || $user->isApp($authorization->getRoles())) + && ! ($user->isPrivileged($authorization->getRoles()) || $user->isKey($authorization->getRoles())) ) { throw new AppwriteException(AppwriteException::GENERAL_API_DISABLED); } @@ -488,7 +488,7 @@ Http::init() $roles = $authorization->getRoles(); $shouldCheckAbuse = System::getEnv('_APP_OPTIONS_ABUSE', 'enabled') !== 'disabled' - && ! $user->isApp($roles) + && ! $user->isKey($roles) && ! $user->isPrivileged($roles) && $devKey->isEmpty(); @@ -611,7 +611,7 @@ Http::init() $storageCacheOperationsCounter = $telemetry->createCounter('storage.cache.operations.load'); if ($useCache) { $roles = $authorization->getRoles(); - $isAppUser = $user->isApp($roles); + $isAppUser = $user->isKey($roles); $isImageTransformation = $route->getPath() === '/v1/storage/buckets/:bucketId/files/:fileId/preview'; $isDisabled = isset($plan['imageTransformations']) && $plan['imageTransformations'] === -1 && ! $user->isPrivileged($roles); diff --git a/app/controllers/shared/api/auth.php b/app/controllers/shared/api/auth.php index 4fda054fd6..dfb384f893 100644 --- a/app/controllers/shared/api/auth.php +++ b/app/controllers/shared/api/auth.php @@ -51,7 +51,7 @@ Http::init() } $isPrivilegedUser = $user->isPrivileged($authorization->getRoles()); - $isAppUser = $user->isApp($authorization->getRoles()); + $isAppUser = $user->isKey($authorization->getRoles()); if ($isAppUser || $isPrivilegedUser) { // Skip limits for app and console devs return; diff --git a/app/realtime.php b/app/realtime.php index d8b70960b8..ce2dc41e54 100644 --- a/app/realtime.php +++ b/app/realtime.php @@ -858,7 +858,7 @@ $server->onOpen(function (int $connection, SwooleRequest $request) use ($server, $websocketEnabled = $apis['websocket'] ?? $apis['realtime'] ?? true; if ( !$websocketEnabled - && !($user->isPrivileged($authorization->getRoles()) || $user->isApp($authorization->getRoles())) + && !($user->isPrivileged($authorization->getRoles()) || $user->isKey($authorization->getRoles())) ) { throw new AppwriteException(AppwriteException::GENERAL_API_DISABLED); } diff --git a/src/Appwrite/Auth/Key.php b/src/Appwrite/Auth/Key.php index 0cbaefa4b3..f33f591d52 100644 --- a/src/Appwrite/Auth/Key.php +++ b/src/Appwrite/Auth/Key.php @@ -122,9 +122,9 @@ class Key $secret = $key; } - $role = User::ROLE_APPS; + $role = User::ROLE_KEYS; $roles = Config::getParam('roles', []); - $scopes = $roles[User::ROLE_APPS]['scopes'] ?? []; + $scopes = $roles[User::ROLE_KEYS]['scopes'] ?? []; $expired = false; $guestKey = new Key( @@ -270,7 +270,7 @@ class Key $name = $key->getAttribute('name', 'UNKNOWN'); - $role = User::ROLE_APPS; + $role = User::ROLE_KEYS; $scopes = $key->getAttribute('scopes', []); diff --git a/src/Appwrite/Platform/Modules/Databases/Http/Databases/Collections/Documents/Attribute/Decrement.php b/src/Appwrite/Platform/Modules/Databases/Http/Databases/Collections/Documents/Attribute/Decrement.php index e0464f7e52..9319cffc57 100644 --- a/src/Appwrite/Platform/Modules/Databases/Http/Databases/Collections/Documents/Attribute/Decrement.php +++ b/src/Appwrite/Platform/Modules/Databases/Http/Databases/Collections/Documents/Attribute/Decrement.php @@ -93,7 +93,7 @@ class Decrement extends Action public function action(string $databaseId, string $collectionId, string $documentId, string $attribute, int|float $value, int|float|null $min, ?string $transactionId, UtopiaResponse $response, Database $dbForProject, callable $getDatabasesDB, Event $queueForEvents, Context $usage, array $plan, Authorization $authorization, User $user): void { - $isAPIKey = $user->isApp($authorization->getRoles()); + $isAPIKey = $user->isKey($authorization->getRoles()); $isPrivilegedUser = $user->isPrivileged($authorization->getRoles()); $database = $authorization->skip(fn () => $dbForProject->getDocument('databases', $databaseId)); diff --git a/src/Appwrite/Platform/Modules/Databases/Http/Databases/Collections/Documents/Attribute/Increment.php b/src/Appwrite/Platform/Modules/Databases/Http/Databases/Collections/Documents/Attribute/Increment.php index de090f9882..ba74545342 100644 --- a/src/Appwrite/Platform/Modules/Databases/Http/Databases/Collections/Documents/Attribute/Increment.php +++ b/src/Appwrite/Platform/Modules/Databases/Http/Databases/Collections/Documents/Attribute/Increment.php @@ -93,7 +93,7 @@ class Increment extends Action public function action(string $databaseId, string $collectionId, string $documentId, string $attribute, int|float $value, int|float|null $max, ?string $transactionId, UtopiaResponse $response, Database $dbForProject, callable $getDatabasesDB, Event $queueForEvents, Context $usage, array $plan, Authorization $authorization, User $user): void { - $isAPIKey = $user->isApp($authorization->getRoles()); + $isAPIKey = $user->isKey($authorization->getRoles()); $isPrivilegedUser = $user->isPrivileged($authorization->getRoles()); $database = $authorization->skip(fn () => $dbForProject->getDocument('databases', $databaseId)); diff --git a/src/Appwrite/Platform/Modules/Databases/Http/Databases/Collections/Documents/Create.php b/src/Appwrite/Platform/Modules/Databases/Http/Databases/Collections/Documents/Create.php index 2ade0b2b79..2e861dfcce 100644 --- a/src/Appwrite/Platform/Modules/Databases/Http/Databases/Collections/Documents/Create.php +++ b/src/Appwrite/Platform/Modules/Databases/Http/Databases/Collections/Documents/Create.php @@ -201,7 +201,7 @@ class Create extends Action $documents = [$data]; } - $isAPIKey = $user->isApp($authorization->getRoles()); + $isAPIKey = $user->isKey($authorization->getRoles()); $isPrivilegedUser = $user->isPrivileged($authorization->getRoles()); if ($isBulk && !$isAPIKey && !$isPrivilegedUser) { diff --git a/src/Appwrite/Platform/Modules/Databases/Http/Databases/Collections/Documents/Delete.php b/src/Appwrite/Platform/Modules/Databases/Http/Databases/Collections/Documents/Delete.php index ecc5b152ec..e0863b8ac7 100644 --- a/src/Appwrite/Platform/Modules/Databases/Http/Databases/Collections/Documents/Delete.php +++ b/src/Appwrite/Platform/Modules/Databases/Http/Databases/Collections/Documents/Delete.php @@ -107,7 +107,7 @@ class Delete extends Action ): void { $database = $authorization->skip(fn () => $dbForProject->getDocument('databases', $databaseId)); - $isAPIKey = $user->isApp($authorization->getRoles()); + $isAPIKey = $user->isKey($authorization->getRoles()); $isPrivilegedUser = $user->isPrivileged($authorization->getRoles()); if ($database->isEmpty() || (!$database->getAttribute('enabled', false) && !$isAPIKey && !$isPrivilegedUser)) { diff --git a/src/Appwrite/Platform/Modules/Databases/Http/Databases/Collections/Documents/Get.php b/src/Appwrite/Platform/Modules/Databases/Http/Databases/Collections/Documents/Get.php index 06f0e9cf1c..c40e70d667 100644 --- a/src/Appwrite/Platform/Modules/Databases/Http/Databases/Collections/Documents/Get.php +++ b/src/Appwrite/Platform/Modules/Databases/Http/Databases/Collections/Documents/Get.php @@ -78,7 +78,7 @@ class Get extends Action public function action(string $databaseId, string $collectionId, string $documentId, array $queries, ?string $transactionId, UtopiaResponse $response, Database $dbForProject, callable $getDatabasesDB, Context $usage, TransactionState $transactionState, Authorization $authorization, User $user): void { - $isAPIKey = $user->isApp($authorization->getRoles()); + $isAPIKey = $user->isKey($authorization->getRoles()); $isPrivilegedUser = $user->isPrivileged($authorization->getRoles()); $database = $authorization->skip(fn () => $dbForProject->getDocument('databases', $databaseId)); diff --git a/src/Appwrite/Platform/Modules/Databases/Http/Databases/Collections/Documents/Update.php b/src/Appwrite/Platform/Modules/Databases/Http/Databases/Collections/Documents/Update.php index b86d934ffb..4a675615da 100644 --- a/src/Appwrite/Platform/Modules/Databases/Http/Databases/Collections/Documents/Update.php +++ b/src/Appwrite/Platform/Modules/Databases/Http/Databases/Collections/Documents/Update.php @@ -103,7 +103,7 @@ class Update extends Action $database = $authorization->skip(fn () => $dbForProject->getDocument('databases', $databaseId)); - $isAPIKey = $user->isApp($authorization->getRoles()); + $isAPIKey = $user->isKey($authorization->getRoles()); $isPrivilegedUser = $user->isPrivileged($authorization->getRoles()); if ($database->isEmpty() || (!$database->getAttribute('enabled', false) && !$isAPIKey && !$isPrivilegedUser)) { diff --git a/src/Appwrite/Platform/Modules/Databases/Http/Databases/Collections/Documents/Upsert.php b/src/Appwrite/Platform/Modules/Databases/Http/Databases/Collections/Documents/Upsert.php index fb3d414097..ae940456f0 100644 --- a/src/Appwrite/Platform/Modules/Databases/Http/Databases/Collections/Documents/Upsert.php +++ b/src/Appwrite/Platform/Modules/Databases/Http/Databases/Collections/Documents/Upsert.php @@ -108,7 +108,7 @@ class Upsert extends Action throw new Exception($this->getMissingPayloadException()); } - $isAPIKey = $user->isApp($authorization->getRoles()); + $isAPIKey = $user->isKey($authorization->getRoles()); $isPrivilegedUser = $user->isPrivileged($authorization->getRoles()); $database = $authorization->skip(fn () => $dbForProject->getDocument('databases', $databaseId)); diff --git a/src/Appwrite/Platform/Modules/Databases/Http/Databases/Collections/Documents/XList.php b/src/Appwrite/Platform/Modules/Databases/Http/Databases/Collections/Documents/XList.php index fdcbced6f3..afde3d0baa 100644 --- a/src/Appwrite/Platform/Modules/Databases/Http/Databases/Collections/Documents/XList.php +++ b/src/Appwrite/Platform/Modules/Databases/Http/Databases/Collections/Documents/XList.php @@ -88,7 +88,7 @@ class XList extends Action public function action(string $databaseId, string $collectionId, array $queries, ?string $transactionId, bool $includeTotal, int $ttl, UtopiaResponse $response, Database $dbForProject, User $user, callable $getDatabasesDB, Context $usage, TransactionState $transactionState, Authorization $authorization, ?Http $utopia = null): void { - $isAPIKey = $user->isApp($authorization->getRoles()); + $isAPIKey = $user->isKey($authorization->getRoles()); $isPrivilegedUser = $user->isPrivileged($authorization->getRoles()); $database = $authorization->skip(fn () => $dbForProject->getDocument('databases', $databaseId)); diff --git a/src/Appwrite/Platform/Modules/Databases/Http/Databases/Transactions/Operations/Create.php b/src/Appwrite/Platform/Modules/Databases/Http/Databases/Transactions/Operations/Create.php index f06feccdee..8e085a9481 100644 --- a/src/Appwrite/Platform/Modules/Databases/Http/Databases/Transactions/Operations/Create.php +++ b/src/Appwrite/Platform/Modules/Databases/Http/Databases/Transactions/Operations/Create.php @@ -75,7 +75,7 @@ class Create extends Action throw new Exception(Exception::GENERAL_BAD_REQUEST, 'Operations array cannot be empty'); } - $isAPIKey = $user->isApp($authorization->getRoles()); + $isAPIKey = $user->isKey($authorization->getRoles()); $isPrivilegedUser = $user->isPrivileged($authorization->getRoles()); // API keys and admins can read any transaction, regular users need permissions diff --git a/src/Appwrite/Platform/Modules/Databases/Http/Databases/Transactions/Update.php b/src/Appwrite/Platform/Modules/Databases/Http/Databases/Transactions/Update.php index fe2ad8dbae..de057ae15e 100644 --- a/src/Appwrite/Platform/Modules/Databases/Http/Databases/Transactions/Update.php +++ b/src/Appwrite/Platform/Modules/Databases/Http/Databases/Transactions/Update.php @@ -120,7 +120,7 @@ class Update extends Action throw new Exception(Exception::GENERAL_BAD_REQUEST, 'Cannot commit and rollback at the same time'); } - $isAPIKey = $user->isApp($authorization->getRoles()); + $isAPIKey = $user->isKey($authorization->getRoles()); $isPrivilegedUser = $user->isPrivileged($authorization->getRoles()); $transaction = ($isAPIKey || $isPrivilegedUser) diff --git a/src/Appwrite/Platform/Modules/Functions/Http/Executions/Create.php b/src/Appwrite/Platform/Modules/Functions/Http/Executions/Create.php index 35264730f8..1089d815b5 100644 --- a/src/Appwrite/Platform/Modules/Functions/Http/Executions/Create.php +++ b/src/Appwrite/Platform/Modules/Functions/Http/Executions/Create.php @@ -161,7 +161,7 @@ class Create extends Base /* @var Document $function */ $function = $authorization->skip(fn () => $dbForProject->getDocument('functions', $functionId)); - $isAPIKey = $user->isApp($authorization->getRoles()); + $isAPIKey = $user->isKey($authorization->getRoles()); $isPrivilegedUser = $user->isPrivileged($authorization->getRoles()); if ($function->isEmpty() || (!$function->getAttribute('enabled') && !$isAPIKey && !$isPrivilegedUser)) { diff --git a/src/Appwrite/Platform/Modules/Functions/Http/Executions/Get.php b/src/Appwrite/Platform/Modules/Functions/Http/Executions/Get.php index 0a9dd01b7e..9908669f84 100644 --- a/src/Appwrite/Platform/Modules/Functions/Http/Executions/Get.php +++ b/src/Appwrite/Platform/Modules/Functions/Http/Executions/Get.php @@ -67,7 +67,7 @@ class Get extends Base ) { $function = $authorization->skip(fn () => $dbForProject->getDocument('functions', $functionId)); - $isAPIKey = $user->isApp($authorization->getRoles()); + $isAPIKey = $user->isKey($authorization->getRoles()); $isPrivilegedUser = $user->isPrivileged($authorization->getRoles()); if ($function->isEmpty() || (!$function->getAttribute('enabled') && !$isAPIKey && !$isPrivilegedUser)) { diff --git a/src/Appwrite/Platform/Modules/Functions/Http/Executions/XList.php b/src/Appwrite/Platform/Modules/Functions/Http/Executions/XList.php index 6ad2a5ae55..bf31fa0ced 100644 --- a/src/Appwrite/Platform/Modules/Functions/Http/Executions/XList.php +++ b/src/Appwrite/Platform/Modules/Functions/Http/Executions/XList.php @@ -77,7 +77,7 @@ class XList extends Base ) { $function = $authorization->skip(fn () => $dbForProject->getDocument('functions', $functionId)); - $isAPIKey = $user->isApp($authorization->getRoles()); + $isAPIKey = $user->isKey($authorization->getRoles()); $isPrivilegedUser = $user->isPrivileged($authorization->getRoles()); if ($function->isEmpty() || (!$function->getAttribute('enabled') && !$isAPIKey && !$isPrivilegedUser)) { diff --git a/src/Appwrite/Platform/Modules/Storage/Http/Buckets/Files/Create.php b/src/Appwrite/Platform/Modules/Storage/Http/Buckets/Files/Create.php index 8530475f0c..95ef2cbe28 100644 --- a/src/Appwrite/Platform/Modules/Storage/Http/Buckets/Files/Create.php +++ b/src/Appwrite/Platform/Modules/Storage/Http/Buckets/Files/Create.php @@ -115,7 +115,7 @@ class Create extends Action ) { $bucket = $authorization->skip(fn () => $dbForProject->getDocument('buckets', $bucketId)); - $isAPIKey = $user->isApp($authorization->getRoles()); + $isAPIKey = $user->isKey($authorization->getRoles()); $isPrivilegedUser = $user->isPrivileged($authorization->getRoles()); if ($bucket->isEmpty() || (!$bucket->getAttribute('enabled') && !$isAPIKey && !$isPrivilegedUser)) { diff --git a/src/Appwrite/Platform/Modules/Storage/Http/Buckets/Files/Delete.php b/src/Appwrite/Platform/Modules/Storage/Http/Buckets/Files/Delete.php index 6d8781d484..c16b374c78 100644 --- a/src/Appwrite/Platform/Modules/Storage/Http/Buckets/Files/Delete.php +++ b/src/Appwrite/Platform/Modules/Storage/Http/Buckets/Files/Delete.php @@ -84,7 +84,7 @@ class Delete extends Action ) { $bucket = $authorization->skip(fn () => $dbForProject->getDocument('buckets', $bucketId)); - $isAPIKey = $user->isApp($authorization->getRoles()); + $isAPIKey = $user->isKey($authorization->getRoles()); $isPrivilegedUser = $user->isPrivileged($authorization->getRoles()); if ($bucket->isEmpty() || (!$bucket->getAttribute('enabled') && !$isAPIKey && !$isPrivilegedUser)) { diff --git a/src/Appwrite/Platform/Modules/Storage/Http/Buckets/Files/Download/Get.php b/src/Appwrite/Platform/Modules/Storage/Http/Buckets/Files/Download/Get.php index c876004319..7e5d7d6879 100644 --- a/src/Appwrite/Platform/Modules/Storage/Http/Buckets/Files/Download/Get.php +++ b/src/Appwrite/Platform/Modules/Storage/Http/Buckets/Files/Download/Get.php @@ -90,7 +90,7 @@ class Get extends Action /* @type Document $bucket */ $bucket = $authorization->skip(fn () => $dbForProject->getDocument('buckets', $bucketId)); - $isAPIKey = $user->isApp($authorization->getRoles()); + $isAPIKey = $user->isKey($authorization->getRoles()); $isPrivilegedUser = $user->isPrivileged($authorization->getRoles()); if ($bucket->isEmpty() || (!$bucket->getAttribute('enabled') && !$isAPIKey && !$isPrivilegedUser)) { diff --git a/src/Appwrite/Platform/Modules/Storage/Http/Buckets/Files/Get.php b/src/Appwrite/Platform/Modules/Storage/Http/Buckets/Files/Get.php index c9ce5796eb..d997fe3cc0 100644 --- a/src/Appwrite/Platform/Modules/Storage/Http/Buckets/Files/Get.php +++ b/src/Appwrite/Platform/Modules/Storage/Http/Buckets/Files/Get.php @@ -65,7 +65,7 @@ class Get extends Action ) { $bucket = $authorization->skip(fn () => $dbForProject->getDocument('buckets', $bucketId)); - $isAPIKey = $user->isApp($authorization->getRoles()); + $isAPIKey = $user->isKey($authorization->getRoles()); $isPrivilegedUser = $user->isPrivileged($authorization->getRoles()); if ($bucket->isEmpty() || (!$bucket->getAttribute('enabled') && !$isAPIKey && !$isPrivilegedUser)) { diff --git a/src/Appwrite/Platform/Modules/Storage/Http/Buckets/Files/Preview/Get.php b/src/Appwrite/Platform/Modules/Storage/Http/Buckets/Files/Preview/Get.php index 68bc2cabae..0cca87c646 100644 --- a/src/Appwrite/Platform/Modules/Storage/Http/Buckets/Files/Preview/Get.php +++ b/src/Appwrite/Platform/Modules/Storage/Http/Buckets/Files/Preview/Get.php @@ -133,7 +133,7 @@ class Get extends Action $bucket = $authorization->skip(fn () => $dbForProject->getDocument('buckets', $bucketId)); - $isAPIKey = $user->isApp($authorization->getRoles()); + $isAPIKey = $user->isKey($authorization->getRoles()); $isPrivilegedUser = $user->isPrivileged($authorization->getRoles()); if ($bucket->isEmpty() || (!$bucket->getAttribute('enabled') && !$isAPIKey && !$isPrivilegedUser)) { diff --git a/src/Appwrite/Platform/Modules/Storage/Http/Buckets/Files/Push/Get.php b/src/Appwrite/Platform/Modules/Storage/Http/Buckets/Files/Push/Get.php index 5b3fd02370..f069b1cc2a 100644 --- a/src/Appwrite/Platform/Modules/Storage/Http/Buckets/Files/Push/Get.php +++ b/src/Appwrite/Platform/Modules/Storage/Http/Buckets/Files/Push/Get.php @@ -90,7 +90,7 @@ class Get extends Action $disposition = $decoded['disposition'] ?? 'inline'; $dbForProject = $isInternal ? $dbForPlatform : $dbForProject; - $isAPIKey = $user->isApp($authorization->getRoles()); + $isAPIKey = $user->isKey($authorization->getRoles()); $isPrivilegedUser = $user->isPrivileged($authorization->getRoles()); $bucket = $authorization->skip(fn () => $dbForProject->getDocument('buckets', $bucketId)); diff --git a/src/Appwrite/Platform/Modules/Storage/Http/Buckets/Files/Update.php b/src/Appwrite/Platform/Modules/Storage/Http/Buckets/Files/Update.php index 407f3766df..fb1245d29c 100644 --- a/src/Appwrite/Platform/Modules/Storage/Http/Buckets/Files/Update.php +++ b/src/Appwrite/Platform/Modules/Storage/Http/Buckets/Files/Update.php @@ -81,7 +81,7 @@ class Update extends Action ) { $bucket = $authorization->skip(fn () => $dbForProject->getDocument('buckets', $bucketId)); - $isAPIKey = $user->isApp($authorization->getRoles()); + $isAPIKey = $user->isKey($authorization->getRoles()); $isPrivilegedUser = $user->isPrivileged($authorization->getRoles()); if ($bucket->isEmpty() || (!$bucket->getAttribute('enabled') && !$isAPIKey && !$isPrivilegedUser)) { @@ -110,7 +110,7 @@ class Update extends Action // Users can only manage their own roles, API keys and Admin users can manage any $roles = $authorization->getRoles(); - if (!$user->isApp($roles) && !$user->isPrivileged($roles) && !\is_null($permissions)) { + if (!$user->isKey($roles) && !$user->isPrivileged($roles) && !\is_null($permissions)) { foreach (Database::PERMISSIONS as $type) { foreach ($permissions as $permission) { $permission = Permission::parse($permission); diff --git a/src/Appwrite/Platform/Modules/Storage/Http/Buckets/Files/View/Get.php b/src/Appwrite/Platform/Modules/Storage/Http/Buckets/Files/View/Get.php index b2f00da6d2..b78d582c47 100644 --- a/src/Appwrite/Platform/Modules/Storage/Http/Buckets/Files/View/Get.php +++ b/src/Appwrite/Platform/Modules/Storage/Http/Buckets/Files/View/Get.php @@ -91,7 +91,7 @@ class Get extends Action /* @type Document $bucket */ $bucket = $authorization->skip(fn () => $dbForProject->getDocument('buckets', $bucketId)); - $isAPIKey = $user->isApp($authorization->getRoles()); + $isAPIKey = $user->isKey($authorization->getRoles()); $isPrivilegedUser = $user->isPrivileged($authorization->getRoles()); if ($bucket->isEmpty() || (!$bucket->getAttribute('enabled') && !$isAPIKey && !$isPrivilegedUser)) { diff --git a/src/Appwrite/Platform/Modules/Storage/Http/Buckets/Files/XList.php b/src/Appwrite/Platform/Modules/Storage/Http/Buckets/Files/XList.php index 945c4bfd7c..28dfa87c5d 100644 --- a/src/Appwrite/Platform/Modules/Storage/Http/Buckets/Files/XList.php +++ b/src/Appwrite/Platform/Modules/Storage/Http/Buckets/Files/XList.php @@ -80,7 +80,7 @@ class XList extends Action ) { $bucket = $authorization->skip(fn () => $dbForProject->getDocument('buckets', $bucketId)); - $isAPIKey = $user->isApp($authorization->getRoles()); + $isAPIKey = $user->isKey($authorization->getRoles()); $isPrivilegedUser = $user->isPrivileged($authorization->getRoles()); if ($bucket->isEmpty() || (!$bucket->getAttribute('enabled') && !$isAPIKey && !$isPrivilegedUser)) { diff --git a/src/Appwrite/Platform/Modules/Teams/Http/Memberships/Create.php b/src/Appwrite/Platform/Modules/Teams/Http/Memberships/Create.php index 5500a56cbc..3bffb091ba 100644 --- a/src/Appwrite/Platform/Modules/Teams/Http/Memberships/Create.php +++ b/src/Appwrite/Platform/Modules/Teams/Http/Memberships/Create.php @@ -103,7 +103,7 @@ class Create extends Action public function action(string $teamId, string $email, string $userId, string $phone, array $roles, string $url, string $name, Response $response, Document $project, User $user, Database $dbForProject, Authorization $authorization, Locale $locale, MailPublisher $publisherForMails, MessagingPublisher $publisherForMessaging, Event $queueForEvents, callable $timelimit, Context $usage, array $plan, array $platform, Password $proofForPassword, Token $proofForToken) { - $isAppUser = $user->isApp($authorization->getRoles()); + $isAppUser = $user->isKey($authorization->getRoles()); $isPrivilegedUser = $user->isPrivileged($authorization->getRoles()); $invitee = new Document(); $hash = ''; diff --git a/src/Appwrite/Platform/Modules/Teams/Http/Memberships/Get.php b/src/Appwrite/Platform/Modules/Teams/Http/Memberships/Get.php index ef8d130855..556f6de52c 100644 --- a/src/Appwrite/Platform/Modules/Teams/Http/Memberships/Get.php +++ b/src/Appwrite/Platform/Modules/Teams/Http/Memberships/Get.php @@ -81,7 +81,7 @@ class Get extends Action $roles = $authorization->getRoles(); $isPrivilegedUser = $user->isPrivileged($roles); - $isAppUser = $user->isApp($roles); + $isAppUser = $user->isKey($roles); $membershipsPrivacy = array_map(function ($privacy) use ($isPrivilegedUser, $isAppUser) { return $privacy || $isPrivilegedUser || $isAppUser; diff --git a/src/Appwrite/Platform/Modules/Teams/Http/Memberships/Update.php b/src/Appwrite/Platform/Modules/Teams/Http/Memberships/Update.php index 540dc8a871..2198531e64 100644 --- a/src/Appwrite/Platform/Modules/Teams/Http/Memberships/Update.php +++ b/src/Appwrite/Platform/Modules/Teams/Http/Memberships/Update.php @@ -84,7 +84,7 @@ class Update extends Action } $isPrivilegedUser = $user->isPrivileged($authorization->getRoles()); - $isAppUser = $user->isApp($authorization->getRoles()); + $isAppUser = $user->isKey($authorization->getRoles()); $isOwner = $authorization->hasRole('team:' . $team->getId() . '/owner'); if ($project->getId() === 'console') { diff --git a/src/Appwrite/Platform/Modules/Teams/Http/Memberships/XList.php b/src/Appwrite/Platform/Modules/Teams/Http/Memberships/XList.php index 7835c8051f..45f7eb33aa 100644 --- a/src/Appwrite/Platform/Modules/Teams/Http/Memberships/XList.php +++ b/src/Appwrite/Platform/Modules/Teams/Http/Memberships/XList.php @@ -134,7 +134,7 @@ class XList extends Action $roles = $authorization->getRoles(); $isPrivilegedUser = $user->isPrivileged($roles); - $isAppUser = $user->isApp($roles); + $isAppUser = $user->isKey($roles); $membershipsPrivacy = array_map(function ($privacy) use ($isPrivilegedUser, $isAppUser) { return $privacy || $isPrivilegedUser || $isAppUser; diff --git a/src/Appwrite/Platform/Modules/Teams/Http/Teams/Create.php b/src/Appwrite/Platform/Modules/Teams/Http/Teams/Create.php index 0d20a58b6b..222b0968be 100644 --- a/src/Appwrite/Platform/Modules/Teams/Http/Teams/Create.php +++ b/src/Appwrite/Platform/Modules/Teams/Http/Teams/Create.php @@ -71,7 +71,7 @@ class Create extends Action public function action(string $teamId, string $name, array $roles, Response $response, User $user, Database $dbForProject, Authorization $authorization, Event $queueForEvents) { $isPrivilegedUser = $user->isPrivileged($authorization->getRoles()); - $isAppUser = $user->isApp($authorization->getRoles()); + $isAppUser = $user->isKey($authorization->getRoles()); $teamId = $teamId == 'unique()' ? ID::unique() : $teamId; diff --git a/src/Appwrite/Platform/Modules/Tokens/Http/Tokens/Buckets/Files/Action.php b/src/Appwrite/Platform/Modules/Tokens/Http/Tokens/Buckets/Files/Action.php index 934074d3c2..85247678f8 100644 --- a/src/Appwrite/Platform/Modules/Tokens/Http/Tokens/Buckets/Files/Action.php +++ b/src/Appwrite/Platform/Modules/Tokens/Http/Tokens/Buckets/Files/Action.php @@ -15,7 +15,7 @@ class Action extends UtopiaAction { $bucket = $authorization->skip(fn () => $dbForProject->getDocument('buckets', $bucketId)); - $isAPIKey = $user->isApp($authorization->getRoles()); + $isAPIKey = $user->isKey($authorization->getRoles()); $isPrivilegedUser = $user->isPrivileged($authorization->getRoles()); if ($bucket->isEmpty() || (!$bucket->getAttribute('enabled') && !$isAPIKey && !$isPrivilegedUser)) { diff --git a/src/Appwrite/Utopia/Database/Documents/User.php b/src/Appwrite/Utopia/Database/Documents/User.php index 211c6449dc..3004efe382 100644 --- a/src/Appwrite/Utopia/Database/Documents/User.php +++ b/src/Appwrite/Utopia/Database/Documents/User.php @@ -17,7 +17,7 @@ class User extends Document public const ROLE_ADMIN = 'admin'; public const ROLE_DEVELOPER = 'developer'; public const ROLE_OWNER = 'owner'; - public const ROLE_APPS = 'apps'; + public const ROLE_KEYS = 'keys'; public const ROLE_SYSTEM = 'system'; public function getEmail(): ?string @@ -39,7 +39,7 @@ class User extends Document { $roles = []; - if (!$this->isApp($authorization->getRoles())) { + if (!$this->isKey($authorization->getRoles())) { if ($this->getId()) { $roles[] = Role::user($this->getId())->toString(); $roles[] = Role::users()->toString(); @@ -115,15 +115,15 @@ class User extends Document } /** - * Is App User? + * Is Key User? * * @param array $roles * * @return bool */ - public function isApp(array $roles): bool + public function isKey(array $roles): bool { - if (in_array(self::ROLE_APPS, $roles)) { + if (in_array(self::ROLE_KEYS, $roles)) { return true; } diff --git a/src/Appwrite/Utopia/Request.php b/src/Appwrite/Utopia/Request.php index 24803eeaa7..1070d993c8 100644 --- a/src/Appwrite/Utopia/Request.php +++ b/src/Appwrite/Utopia/Request.php @@ -240,7 +240,7 @@ class Request extends UtopiaRequest $forwardedUserAgent = $this->getHeader('x-forwarded-user-agent'); if (!empty($forwardedUserAgent)) { $roles = $this->authorization->getRoles(); - $isAppUser = $this->user?->isApp($roles) ?? false; + $isAppUser = $this->user?->isKey($roles) ?? false; if ($isAppUser) { return $forwardedUserAgent; diff --git a/src/Appwrite/Utopia/Response.php b/src/Appwrite/Utopia/Response.php index 66e4a5f4ae..c8b573fc49 100644 --- a/src/Appwrite/Utopia/Response.php +++ b/src/Appwrite/Utopia/Response.php @@ -591,7 +591,7 @@ class Response extends SwooleResponse $roles = $this->authorization->getRoles(); $user = $this->user ?? new DBUser(); $isPrivilegedUser = $user->isPrivileged($roles); - $isAppUser = $user->isApp($roles); + $isAppUser = $user->isKey($roles); if ((!$isPrivilegedUser && !$isAppUser) && !$this->showSensitive) { $data->setAttribute($key, ''); diff --git a/tests/unit/Auth/KeyTest.php b/tests/unit/Auth/KeyTest.php index bcdb46180f..674fdf09aa 100644 --- a/tests/unit/Auth/KeyTest.php +++ b/tests/unit/Auth/KeyTest.php @@ -22,7 +22,7 @@ class KeyTest extends TestCase 'collections.read', 'documents.read', ]; - $roleScopes = Config::getParam('roles', [])[User::ROLE_APPS]['scopes']; + $roleScopes = Config::getParam('roles', [])[User::ROLE_KEYS]['scopes']; $guestRoleScopes = Config::getParam('roles', [])[User::ROLE_GUESTS]['scopes']; $key = self::generateKey($projectId, $usage, $scopes); @@ -37,7 +37,7 @@ class KeyTest extends TestCase $this->assertEquals('', $decoded->getTeamId()); $this->assertEquals('', $decoded->getUserId()); $this->assertEquals(API_KEY_EPHEMERAL, $decoded->getType()); - $this->assertEquals(User::ROLE_APPS, $decoded->getRole()); + $this->assertEquals(User::ROLE_KEYS, $decoded->getRole()); $this->assertEquals(\array_merge($scopes, $roleScopes), $decoded->getScopes()); $this->assertEquals('Ephemeral Key', $decoded->getName()); @@ -61,7 +61,7 @@ class KeyTest extends TestCase $this->assertEquals('', $decoded->getTeamId()); $this->assertEquals('', $decoded->getUserId()); $this->assertEquals(API_KEY_EPHEMERAL, $decoded->getType()); - $this->assertEquals(User::ROLE_APPS, $decoded->getRole()); + $this->assertEquals(User::ROLE_KEYS, $decoded->getRole()); $this->assertEquals(\array_merge($scopes, $roleScopes), $decoded->getScopes()); $this->assertEquals('Ephemeral Key', $decoded->getName()); $this->assertEquals(['metric123'], $decoded->getDisabledMetrics()); @@ -123,7 +123,7 @@ class KeyTest extends TestCase $this->assertEquals('', $decoded->getTeamId()); $this->assertEquals('', $decoded->getUserId()); $this->assertEquals(API_KEY_STANDARD, $decoded->getType()); - $this->assertEquals(User::ROLE_APPS, $decoded->getRole()); + $this->assertEquals(User::ROLE_KEYS, $decoded->getRole()); $this->assertEquals(\array_merge($scopes, $roleScopes), $decoded->getScopes()); $this->assertEquals('Standard key', $decoded->getName()); @@ -146,7 +146,7 @@ class KeyTest extends TestCase $this->assertEquals('', $decoded->getTeamId()); $this->assertEquals('', $decoded->getUserId()); $this->assertEquals(API_KEY_STANDARD, $decoded->getType()); - $this->assertEquals(User::ROLE_APPS, $decoded->getRole()); + $this->assertEquals(User::ROLE_KEYS, $decoded->getRole()); $this->assertEquals(\array_merge($scopes, $roleScopes), $decoded->getScopes()); $this->assertEquals('Standard key', $decoded->getName()); @@ -194,7 +194,7 @@ class KeyTest extends TestCase $this->assertEquals('', $decoded->getTeamId()); $this->assertEquals('', $decoded->getUserId()); $this->assertEquals(API_KEY_STANDARD, $decoded->getType()); - $this->assertEquals(User::ROLE_APPS, $decoded->getRole()); + $this->assertEquals(User::ROLE_KEYS, $decoded->getRole()); $this->assertEquals(\array_merge($scopes, $roleScopes), $decoded->getScopes()); $this->assertEquals('Standard key', $decoded->getName()); @@ -289,7 +289,7 @@ class KeyTest extends TestCase $this->assertEquals($teamId, $decoded->getTeamId()); $this->assertEquals('', $decoded->getUserId()); $this->assertEquals(API_KEY_ORGANIZATION, $decoded->getType()); - $this->assertEquals(User::ROLE_APPS, $decoded->getRole()); + $this->assertEquals(User::ROLE_KEYS, $decoded->getRole()); $this->assertEquals($scopes, $decoded->getScopes()); $this->assertEquals('Organization key', $decoded->getName()); @@ -336,7 +336,7 @@ class KeyTest extends TestCase $this->assertEquals($teamId, $decoded->getTeamId()); $this->assertEquals('', $decoded->getUserId()); $this->assertEquals(API_KEY_ORGANIZATION, $decoded->getType()); - $this->assertEquals(User::ROLE_APPS, $decoded->getRole()); + $this->assertEquals(User::ROLE_KEYS, $decoded->getRole()); $this->assertEquals($scopes, $decoded->getScopes()); $this->assertEquals('Organization key', $decoded->getName()); } diff --git a/tests/unit/Utopia/Database/Documents/UserTest.php b/tests/unit/Utopia/Database/Documents/UserTest.php index b3638e7d3a..5bd73db132 100644 --- a/tests/unit/Utopia/Database/Documents/UserTest.php +++ b/tests/unit/Utopia/Database/Documents/UserTest.php @@ -179,11 +179,11 @@ class UserTest extends TestCase $this->assertEquals(true, $user->isPrivileged([User::ROLE_ADMIN])); $this->assertEquals(true, $user->isPrivileged([User::ROLE_DEVELOPER])); $this->assertEquals(true, $user->isPrivileged([User::ROLE_OWNER])); - $this->assertEquals(false, $user->isPrivileged([User::ROLE_APPS])); + $this->assertEquals(false, $user->isPrivileged([User::ROLE_KEYS])); $this->assertEquals(false, $user->isPrivileged([User::ROLE_SYSTEM])); - $this->assertEquals(false, $user->isPrivileged([User::ROLE_APPS, User::ROLE_APPS])); - $this->assertEquals(false, $user->isPrivileged([User::ROLE_APPS, Role::guests()->toString()])); + $this->assertEquals(false, $user->isPrivileged([User::ROLE_KEYS, User::ROLE_KEYS])); + $this->assertEquals(false, $user->isPrivileged([User::ROLE_KEYS, Role::guests()->toString()])); $this->assertEquals(true, $user->isPrivileged([User::ROLE_OWNER, Role::guests()->toString()])); $this->assertEquals(true, $user->isPrivileged([User::ROLE_OWNER, User::ROLE_ADMIN, User::ROLE_DEVELOPER])); } @@ -192,19 +192,19 @@ class UserTest extends TestCase { $user = new User(); - $this->assertEquals(false, $user->isApp([])); - $this->assertEquals(false, $user->isApp([Role::guests()->toString()])); - $this->assertEquals(false, $user->isApp([Role::users()->toString()])); - $this->assertEquals(false, $user->isApp([User::ROLE_ADMIN])); - $this->assertEquals(false, $user->isApp([User::ROLE_DEVELOPER])); - $this->assertEquals(false, $user->isApp([User::ROLE_OWNER])); - $this->assertEquals(true, $user->isApp([User::ROLE_APPS])); - $this->assertEquals(false, $user->isApp([User::ROLE_SYSTEM])); + $this->assertEquals(false, $user->isKey([])); + $this->assertEquals(false, $user->isKey([Role::guests()->toString()])); + $this->assertEquals(false, $user->isKey([Role::users()->toString()])); + $this->assertEquals(false, $user->isKey([User::ROLE_ADMIN])); + $this->assertEquals(false, $user->isKey([User::ROLE_DEVELOPER])); + $this->assertEquals(false, $user->isKey([User::ROLE_OWNER])); + $this->assertEquals(true, $user->isKey([User::ROLE_KEYS])); + $this->assertEquals(false, $user->isKey([User::ROLE_SYSTEM])); - $this->assertEquals(true, $user->isApp([User::ROLE_APPS, User::ROLE_APPS])); - $this->assertEquals(true, $user->isApp([User::ROLE_APPS, Role::guests()->toString()])); - $this->assertEquals(false, $user->isApp([User::ROLE_OWNER, Role::guests()->toString()])); - $this->assertEquals(false, $user->isApp([User::ROLE_OWNER, User::ROLE_ADMIN, User::ROLE_DEVELOPER])); + $this->assertEquals(true, $user->isKey([User::ROLE_KEYS, User::ROLE_KEYS])); + $this->assertEquals(true, $user->isKey([User::ROLE_KEYS, Role::guests()->toString()])); + $this->assertEquals(false, $user->isKey([User::ROLE_OWNER, Role::guests()->toString()])); + $this->assertEquals(false, $user->isKey([User::ROLE_OWNER, User::ROLE_ADMIN, User::ROLE_DEVELOPER])); } public function testGuestRoles(): void @@ -327,7 +327,7 @@ class UserTest extends TestCase public function testAppUserRoles(): void { - $this->getAuthorization()->addRole(User::ROLE_APPS); + $this->getAuthorization()->addRole(User::ROLE_KEYS); $user = new User([ '$id' => ID::custom('123'), 'memberships' => [ From 39aeecc58cd48fe5195b40d28e888f1b1d033f2f Mon Sep 17 00:00:00 2001 From: Damodar Lohani Date: Mon, 18 May 2026 05:52:24 +0000 Subject: [PATCH 81/84] fix(audits): drop removed 'location' field from event payload (utopia-php/audit 2.4 schema) --- src/Appwrite/Platform/Workers/Audits.php | 1 - 1 file changed, 1 deletion(-) diff --git a/src/Appwrite/Platform/Workers/Audits.php b/src/Appwrite/Platform/Workers/Audits.php index 07d91ce009..09863b8626 100644 --- a/src/Appwrite/Platform/Workers/Audits.php +++ b/src/Appwrite/Platform/Workers/Audits.php @@ -100,7 +100,6 @@ class Audits extends Action 'resource' => $resource, 'userAgent' => $userAgent, 'ip' => $ip, - 'location' => '', 'data' => [ 'userId' => $actorUserId, 'userName' => $actorUserName, From 5f63100f4c639ef246b0a40793eafd5144422501 Mon Sep 17 00:00:00 2001 From: Damodar Lohani Date: Wed, 20 May 2026 05:16:37 +0000 Subject: [PATCH 82/84] fix(presences): rename isApp() callers to isKey() (new files from upstream 1.9.x merge) --- src/Appwrite/Platform/Modules/Presences/HTTP/Update.php | 2 +- src/Appwrite/Platform/Modules/Presences/HTTP/Upsert.php | 2 +- src/Appwrite/Presences/State.php | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/Appwrite/Platform/Modules/Presences/HTTP/Update.php b/src/Appwrite/Platform/Modules/Presences/HTTP/Update.php index 5387d3a91e..376359717b 100644 --- a/src/Appwrite/Platform/Modules/Presences/HTTP/Update.php +++ b/src/Appwrite/Platform/Modules/Presences/HTTP/Update.php @@ -128,7 +128,7 @@ class Update extends PlatformAction Event $queueForEvents ): void { $presenceState = new PresenceState(); - $isAPIKey = $user->isApp($authorization->getRoles()); + $isAPIKey = $user->isKey($authorization->getRoles()); $isPrivilegedUser = $user->isPrivileged($authorization->getRoles()); if ($userId && !$isAPIKey && !$isPrivilegedUser) { diff --git a/src/Appwrite/Platform/Modules/Presences/HTTP/Upsert.php b/src/Appwrite/Platform/Modules/Presences/HTTP/Upsert.php index c85cb15f17..be658adbd1 100644 --- a/src/Appwrite/Platform/Modules/Presences/HTTP/Upsert.php +++ b/src/Appwrite/Platform/Modules/Presences/HTTP/Upsert.php @@ -128,7 +128,7 @@ class Upsert extends PlatformAction Event $queueForEvents, Context $usage ): void { - $isAPIKey = $user->isApp($authorization->getRoles()); + $isAPIKey = $user->isKey($authorization->getRoles()); $isPrivilegedUser = $user->isPrivileged($authorization->getRoles()); if ($userId && !$isAPIKey && !$isPrivilegedUser) { throw new Exception(Exception::GENERAL_UNAUTHORIZED_SCOPE, "userId is not allowed for non-API key and non-privileged users"); diff --git a/src/Appwrite/Presences/State.php b/src/Appwrite/Presences/State.php index 19e7dc98b7..e7c51dec87 100644 --- a/src/Appwrite/Presences/State.php +++ b/src/Appwrite/Presences/State.php @@ -48,7 +48,7 @@ class State $permissions[] = (new Permission($permission, 'user', $ownerOverride))->toString(); } } else { - $isAPIKey = $user->isApp($authorization->getRoles()); + $isAPIKey = $user->isKey($authorization->getRoles()); $isPrivilegedUser = $user->isPrivileged($authorization->getRoles()); $permissions = Permission::aggregate($permissions, $allowedPermissions); From 3fc5fd8fcf5eaa048841faca1cf9242b20052d39 Mon Sep 17 00:00:00 2001 From: Damodar Lohani Date: Sun, 24 May 2026 03:08:25 +0000 Subject: [PATCH 83/84] chore: bump appwrite/php-runtimes to 0.20.1 --- composer.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/composer.lock b/composer.lock index 79b7db5389..db5b8fa09d 100644 --- a/composer.lock +++ b/composer.lock @@ -161,16 +161,16 @@ }, { "name": "appwrite/php-runtimes", - "version": "0.20.0", + "version": "0.20.1", "source": { "type": "git", "url": "https://github.com/appwrite/runtimes.git", - "reference": "7d9b7f4eef5c0a142a60907b06de2219d025c5c3" + "reference": "e9213dfe9fff1b67de77aa61dbcae5f4ca10b6d6" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/appwrite/runtimes/zipball/7d9b7f4eef5c0a142a60907b06de2219d025c5c3", - "reference": "7d9b7f4eef5c0a142a60907b06de2219d025c5c3", + "url": "https://api.github.com/repos/appwrite/runtimes/zipball/e9213dfe9fff1b67de77aa61dbcae5f4ca10b6d6", + "reference": "e9213dfe9fff1b67de77aa61dbcae5f4ca10b6d6", "shasum": "" }, "require": { @@ -210,9 +210,9 @@ ], "support": { "issues": "https://github.com/appwrite/runtimes/issues", - "source": "https://github.com/appwrite/runtimes/tree/0.20.0" + "source": "https://github.com/appwrite/runtimes/tree/0.20.1" }, - "time": "2026-05-01T07:47:07+00:00" + "time": "2026-05-24T03:00:39+00:00" }, { "name": "brick/math", From d6ca57d0089d8a0d74972d5871e99ece2686d4c3 Mon Sep 17 00:00:00 2001 From: Damodar Lohani Date: Mon, 25 May 2026 06:36:25 +0000 Subject: [PATCH 84/84] fix(uploads): reset queueForEvents on idempotent chunked-upload retry The early-return branches added in #12138 for already-complete chunked uploads bypass the trailing $queueForEvents->setParam('bucketId', ...) calls. The action returns cleanly, the shutdown hook then calls Event::generateEvents with empty params, throws \InvalidArgumentException, and the error handler maps it to HTTP 500. Reset the queue on each early-return path so the shutdown short-circuits on the empty event string -- the resource was created on a previous request and that request already fired the event; replaying it would double-trigger webhooks/functions. Applied to Storage Files Create, Functions Deployments Create, and Sites Deployments Create -- all three endpoints share the same pattern introduced by #12138. Co-Authored-By: Claude Opus 4.7 (1M context) --- .../Platform/Modules/Functions/Http/Deployments/Create.php | 3 +++ .../Platform/Modules/Sites/Http/Deployments/Create.php | 3 +++ .../Platform/Modules/Storage/Http/Buckets/Files/Create.php | 3 +++ 3 files changed, 9 insertions(+) diff --git a/src/Appwrite/Platform/Modules/Functions/Http/Deployments/Create.php b/src/Appwrite/Platform/Modules/Functions/Http/Deployments/Create.php index 9af5491598..25863d424c 100644 --- a/src/Appwrite/Platform/Modules/Functions/Http/Deployments/Create.php +++ b/src/Appwrite/Platform/Modules/Functions/Http/Deployments/Create.php @@ -227,6 +227,7 @@ class Create extends Action } if ($completed) { + $queueForEvents->reset(); return; } @@ -249,6 +250,8 @@ class Create extends Action $metadata = \array_merge($deployment->getAttribute('sourceMetadata', []), $metadata); if ($uploaded === $chunks) { + $queueForEvents->reset(); + $response ->setStatusCode(Response::STATUS_CODE_ACCEPTED) ->dynamic($deployment, Response::MODEL_DEPLOYMENT); diff --git a/src/Appwrite/Platform/Modules/Sites/Http/Deployments/Create.php b/src/Appwrite/Platform/Modules/Sites/Http/Deployments/Create.php index d27755d106..5fd724346c 100644 --- a/src/Appwrite/Platform/Modules/Sites/Http/Deployments/Create.php +++ b/src/Appwrite/Platform/Modules/Sites/Http/Deployments/Create.php @@ -227,6 +227,7 @@ class Create extends Action } if ($completed) { + $queueForEvents->reset(); return; } @@ -257,6 +258,8 @@ class Create extends Action $metadata = \array_merge($deployment->getAttribute('sourceMetadata', []), $metadata); if ($uploaded === $chunks) { + $queueForEvents->reset(); + $response ->setStatusCode(Response::STATUS_CODE_ACCEPTED) ->dynamic($deployment, Response::MODEL_DEPLOYMENT); diff --git a/src/Appwrite/Platform/Modules/Storage/Http/Buckets/Files/Create.php b/src/Appwrite/Platform/Modules/Storage/Http/Buckets/Files/Create.php index 95ef2cbe28..348b19c039 100644 --- a/src/Appwrite/Platform/Modules/Storage/Http/Buckets/Files/Create.php +++ b/src/Appwrite/Platform/Modules/Storage/Http/Buckets/Files/Create.php @@ -320,6 +320,7 @@ class Create extends Action } if ($completed) { + $queueForEvents->reset(); return; } @@ -337,6 +338,8 @@ class Create extends Action throw new Exception(Exception::STORAGE_FILE_ALREADY_EXISTS); } + $queueForEvents->reset(); + $response ->setStatusCode(Response::STATUS_CODE_OK) ->dynamic($file, Response::MODEL_FILE);