Appwrite/appwrite
1
0
Fork 0
mirror of https://github.com/appwrite/appwrite.git synced 2026-05-26 13:51:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch '1.6.x' into pla-2428

Browse Source
This commit is contained in:
Chirag Aggarwal
2025-02-07 13:25:15 +05:30
committed by GitHub
parent e6efe5b27e a7b1363644
commit 989bbbc261
28 changed files with 2024 additions and 2221 deletions
Download Patch File Download Diff File Expand all files Collapse all files
app/config/specs/open-api3-1.6.x-client.json
+28 -28
View File
@@ -4761,7 +4761,7 @@
},
"x-appwrite": {
"method": "listExecutions",
"weight": 306,
"weight": 305,
"cookies": false,
"type": "",
"deprecated": false,
@@ -4846,7 +4846,7 @@
},
"x-appwrite": {
"method": "createExecution",
"weight": 305,
"weight": 304,
"cookies": false,
"type": "",
"deprecated": false,
@@ -4960,7 +4960,7 @@
},
"x-appwrite": {
"method": "getExecution",
"weight": 307,
"weight": 306,
"cookies": false,
"type": "",
"deprecated": false,
@@ -5033,7 +5033,7 @@
},
"x-appwrite": {
"method": "query",
"weight": 331,
"weight": 330,
"cookies": false,
"type": "graphql",
"deprecated": false,
@@ -5084,7 +5084,7 @@
},
"x-appwrite": {
"method": "mutation",
"weight": 330,
"weight": 329,
"cookies": false,
"type": "graphql",
"deprecated": false,
@@ -5543,7 +5543,7 @@
},
"x-appwrite": {
"method": "createSubscriber",
"weight": 376,
"weight": 375,
"cookies": false,
"type": "",
"deprecated": false,
@@ -5625,7 +5625,7 @@
},
"x-appwrite": {
"method": "deleteSubscriber",
"weight": 380,
"weight": 379,
"cookies": false,
"type": "",
"deprecated": false,
@@ -5699,7 +5699,7 @@
},
"x-appwrite": {
"method": "listFiles",
"weight": 208,
"weight": 207,
"cookies": false,
"type": "",
"deprecated": false,
@@ -5784,7 +5784,7 @@
},
"x-appwrite": {
"method": "createFile",
"weight": 207,
"weight": 206,
"cookies": false,
"type": "upload",
"deprecated": false,
@@ -5881,7 +5881,7 @@
},
"x-appwrite": {
"method": "getFile",
"weight": 209,
"weight": 208,
"cookies": false,
"type": "",
"deprecated": false,
@@ -5952,7 +5952,7 @@
},
"x-appwrite": {
"method": "updateFile",
"weight": 214,
"weight": 213,
"cookies": false,
"type": "",
"deprecated": false,
@@ -6040,7 +6040,7 @@
},
"x-appwrite": {
"method": "deleteFile",
"weight": 215,
"weight": 214,
"cookies": false,
"type": "",
"deprecated": false,
@@ -6106,7 +6106,7 @@
},
"x-appwrite": {
"method": "getFileDownload",
"weight": 211,
"weight": 210,
"cookies": false,
"type": "location",
"deprecated": false,
@@ -6172,7 +6172,7 @@
},
"x-appwrite": {
"method": "getFilePreview",
"weight": 210,
"weight": 209,
"cookies": false,
"type": "location",
"deprecated": false,
@@ -6388,7 +6388,7 @@
},
"x-appwrite": {
"method": "getFileView",
"weight": 212,
"weight": 211,
"cookies": false,
"type": "location",
"deprecated": false,
@@ -6461,7 +6461,7 @@
},
"x-appwrite": {
"method": "list",
"weight": 219,
"weight": 218,
"cookies": false,
"type": "",
"deprecated": false,
@@ -6536,7 +6536,7 @@
},
"x-appwrite": {
"method": "create",
"weight": 218,
"weight": 217,
"cookies": false,
"type": "",
"deprecated": false,
@@ -6620,7 +6620,7 @@
},
"x-appwrite": {
"method": "get",
"weight": 220,
"weight": 219,
"cookies": false,
"type": "",
"deprecated": false,
@@ -6681,7 +6681,7 @@
},
"x-appwrite": {
"method": "updateName",
"weight": 222,
"weight": 221,
"cookies": false,
"type": "",
"deprecated": false,
@@ -6754,7 +6754,7 @@
},
"x-appwrite": {
"method": "delete",
"weight": 224,
"weight": 223,
"cookies": false,
"type": "",
"deprecated": false,
@@ -6817,7 +6817,7 @@
},
"x-appwrite": {
"method": "listMemberships",
"weight": 226,
"weight": 225,
"cookies": false,
"type": "",
"deprecated": false,
@@ -6902,7 +6902,7 @@
},
"x-appwrite": {
"method": "createMembership",
"weight": 225,
"weight": 224,
"cookies": false,
"type": "",
"deprecated": false,
@@ -7012,7 +7012,7 @@
},
"x-appwrite": {
"method": "getMembership",
"weight": 227,
"weight": 226,
"cookies": false,
"type": "",
"deprecated": false,
@@ -7083,7 +7083,7 @@
},
"x-appwrite": {
"method": "updateMembership",
"weight": 228,
"weight": 227,
"cookies": false,
"type": "",
"deprecated": false,
@@ -7169,7 +7169,7 @@
},
"x-appwrite": {
"method": "deleteMembership",
"weight": 230,
"weight": 229,
"cookies": false,
"type": "",
"deprecated": false,
@@ -7242,7 +7242,7 @@
},
"x-appwrite": {
"method": "updateMembershipStatus",
"weight": 229,
"weight": 228,
"cookies": false,
"type": "",
"deprecated": false,
@@ -7339,7 +7339,7 @@
},
"x-appwrite": {
"method": "getPrefs",
"weight": 221,
"weight": 220,
"cookies": false,
"type": "",
"deprecated": false,
@@ -7399,7 +7399,7 @@
},
"x-appwrite": {
"method": "updatePrefs",
"weight": 223,
"weight": 222,
"cookies": false,
"type": "",
"deprecated": false,
app/config/specs/open-api3-1.6.x-console.json
+249 -297
View File
File diff suppressed because it is too large Load Diff
app/config/specs/open-api3-1.6.x-server.json
+159 -208
View File
File diff suppressed because it is too large Load Diff
app/config/specs/open-api3-latest-client.json
+28 -28
View File
@@ -4761,7 +4761,7 @@
},
"x-appwrite": {
"method": "listExecutions",
"weight": 306,
"weight": 305,
"cookies": false,
"type": "",
"deprecated": false,
@@ -4846,7 +4846,7 @@
},
"x-appwrite": {
"method": "createExecution",
"weight": 305,
"weight": 304,
"cookies": false,
"type": "",
"deprecated": false,
@@ -4960,7 +4960,7 @@
},
"x-appwrite": {
"method": "getExecution",
"weight": 307,
"weight": 306,
"cookies": false,
"type": "",
"deprecated": false,
@@ -5033,7 +5033,7 @@
},
"x-appwrite": {
"method": "query",
"weight": 331,
"weight": 330,
"cookies": false,
"type": "graphql",
"deprecated": false,
@@ -5084,7 +5084,7 @@
},
"x-appwrite": {
"method": "mutation",
"weight": 330,
"weight": 329,
"cookies": false,
"type": "graphql",
"deprecated": false,
@@ -5543,7 +5543,7 @@
},
"x-appwrite": {
"method": "createSubscriber",
"weight": 376,
"weight": 375,
"cookies": false,
"type": "",
"deprecated": false,
@@ -5625,7 +5625,7 @@
},
"x-appwrite": {
"method": "deleteSubscriber",
"weight": 380,
"weight": 379,
"cookies": false,
"type": "",
"deprecated": false,
@@ -5699,7 +5699,7 @@
},
"x-appwrite": {
"method": "listFiles",
"weight": 208,
"weight": 207,
"cookies": false,
"type": "",
"deprecated": false,
@@ -5784,7 +5784,7 @@
},
"x-appwrite": {
"method": "createFile",
"weight": 207,
"weight": 206,
"cookies": false,
"type": "upload",
"deprecated": false,
@@ -5881,7 +5881,7 @@
},
"x-appwrite": {
"method": "getFile",
"weight": 209,
"weight": 208,
"cookies": false,
"type": "",
"deprecated": false,
@@ -5952,7 +5952,7 @@
},
"x-appwrite": {
"method": "updateFile",
"weight": 214,
"weight": 213,
"cookies": false,
"type": "",
"deprecated": false,
@@ -6040,7 +6040,7 @@
},
"x-appwrite": {
"method": "deleteFile",
"weight": 215,
"weight": 214,
"cookies": false,
"type": "",
"deprecated": false,
@@ -6106,7 +6106,7 @@
},
"x-appwrite": {
"method": "getFileDownload",
"weight": 211,
"weight": 210,
"cookies": false,
"type": "location",
"deprecated": false,
@@ -6172,7 +6172,7 @@
},
"x-appwrite": {
"method": "getFilePreview",
"weight": 210,
"weight": 209,
"cookies": false,
"type": "location",
"deprecated": false,
@@ -6388,7 +6388,7 @@
},
"x-appwrite": {
"method": "getFileView",
"weight": 212,
"weight": 211,
"cookies": false,
"type": "location",
"deprecated": false,
@@ -6461,7 +6461,7 @@
},
"x-appwrite": {
"method": "list",
"weight": 219,
"weight": 218,
"cookies": false,
"type": "",
"deprecated": false,
@@ -6536,7 +6536,7 @@
},
"x-appwrite": {
"method": "create",
"weight": 218,
"weight": 217,
"cookies": false,
"type": "",
"deprecated": false,
@@ -6620,7 +6620,7 @@
},
"x-appwrite": {
"method": "get",
"weight": 220,
"weight": 219,
"cookies": false,
"type": "",
"deprecated": false,
@@ -6681,7 +6681,7 @@
},
"x-appwrite": {
"method": "updateName",
"weight": 222,
"weight": 221,
"cookies": false,
"type": "",
"deprecated": false,
@@ -6754,7 +6754,7 @@
},
"x-appwrite": {
"method": "delete",
"weight": 224,
"weight": 223,
"cookies": false,
"type": "",
"deprecated": false,
@@ -6817,7 +6817,7 @@
},
"x-appwrite": {
"method": "listMemberships",
"weight": 226,
"weight": 225,
"cookies": false,
"type": "",
"deprecated": false,
@@ -6902,7 +6902,7 @@
},
"x-appwrite": {
"method": "createMembership",
"weight": 225,
"weight": 224,
"cookies": false,
"type": "",
"deprecated": false,
@@ -7012,7 +7012,7 @@
},
"x-appwrite": {
"method": "getMembership",
"weight": 227,
"weight": 226,
"cookies": false,
"type": "",
"deprecated": false,
@@ -7083,7 +7083,7 @@
},
"x-appwrite": {
"method": "updateMembership",
"weight": 228,
"weight": 227,
"cookies": false,
"type": "",
"deprecated": false,
@@ -7169,7 +7169,7 @@
},
"x-appwrite": {
"method": "deleteMembership",
"weight": 230,
"weight": 229,
"cookies": false,
"type": "",
"deprecated": false,
@@ -7242,7 +7242,7 @@
},
"x-appwrite": {
"method": "updateMembershipStatus",
"weight": 229,
"weight": 228,
"cookies": false,
"type": "",
"deprecated": false,
@@ -7339,7 +7339,7 @@
},
"x-appwrite": {
"method": "getPrefs",
"weight": 221,
"weight": 220,
"cookies": false,
"type": "",
"deprecated": false,
@@ -7399,7 +7399,7 @@
},
"x-appwrite": {
"method": "updatePrefs",
"weight": 223,
"weight": 222,
"cookies": false,
"type": "",
"deprecated": false,
app/config/specs/open-api3-latest-console.json
+249 -297
View File
File diff suppressed because it is too large Load Diff
app/config/specs/open-api3-latest-server.json
+159 -208
View File
File diff suppressed because it is too large Load Diff
app/config/specs/swagger2-1.6.x-client.json
+28 -28
View File
@@ -4927,7 +4927,7 @@
},
"x-appwrite": {
"method": "listExecutions",
"weight": 306,
"weight": 305,
"cookies": false,
"type": "",
"deprecated": false,
@@ -5009,7 +5009,7 @@
},
"x-appwrite": {
"method": "createExecution",
"weight": 305,
"weight": 304,
"cookies": false,
"type": "",
"deprecated": false,
@@ -5127,7 +5127,7 @@
},
"x-appwrite": {
"method": "getExecution",
"weight": 307,
"weight": 306,
"cookies": false,
"type": "",
"deprecated": false,
@@ -5198,7 +5198,7 @@
},
"x-appwrite": {
"method": "query",
"weight": 331,
"weight": 330,
"cookies": false,
"type": "graphql",
"deprecated": false,
@@ -5271,7 +5271,7 @@
},
"x-appwrite": {
"method": "mutation",
"weight": 330,
"weight": 329,
"cookies": false,
"type": "graphql",
"deprecated": false,
@@ -5768,7 +5768,7 @@
},
"x-appwrite": {
"method": "createSubscriber",
"weight": 376,
"weight": 375,
"cookies": false,
"type": "",
"deprecated": false,
@@ -5852,7 +5852,7 @@
},
"x-appwrite": {
"method": "deleteSubscriber",
"weight": 380,
"weight": 379,
"cookies": false,
"type": "",
"deprecated": false,
@@ -5924,7 +5924,7 @@
},
"x-appwrite": {
"method": "listFiles",
"weight": 208,
"weight": 207,
"cookies": false,
"type": "",
"deprecated": false,
@@ -6006,7 +6006,7 @@
},
"x-appwrite": {
"method": "createFile",
"weight": 207,
"weight": 206,
"cookies": false,
"type": "upload",
"deprecated": false,
@@ -6097,7 +6097,7 @@
},
"x-appwrite": {
"method": "getFile",
"weight": 209,
"weight": 208,
"cookies": false,
"type": "",
"deprecated": false,
@@ -6166,7 +6166,7 @@
},
"x-appwrite": {
"method": "updateFile",
"weight": 214,
"weight": 213,
"cookies": false,
"type": "",
"deprecated": false,
@@ -6254,7 +6254,7 @@
},
"x-appwrite": {
"method": "deleteFile",
"weight": 215,
"weight": 214,
"cookies": false,
"type": "",
"deprecated": false,
@@ -6325,7 +6325,7 @@
},
"x-appwrite": {
"method": "getFileDownload",
"weight": 211,
"weight": 210,
"cookies": false,
"type": "location",
"deprecated": false,
@@ -6396,7 +6396,7 @@
},
"x-appwrite": {
"method": "getFilePreview",
"weight": 210,
"weight": 209,
"cookies": false,
"type": "location",
"deprecated": false,
@@ -6595,7 +6595,7 @@
},
"x-appwrite": {
"method": "getFileView",
"weight": 212,
"weight": 211,
"cookies": false,
"type": "location",
"deprecated": false,
@@ -6666,7 +6666,7 @@
},
"x-appwrite": {
"method": "list",
"weight": 219,
"weight": 218,
"cookies": false,
"type": "",
"deprecated": false,
@@ -6740,7 +6740,7 @@
},
"x-appwrite": {
"method": "create",
"weight": 218,
"weight": 217,
"cookies": false,
"type": "",
"deprecated": false,
@@ -6831,7 +6831,7 @@
},
"x-appwrite": {
"method": "get",
"weight": 220,
"weight": 219,
"cookies": false,
"type": "",
"deprecated": false,
@@ -6892,7 +6892,7 @@
},
"x-appwrite": {
"method": "updateName",
"weight": 222,
"weight": 221,
"cookies": false,
"type": "",
"deprecated": false,
@@ -6966,7 +6966,7 @@
},
"x-appwrite": {
"method": "delete",
"weight": 224,
"weight": 223,
"cookies": false,
"type": "",
"deprecated": false,
@@ -7029,7 +7029,7 @@
},
"x-appwrite": {
"method": "listMemberships",
"weight": 226,
"weight": 225,
"cookies": false,
"type": "",
"deprecated": false,
@@ -7111,7 +7111,7 @@
},
"x-appwrite": {
"method": "createMembership",
"weight": 225,
"weight": 224,
"cookies": false,
"type": "",
"deprecated": false,
@@ -7225,7 +7225,7 @@
},
"x-appwrite": {
"method": "getMembership",
"weight": 227,
"weight": 226,
"cookies": false,
"type": "",
"deprecated": false,
@@ -7294,7 +7294,7 @@
},
"x-appwrite": {
"method": "updateMembership",
"weight": 228,
"weight": 227,
"cookies": false,
"type": "",
"deprecated": false,
@@ -7379,7 +7379,7 @@
},
"x-appwrite": {
"method": "deleteMembership",
"weight": 230,
"weight": 229,
"cookies": false,
"type": "",
"deprecated": false,
@@ -7450,7 +7450,7 @@
},
"x-appwrite": {
"method": "updateMembershipStatus",
"weight": 229,
"weight": 228,
"cookies": false,
"type": "",
"deprecated": false,
@@ -7545,7 +7545,7 @@
},
"x-appwrite": {
"method": "getPrefs",
"weight": 221,
"weight": 220,
"cookies": false,
"type": "",
"deprecated": false,
@@ -7605,7 +7605,7 @@
},
"x-appwrite": {
"method": "updatePrefs",
"weight": 223,
"weight": 222,
"cookies": false,
"type": "",
"deprecated": false,
app/config/specs/swagger2-1.6.x-console.json
+249 -299
View File
File diff suppressed because it is too large Load Diff
app/config/specs/swagger2-1.6.x-server.json
+159 -210
View File
File diff suppressed because it is too large Load Diff
app/config/specs/swagger2-latest-client.json
+28 -28
View File
@@ -4927,7 +4927,7 @@
},
"x-appwrite": {
"method": "listExecutions",
"weight": 306,
"weight": 305,
"cookies": false,
"type": "",
"deprecated": false,
@@ -5009,7 +5009,7 @@
},
"x-appwrite": {
"method": "createExecution",
"weight": 305,
"weight": 304,
"cookies": false,
"type": "",
"deprecated": false,
@@ -5127,7 +5127,7 @@
},
"x-appwrite": {
"method": "getExecution",
"weight": 307,
"weight": 306,
"cookies": false,
"type": "",
"deprecated": false,
@@ -5198,7 +5198,7 @@
},
"x-appwrite": {
"method": "query",
"weight": 331,
"weight": 330,
"cookies": false,
"type": "graphql",
"deprecated": false,
@@ -5271,7 +5271,7 @@
},
"x-appwrite": {
"method": "mutation",
"weight": 330,
"weight": 329,
"cookies": false,
"type": "graphql",
"deprecated": false,
@@ -5768,7 +5768,7 @@
},
"x-appwrite": {
"method": "createSubscriber",
"weight": 376,
"weight": 375,
"cookies": false,
"type": "",
"deprecated": false,
@@ -5852,7 +5852,7 @@
},
"x-appwrite": {
"method": "deleteSubscriber",
"weight": 380,
"weight": 379,
"cookies": false,
"type": "",
"deprecated": false,
@@ -5924,7 +5924,7 @@
},
"x-appwrite": {
"method": "listFiles",
"weight": 208,
"weight": 207,
"cookies": false,
"type": "",
"deprecated": false,
@@ -6006,7 +6006,7 @@
},
"x-appwrite": {
"method": "createFile",
"weight": 207,
"weight": 206,
"cookies": false,
"type": "upload",
"deprecated": false,
@@ -6097,7 +6097,7 @@
},
"x-appwrite": {
"method": "getFile",
"weight": 209,
"weight": 208,
"cookies": false,
"type": "",
"deprecated": false,
@@ -6166,7 +6166,7 @@
},
"x-appwrite": {
"method": "updateFile",
"weight": 214,
"weight": 213,
"cookies": false,
"type": "",
"deprecated": false,
@@ -6254,7 +6254,7 @@
},
"x-appwrite": {
"method": "deleteFile",
"weight": 215,
"weight": 214,
"cookies": false,
"type": "",
"deprecated": false,
@@ -6325,7 +6325,7 @@
},
"x-appwrite": {
"method": "getFileDownload",
"weight": 211,
"weight": 210,
"cookies": false,
"type": "location",
"deprecated": false,
@@ -6396,7 +6396,7 @@
},
"x-appwrite": {
"method": "getFilePreview",
"weight": 210,
"weight": 209,
"cookies": false,
"type": "location",
"deprecated": false,
@@ -6595,7 +6595,7 @@
},
"x-appwrite": {
"method": "getFileView",
"weight": 212,
"weight": 211,
"cookies": false,
"type": "location",
"deprecated": false,
@@ -6666,7 +6666,7 @@
},
"x-appwrite": {
"method": "list",
"weight": 219,
"weight": 218,
"cookies": false,
"type": "",
"deprecated": false,
@@ -6740,7 +6740,7 @@
},
"x-appwrite": {
"method": "create",
"weight": 218,
"weight": 217,
"cookies": false,
"type": "",
"deprecated": false,
@@ -6831,7 +6831,7 @@
},
"x-appwrite": {
"method": "get",
"weight": 220,
"weight": 219,
"cookies": false,
"type": "",
"deprecated": false,
@@ -6892,7 +6892,7 @@
},
"x-appwrite": {
"method": "updateName",
"weight": 222,
"weight": 221,
"cookies": false,
"type": "",
"deprecated": false,
@@ -6966,7 +6966,7 @@
},
"x-appwrite": {
"method": "delete",
"weight": 224,
"weight": 223,
"cookies": false,
"type": "",
"deprecated": false,
@@ -7029,7 +7029,7 @@
},
"x-appwrite": {
"method": "listMemberships",
"weight": 226,
"weight": 225,
"cookies": false,
"type": "",
"deprecated": false,
@@ -7111,7 +7111,7 @@
},
"x-appwrite": {
"method": "createMembership",
"weight": 225,
"weight": 224,
"cookies": false,
"type": "",
"deprecated": false,
@@ -7225,7 +7225,7 @@
},
"x-appwrite": {
"method": "getMembership",
"weight": 227,
"weight": 226,
"cookies": false,
"type": "",
"deprecated": false,
@@ -7294,7 +7294,7 @@
},
"x-appwrite": {
"method": "updateMembership",
"weight": 228,
"weight": 227,
"cookies": false,
"type": "",
"deprecated": false,
@@ -7379,7 +7379,7 @@
},
"x-appwrite": {
"method": "deleteMembership",
"weight": 230,
"weight": 229,
"cookies": false,
"type": "",
"deprecated": false,
@@ -7450,7 +7450,7 @@
},
"x-appwrite": {
"method": "updateMembershipStatus",
"weight": 229,
"weight": 228,
"cookies": false,
"type": "",
"deprecated": false,
@@ -7545,7 +7545,7 @@
},
"x-appwrite": {
"method": "getPrefs",
"weight": 221,
"weight": 220,
"cookies": false,
"type": "",
"deprecated": false,
@@ -7605,7 +7605,7 @@
},
"x-appwrite": {
"method": "updatePrefs",
"weight": 223,
"weight": 222,
"cookies": false,
"type": "",
"deprecated": false,
app/config/specs/swagger2-latest-console.json
+249 -299
View File
File diff suppressed because it is too large Load Diff
app/config/specs/swagger2-latest-server.json
+159 -210
View File
File diff suppressed because it is too large Load Diff
app/controllers/api/account.php
+8 -8
View File
@@ -21,6 +21,7 @@ use Appwrite\Event\Usage;
use Appwrite\Extend\Exception;
use Appwrite\Hooks\Hooks;
use Appwrite\Network\Validator\Email;
use Appwrite\Network\Validator\Redirect;
use Appwrite\OpenSSL\OpenSSL;
use Appwrite\SDK\AuthType;
use Appwrite\SDK\ContentType;
@@ -59,7 +60,6 @@ use Utopia\System\System;
use Utopia\Validator\ArrayList;
use Utopia\Validator\Assoc;
use Utopia\Validator\Boolean;
use Utopia\Validator\Host;
use Utopia\Validator\Text;
use Utopia\Validator\URL;
use Utopia\Validator\WhiteList;
@@ -1188,8 +1188,8 @@ App::get('/v1/account/sessions/oauth2/:provider')
->label('abuse-limit', 50)
->label('abuse-key', 'ip:{ip}')
->param('provider', '', new WhiteList(\array_keys(Config::getParam('oAuthProviders')), true), 'OAuth2 Provider. Currently, supported providers are: ' . \implode(', ', \array_keys(\array_filter(Config::getParam('oAuthProviders'), fn ($node) => (!$node['mock'])))) . '.')
->param('success', '', fn ($clients) => new Host($clients), 'URL to redirect back to your app after a successful login attempt. Only URLs from hostnames in your project\'s platform list are allowed. This requirement helps to prevent an [open redirect](https://cheatsheetseries.owasp.org/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.html) attack against your project API.', true, ['clients'])
->param('failure', '', fn ($clients) => new Host($clients), 'URL to redirect back to your app after a failed login attempt. Only URLs from hostnames in your project\'s platform list are allowed. This requirement helps to prevent an [open redirect](https://cheatsheetseries.owasp.org/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.html) attack against your project API.', true, ['clients'])
->param('success', '', fn ($hostnames, $schemes) => new Redirect($hostnames, $schemes), 'URL to redirect back to your app after a successful login attempt. Only URLs from hostnames in your project\'s platform list are allowed. This requirement helps to prevent an [open redirect](https://cheatsheetseries.owasp.org/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.html) attack against your project API.', true, ['hostnames', 'schemes'])
->param('failure', '', fn ($hostnames, $schemes) => new Redirect($hostnames, $schemes), 'URL to redirect back to your app after a failed login attempt. Only URLs from hostnames in your project\'s platform list are allowed. This requirement helps to prevent an [open redirect](https://cheatsheetseries.owasp.org/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.html) attack against your project API.', true, ['hostnames', 'schemes'])
->param('scopes', [], new ArrayList(new Text(APP_LIMIT_ARRAY_ELEMENT_SIZE), APP_LIMIT_ARRAY_PARAMS_SIZE), 'A list of custom OAuth2 scopes. Check each provider internal docs for a list of supported scopes. Maximum of ' . APP_LIMIT_ARRAY_PARAMS_SIZE . ' scopes are allowed, each ' . APP_LIMIT_ARRAY_ELEMENT_SIZE . ' characters long.', true)
->inject('request')
->inject('response')
@@ -1784,8 +1784,8 @@ App::get('/v1/account/tokens/oauth2/:provider')
->label('abuse-limit', 50)
->label('abuse-key', 'ip:{ip}')
->param('provider', '', new WhiteList(\array_keys(Config::getParam('oAuthProviders')), true), 'OAuth2 Provider. Currently, supported providers are: ' . \implode(', ', \array_keys(\array_filter(Config::getParam('oAuthProviders'), fn ($node) => (!$node['mock'])))) . '.')
->param('success', '', fn ($clients) => new Host($clients), 'URL to redirect back to your app after a successful login attempt. Only URLs from hostnames in your project\'s platform list are allowed. This requirement helps to prevent an [open redirect](https://cheatsheetseries.owasp.org/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.html) attack against your project API.', true, ['clients'])
->param('failure', '', fn ($clients) => new Host($clients), 'URL to redirect back to your app after a failed login attempt. Only URLs from hostnames in your project\'s platform list are allowed. This requirement helps to prevent an [open redirect](https://cheatsheetseries.owasp.org/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.html) attack against your project API.', true, ['clients'])
->param('success', '', fn ($hostnames, $schemes) => new Redirect($hostnames, $schemes), 'URL to redirect back to your app after a successful login attempt. Only URLs from hostnames in your project\'s platform list are allowed. This requirement helps to prevent an [open redirect](https://cheatsheetseries.owasp.org/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.html) attack against your project API.', true, ['hostnames', 'schemes'])
->param('failure', '', fn ($hostnames, $schemes) => new Redirect($hostnames, $schemes), 'URL to redirect back to your app after a failed login attempt. Only URLs from hostnames in your project\'s platform list are allowed. This requirement helps to prevent an [open redirect](https://cheatsheetseries.owasp.org/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.html) attack against your project API.', true, ['hostnames', 'schemes'])
->param('scopes', [], new ArrayList(new Text(APP_LIMIT_ARRAY_ELEMENT_SIZE), APP_LIMIT_ARRAY_PARAMS_SIZE), 'A list of custom OAuth2 scopes. Check each provider internal docs for a list of supported scopes. Maximum of ' . APP_LIMIT_ARRAY_PARAMS_SIZE . ' scopes are allowed, each ' . APP_LIMIT_ARRAY_ELEMENT_SIZE . ' characters long.', true)
->inject('request')
->inject('response')
@@ -1864,7 +1864,7 @@ App::post('/v1/account/tokens/magic-url')
->label('abuse-key', ['url:{url},email:{param-email}', 'url:{url},ip:{ip}'])
->param('userId', '', new CustomId(), 'Unique Id. Choose a custom ID or generate a random ID with `ID.unique()`. Valid chars are a-z, A-Z, 0-9, period, hyphen, and underscore. Can\'t start with a special char. Max length is 36 chars.')
->param('email', '', new Email(), 'User email.')
->param('url', '', fn ($clients) => new Host($clients), 'URL to redirect the user back to your app from the magic URL login. Only URLs from hostnames in your project platform list are allowed. This requirement helps to prevent an [open redirect](https://cheatsheetseries.owasp.org/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.html) attack against your project API.', true, ['clients'])
->param('url', '', fn ($hostnames, $schemes) => new Redirect($hostnames, $schemes), 'URL to redirect the user back to your app from the magic URL login. Only URLs from hostnames in your project platform list are allowed. This requirement helps to prevent an [open redirect](https://cheatsheetseries.owasp.org/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.html) attack against your project API.', true, ['hostnames', 'schemes'])
->param('phrase', false, new Boolean(), 'Toggle for security phrase. If enabled, email will be send with a randomly generated phrase and the phrase will also be included in the response. Confirming phrases match increases the security of your authentication flow.', true)
->inject('request')
->inject('response')
@@ -3157,7 +3157,7 @@ App::post('/v1/account/recovery')
->label('abuse-limit', 10)
->label('abuse-key', ['url:{url},email:{param-email}', 'url:{url},ip:{ip}'])
->param('email', '', new Email(), 'User email.')
->param('url', '', fn ($clients) => new Host($clients), 'URL to redirect the user back to your app from the recovery email. Only URLs from hostnames in your project platform list are allowed. This requirement helps to prevent an [open redirect](https://cheatsheetseries.owasp.org/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.html) attack against your project API.', false, ['clients'])
->param('url', '', fn ($hostnames, $schemes) => new Redirect($hostnames, $schemes), 'URL to redirect the user back to your app from the recovery email. Only URLs from hostnames in your project platform list are allowed. This requirement helps to prevent an [open redirect](https://cheatsheetseries.owasp.org/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.html) attack against your project API.', false, ['hostnames', 'schemes'])
->inject('request')
->inject('response')
->inject('user')
@@ -3432,7 +3432,7 @@ App::post('/v1/account/verification')
))
->label('abuse-limit', 10)
->label('abuse-key', 'url:{url},userId:{userId}')
->param('url', '', fn ($clients) => new Host($clients), 'URL to redirect the user back to your app from the verification email. Only URLs from hostnames in your project platform list are allowed. This requirement helps to prevent an [open redirect](https://cheatsheetseries.owasp.org/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.html) attack against your project API.', false, ['clients']) // TODO add built-in confirm page
->param('url', '', fn ($hostnames, $schemes) => new Redirect($hostnames, $schemes), 'URL to redirect the user back to your app from the verification email. Only URLs from hostnames in your project platform list are allowed. This requirement helps to prevent an [open redirect](https://cheatsheetseries.owasp.org/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.html) attack against your project API.', false, ['hostnames', 'schemes']) // TODO add built-in confirm page
->inject('request')
->inject('response')
->inject('project')
app/controllers/api/projects.php
+1 -1
View File
@@ -1741,7 +1741,7 @@ App::post('/v1/projects/:projectId/platforms')
]
))
->param('projectId', '', new UID(), 'Project unique ID.')
->param('type', null, new WhiteList([Origin::CLIENT_TYPE_WEB, Origin::CLIENT_TYPE_FLUTTER_WEB, Origin::CLIENT_TYPE_FLUTTER_IOS, Origin::CLIENT_TYPE_FLUTTER_ANDROID, Origin::CLIENT_TYPE_FLUTTER_LINUX, Origin::CLIENT_TYPE_FLUTTER_MACOS, Origin::CLIENT_TYPE_FLUTTER_WINDOWS, Origin::CLIENT_TYPE_APPLE_IOS, Origin::CLIENT_TYPE_APPLE_MACOS, Origin::CLIENT_TYPE_APPLE_WATCHOS, Origin::CLIENT_TYPE_APPLE_TVOS, Origin::CLIENT_TYPE_ANDROID, Origin::CLIENT_TYPE_UNITY, Origin::CLIENT_TYPE_REACT_NATIVE_IOS, Origin::CLIENT_TYPE_REACT_NATIVE_ANDROID], true), 'Platform type.')
->param('type', null, new WhiteList([Origin::CLIENT_TYPE_WEB, Origin::CLIENT_TYPE_FLUTTER_WEB, Origin::CLIENT_TYPE_FLUTTER_IOS, Origin::CLIENT_TYPE_FLUTTER_ANDROID, Origin::CLIENT_TYPE_FLUTTER_LINUX, Origin::CLIENT_TYPE_FLUTTER_MACOS, Origin::CLIENT_TYPE_FLUTTER_WINDOWS, Origin::CLIENT_TYPE_APPLE_IOS, Origin::CLIENT_TYPE_APPLE_MACOS, Origin::CLIENT_TYPE_APPLE_WATCHOS, Origin::CLIENT_TYPE_APPLE_TVOS, Origin::CLIENT_TYPE_ANDROID, Origin::CLIENT_TYPE_UNITY, Origin::CLIENT_TYPE_REACT_NATIVE_IOS, Origin::CLIENT_TYPE_REACT_NATIVE_ANDROID], true), 'Platform type.')
->param('name', null, new Text(128), 'Platform name. Max length: 128 chars.')
->param('key', '', new Text(256), 'Package name for Android or bundle ID for iOS or macOS. Max length: 256 chars.', true)
->param('store', '', new Text(256), 'App store or Google Play store ID. Max length: 256 chars.', true)
app/controllers/api/teams.php
+2 -2
View File
@@ -11,6 +11,7 @@ use Appwrite\Event\Messaging;
use Appwrite\Event\Usage;
use Appwrite\Extend\Exception;
use Appwrite\Network\Validator\Email;
use Appwrite\Network\Validator\Redirect;
use Appwrite\Platform\Workers\Deletes;
use Appwrite\SDK\AuthType;
use Appwrite\SDK\ContentType;
@@ -49,7 +50,6 @@ use Utopia\Locale\Locale;
use Utopia\System\System;
use Utopia\Validator\ArrayList;
use Utopia\Validator\Assoc;
use Utopia\Validator\Host;
use Utopia\Validator\Text;
use Utopia\Validator\WhiteList;
@@ -455,7 +455,7 @@ App::post('/v1/teams/:teamId/memberships')
}
return new ArrayList(new Key(), APP_LIMIT_ARRAY_PARAMS_SIZE);
}, 'Array of strings. Use this param to set the user roles in the team. A role can be any string. Learn more about [roles and permissions](https://appwrite.io/docs/permissions). Maximum of ' . APP_LIMIT_ARRAY_PARAMS_SIZE . ' roles are allowed, each 32 characters long.', false, ['project'])
->param('url', '', fn ($clients) => new Host($clients), 'URL to redirect the user back to your app from the invitation email. This parameter is not required when an API key is supplied. Only URLs from hostnames in your project platform list are allowed. This requirement helps to prevent an [open redirect](https://cheatsheetseries.owasp.org/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.html) attack against your project API.', true, ['clients']) // TODO add our own built-in confirm page
->param('url', '', fn ($hostnames, $schemes) => new Redirect($hostnames, $schemes), 'URL to redirect the user back to your app from the invitation email. This parameter is not required when an API key is supplied. Only URLs from hostnames in your project platform list are allowed. This requirement helps to prevent an [open redirect](https://cheatsheetseries.owasp.org/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.html) attack against your project API.', true, ['hostnames', 'schemes']) // TODO add our own built-in confirm page
->param('name', '', new Text(128), 'Name of the new team member. Max length: 128 chars.', true)
->inject('response')
->inject('project')
app/controllers/api/vcs.php
+2 -2
View File
@@ -288,8 +288,8 @@ App::get('/v1/vcs/github/authorize')
type: MethodType::WEBAUTH,
hide: true,
))
->param('success', '', fn ($clients) => new Host($clients), 'URL to redirect back to console after a successful installation attempt.', true, ['clients'])
->param('failure', '', fn ($clients) => new Host($clients), 'URL to redirect back to console after a failed installation attempt.', true, ['clients'])
->param('success', '', fn ($hostnames) => new Host($hostnames), 'URL to redirect back to console after a successful installation attempt.', true, ['hostnames'])
->param('failure', '', fn ($hostnames) => new Host($hostnames), 'URL to redirect back to console after a failed installation attempt.', true, ['hostnames'])
->inject('request')
->inject('response')
->inject('project')
app/controllers/general.php
+5 -4
View File
@@ -497,7 +497,7 @@ App::init()
->inject('getProjectDB')
->inject('locale')
->inject('localeCodes')
->inject('clients')
->inject('hostnames')
->inject('geodb')
->inject('queueForUsage')
->inject('queueForEvents')
@@ -505,7 +505,8 @@ App::init()
->inject('queueForFunctions')
->inject('isResourceBlocked')
->inject('previewHostname')
->action(function (App $utopia, SwooleRequest $swooleRequest, Request $request, Response $response, Document $console, Document $project, Database $dbForPlatform, callable $getProjectDB, Locale $locale, array $localeCodes, array $clients, Reader $geodb, Usage $queueForUsage, Event $queueForEvents, Certificate $queueForCertificates, Func $queueForFunctions, callable $isResourceBlocked, string $previewHostname) {
->inject('platforms')
->action(function (App $utopia, SwooleRequest $swooleRequest, Request $request, Response $response, Document $console, Document $project, Database $dbForPlatform, callable $getProjectDB, Locale $locale, array $localeCodes, array $hostnames, Reader $geodb, Usage $queueForUsage, Event $queueForEvents, Certificate $queueForCertificates, Func $queueForFunctions, callable $isResourceBlocked, string $previewHostname, array $platforms) {
/*
* Appwrite Router
*/
@@ -621,7 +622,7 @@ App::init()
$port = \parse_url($request->getOrigin($referrer), PHP_URL_PORT);
$refDomainOrigin = 'localhost';
$validator = new Hostname($clients);
$validator = new Hostname($hostnames);
if ($validator->isValid($origin)) {
$refDomainOrigin = $origin;
}
@@ -712,7 +713,7 @@ App::init()
* Skip this check for non-web platforms which are not required to send an origin header
*/
$origin = $request->getOrigin($request->getReferer(''));
$originValidator = new Origin(\array_merge($project->getAttribute('platforms', []), $console->getAttribute('platforms', [])));
$originValidator = new Origin($platforms);
if (
!$originValidator->isValid($origin)
app/controllers/mock.php
+3 -3
View File
@@ -3,6 +3,7 @@
global $utopia, $request, $response;
use Appwrite\Extend\Exception;
use Appwrite\Network\Validator\Redirect;
use Appwrite\Utopia\Request;
use Appwrite\Utopia\Response;
use Utopia\App;
@@ -14,7 +15,6 @@ use Utopia\Database\Helpers\Permission;
use Utopia\Database\Helpers\Role;
use Utopia\Database\Validator\UID;
use Utopia\System\System;
use Utopia\Validator\Host;
use Utopia\Validator\Text;
use Utopia\Validator\WhiteList;
use Utopia\VCS\Adapter\Git\GitHub;
@@ -26,7 +26,7 @@ App::get('/v1/mock/tests/general/oauth2')
->label('docs', false)
->label('mock', true)
->param('client_id', '', new Text(100), 'OAuth2 Client ID.')
->param('redirect_uri', '', new Host(['localhost']), 'OAuth2 Redirect URI.') // Important to deny an open redirect attack
->param('redirect_uri', '', new Redirect(['localhost']), 'OAuth2 Redirect URI.') // Important to deny an open redirect attack
->param('scope', '', new Text(100), 'OAuth2 scope list.')
->param('state', '', new Text(1024), 'OAuth2 state.')
->inject('response')
@@ -44,7 +44,7 @@ App::get('/v1/mock/tests/general/oauth2/token')
->param('client_id', '', new Text(100), 'OAuth2 Client ID.')
->param('client_secret', '', new Text(100), 'OAuth2 scope list.')
->param('grant_type', 'authorization_code', new WhiteList(['refresh_token', 'authorization_code']), 'OAuth2 Grant Type.', true)
->param('redirect_uri', '', new Host(['localhost']), 'OAuth2 Redirect URI.', true)
->param('redirect_uri', '', new Redirect(['localhost']), 'OAuth2 Redirect URI.', true)
->param('code', '', new Text(100), 'OAuth2 state.', true)
->param('refresh_token', '', new Text(100), 'OAuth2 refresh token.', true)
->inject('response')
app/init.php
+34 -46
View File
@@ -1191,58 +1191,46 @@ App::setResource('queueForCertificates', function (Queue\Publisher $publisher) {
App::setResource('queueForMigrations', function (Queue\Publisher $publisher) {
return new Migration($publisher);
}, ['publisher']);
App::setResource('clients', function ($request, $console, $project) {
$console->setAttribute('platforms', [ // Always allow current host
'$collection' => ID::custom('platforms'),
'name' => 'Current Host',
'type' => Origin::CLIENT_TYPE_WEB,
'hostname' => $request->getHostname(),
], Document::SET_TYPE_APPEND);
$hostnames = explode(',', System::getEnv('_APP_CONSOLE_HOSTNAMES', ''));
App::setResource('platforms', function (Document $project, Document $console) {
return [
...$project->getAttribute('platforms', []),
...$console->getAttribute('platforms', []),
];
}, ['project', 'console']);
App::setResource('hostnames', function (array $platforms) {
// Allow environment configured hostnames
$hostnames = [];
$validator = new Hostname();
foreach ($hostnames as $hostname) {
foreach (explode(',', System::getEnv('_APP_CONSOLE_HOSTNAMES', '')) as $hostname) {
$hostname = trim($hostname);
if (!$validator->isValid($hostname)) {
continue;
}
$console->setAttribute('platforms', [
'$collection' => ID::custom('platforms'),
'type' => Origin::CLIENT_TYPE_WEB,
'name' => $hostname,
'hostname' => $hostname,
], Document::SET_TYPE_APPEND);
}
/**
* Get All verified client URLs for both console and current projects
* + Filter for duplicated entries
*/
$clientsConsole = \array_map(
fn ($node) => $node['hostname'],
\array_filter(
$console->getAttribute('platforms', []),
fn ($node) => (isset($node['type']) && ($node['type'] === Origin::CLIENT_TYPE_WEB) && !empty($node['hostname']))
)
);
$clients = $clientsConsole;
$platforms = $project->getAttribute('platforms', []);
foreach ($platforms as $node) {
if (
isset($node['type']) &&
($node['type'] === Origin::CLIENT_TYPE_WEB ||
$node['type'] === Origin::CLIENT_TYPE_FLUTTER_WEB) &&
!empty($node['hostname'])
) {
$clients[] = $node['hostname'];
if ($validator->isValid($hostname)) {
$hostnames[] = $hostname;
}
}
return \array_unique($clients);
}, ['request', 'console', 'project']);
// Add database configured hostnames
foreach ($platforms as $platform) {
if (!empty($platform['hostname']) && in_array($platform['type'], [
Origin::CLIENT_TYPE_WEB,
Origin::CLIENT_TYPE_FLUTTER_WEB,
])) {
$hostnames[] = $platform['hostname'];
}
}
return \array_unique($hostnames);
}, ['platforms']);
App::setResource('schemes', function (array $platforms, Document $project) {
// Allow expo development scheme by default
$schemes = ['exp'];
// Allow `appwrite-callback-${projectId}` scheme by default
if (!empty($project) && $project->getId() !== 'console') {
$schemes[] = 'appwrite-callback-' . $project->getId();
}
return \array_unique($schemes);
}, ['platforms', 'project']);
App::setResource('user', function ($mode, $project, $console, $request, $response, $dbForProject, $dbForPlatform) {
/** @var Appwrite\Utopia\Request $request */
/** @var Appwrite\Utopia\Response $response */
src/Appwrite/Auth/OAuth2/Slack.php
+13 -14
View File
@@ -20,10 +20,9 @@ class Slack extends OAuth2
* @var array
*/
protected array $scopes = [
'identity.avatar',
'identity.basic',
'identity.email',
'identity.team'
'openid',
'email',
'profile'
];
/**
@@ -35,14 +34,15 @@ class Slack extends OAuth2
}
/**
* @link https://api.slack.com/authentication/oauth-v2
*
* @return string
*/
public function getLoginURL(): string
{
// https://api.slack.com/docs/oauth#step_1_-_sending_users_to_authorize_and_or_install
return 'https://slack.com/oauth/authorize?' . \http_build_query([
return 'https://slack.com/oauth/v2/authorize?' . \http_build_query([
'client_id' => $this->appID,
'scope' => \implode(' ', $this->getScopes()),
'user_scope' => \implode(' ', $this->getScopes()),
'redirect_uri' => $this->callback,
'state' => \json_encode($this->state)
]);
@@ -56,16 +56,15 @@ class Slack extends OAuth2
protected function getTokens(string $code): array
{
if (empty($this->tokens)) {
// https://api.slack.com/docs/oauth#step_3_-_exchanging_a_verification_code_for_an_access_token
$this->tokens = \json_decode($this->request(
'GET',
'https://slack.com/api/oauth.access?' . \http_build_query([
'https://slack.com/api/oauth.v2.access?' . \http_build_query([
'client_id' => $this->appID,
'client_secret' => $this->appSecret,
'code' => $code,
'redirect_uri' => $this->callback
])
), true);
), true)['authed_user'] ?? [];
}
return $this->tokens;
@@ -80,13 +79,13 @@ class Slack extends OAuth2
{
$this->tokens = \json_decode($this->request(
'GET',
'https://slack.com/api/oauth.access?' . \http_build_query([
'https://slack.com/api/oauth.v2.access?' . \http_build_query([
'client_id' => $this->appID,
'client_secret' => $this->appSecret,
'refresh_token' => $refreshToken,
'grant_type' => 'refresh_token'
])
), true);
), true)['authed_user'] ?? [];
if (empty($this->tokens['refresh_token'])) {
$this->tokens['refresh_token'] = $refreshToken;
@@ -161,9 +160,9 @@ class Slack extends OAuth2
if (empty($this->user)) {
$user = $this->request(
'GET',
'https://slack.com/api/users.identity?token=' . \urlencode($accessToken)
'https://slack.com/api/users.identity',
['Authorization: Bearer ' . \urlencode($accessToken)]
);
$this->user = \json_decode($user, true);
}
src/Appwrite/GraphQL/Types/Mapper.php
+1
View File
@@ -266,6 +266,7 @@ class Mapper
case 'Appwrite\Utopia\Database\Validator\CustomId':
case 'Utopia\Validator\Domain':
case 'Appwrite\Network\Validator\Email':
case 'Appwrite\Network\Validator\Redirect':
case 'Appwrite\Event\Validator\Event':
case 'Appwrite\Event\Validator\FunctionEvent':
case 'Utopia\Validator\HexColor':
src/Appwrite/Network/Validator/Redirect.php
+86
View File
@@ -0,0 +1,86 @@
<?php
namespace Appwrite\Network\Validator;
use Utopia\Validator\Host;
/**
* Redirect
*
* Validate that URL has an allowed host for redirect
*
* @package Utopia\Validator
*/
class Redirect extends Host
{
protected array $schemes = [];
/**
* @param array<string> $hostnames Allow list of allowed hostnames
* @param array<string> $schemes Allow list of allowed schemes
*/
public function __construct(array $hostnames = [], array $schemes = [])
{
$this->schemes = $schemes;
parent::__construct($hostnames);
}
/**
* Get Description
*
* Returns validator description
*
* @return string
*/
public function getDescription(): string
{
$schemes = '';
if (!empty($this->schemes)) {
$schemes = "URL scheme must be one of the following: " . implode(", ", array_map(function ($scheme) {
return "`$scheme`://";
}, $this->schemes));
}
$hostnames = '';
if (!empty($this->hostnames)) {
$hostnames = "URL hostname must be one of the following: " . implode(", ", array_map(function ($hostname) {
return "http://`$hostname`";
}, $this->hostnames));
}
return $schemes . ($schemes && $hostnames ? " or " : "") . $hostnames;
}
/**
* Is valid
*
* Validation will pass when $value is a valid URL and the host is allowed
*
* @param mixed $value
* @return bool
*/
public function isValid($value): bool
{
if (empty($value) || !\is_string($value)) {
return false;
}
// Then check for scheme
$scheme = '';
if (preg_match('/^([a-z][a-z0-9+\.-]*):\/+/i', $value, $matches)) {
$scheme = strtolower($matches[1]);
}
// These are dangerous schemes, may expose XSS vulnerabilities
if (in_array($scheme, ["javascript", "data", "blob", "file"])) {
return false;
}
// When the scheme is in the allowed list, the URL is valid.
if (!empty($this->schemes) && in_array($scheme, $this->schemes)) {
return true;
}
return parent::isValid($value);
}
}
src/Appwrite/Specification/Format/OpenAPI3.php
+1
View File
@@ -375,6 +375,7 @@ class OpenAPI3 extends Format
$node['schema']['format'] = 'email';
$node['schema']['x-example'] = 'email@example.com';
break;
case 'Appwrite\Network\Validator\Redirect':
case 'Utopia\Validator\Host':
case 'Utopia\Validator\URL':
$node['schema']['type'] = $validator->getType();
src/Appwrite/Specification/Format/Swagger2.php
+1
View File
@@ -393,6 +393,7 @@ class Swagger2 extends Format
$node['format'] = 'email';
$node['x-example'] = 'email@example.com';
break;
case 'Appwrite\Network\Validator\Redirect':
case 'Utopia\Validator\Host':
case 'Utopia\Validator\URL':
$node['type'] = $validator->getType();
src/Appwrite/Utopia/Request.php
+25
View File
@@ -2,8 +2,10 @@
namespace Appwrite\Utopia;
use Appwrite\Auth\Auth;
use Appwrite\Utopia\Request\Filter;
use Swoole\Http\Request as SwooleRequest;
use Utopia\Database\Validator\Authorization;
use Utopia\Route;
use Utopia\Swoole\Request as UtopiaRequest;
@@ -180,4 +182,27 @@ class Request extends UtopiaRequest
$headers = $this->getHeaders();
return $headers[$key] ?? $default;
}
/**
* Get User Agent
*
* Method for getting User Agent. Preferring forwarded agent for privileged users; otherwise returns default.
*
* @param string $default
* @return string
*/
public function getUserAgent(string $default = ''): string
{
$forwardedUserAgent = $this->getHeader('x-forwarded-user-agent');
if (!empty($forwardedUserAgent)) {
$roles = Authorization::getRoles();
$isAppUser = Auth::isAppUser($roles);
if ($isAppUser) {
return $forwardedUserAgent;
}
}
return UtopiaRequest::getUserAgent($default);
}
}
src/Appwrite/Utopia/Response/Model/Platform.php
+1 -1
View File
@@ -41,7 +41,7 @@ class Platform extends Model
])
->addRule('type', [
'type' => self::TYPE_STRING,
'description' => 'Platform type. Possible values are: web, flutter-web, flutter-ios, flutter-android, ios, android, and unity.',
'description' => 'Platform type. Possible values are: web, flutter-web, flutter-ios, flutter-android, ios, android, react-native-android, react-native-ios and unity.',
'default' => '',
'example' => 'web',
])
tests/e2e/Services/Account/AccountCustomClientTest.php
+54
View File
@@ -2307,6 +2307,60 @@ class AccountCustomClientTest extends Scope
$this->assertNotEmpty($response['body']['$id']);
$this->assertNotEmpty($response['body']['expire']);
$this->assertEmpty($response['body']['secret']);
$this->assertEquals('browser', $response['body']['clientType']);
$this->assertEquals('CH', $response['body']['clientCode']);
$this->assertEquals('Chrome', $response['body']['clientName']);
// Forwarded User Agent with API Key
$response = $this->client->call(Client::METHOD_POST, '/users/' . $data['id'] . '/tokens', [
'content-type' => 'application/json',
'x-appwrite-project' => $this->getProject()['$id'],
'x-appwrite-key' => $this->getProject()['apiKey'],
], [
'expire' => 60
]);
$userId = $response['body']['userId'];
$secret = $response['body']['secret'];
$response = $this->client->call(Client::METHOD_POST, '/account/sessions/token', [
'content-type' => 'application/json',
'x-appwrite-project' => $this->getProject()['$id'],
'x-appwrite-key' => $this->getProject()['apiKey'],
'x-forwarded-user-agent' => 'Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Mobile Safari/537.36'
], [
'userId' => $userId,
'secret' => $secret
]);
$this->assertEquals('browser', $response['body']['clientType']);
$this->assertEquals('CM', actual: $response['body']['clientCode']);
$this->assertEquals('Chrome Mobile', $response['body']['clientName']);
// Forwarded User Agent without API Key
$response = $this->client->call(Client::METHOD_POST, '/users/' . $data['id'] . '/tokens', [
'content-type' => 'application/json',
'x-appwrite-project' => $this->getProject()['$id'],
'x-appwrite-key' => $this->getProject()['apiKey'],
], [
'expire' => 60
]);
$userId = $response['body']['userId'];
$secret = $response['body']['secret'];
$response = $this->client->call(Client::METHOD_POST, '/account/sessions/token', [
'content-type' => 'application/json',
'x-appwrite-project' => $this->getProject()['$id'],
'x-forwarded-user-agent' => 'Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Mobile Safari/537.36'
], [
'userId' => $userId,
'secret' => $secret
]);
$this->assertEquals('browser', $response['body']['clientType']);
$this->assertEquals('CH', $response['body']['clientCode']);
$this->assertEquals('Chrome', $response['body']['clientName']);
/**
* Test for FAILURE
tests/unit/Network/Validators/RedirectTest.php
+43
View File
@@ -0,0 +1,43 @@
<?php
namespace Tests\Unit\Network\Validators;
use Appwrite\Network\Validator\Redirect;
use PHPUnit\Framework\TestCase;
class RedirectTest extends TestCase
{
public function redirectsProvider(): array
{
return [
"localhost" => [["localhost"], [], "http://localhost", true],
"localhost-no-scheme" => [["localhost"], [], "localhost", false],
"expo scheme" => [[], ["exp"], "exp://192.168.0.1", true],
"custom scheme" => [[], ["myapp"], "myapp://", true],
"custom scheme triple slash" => [[], ["myapp"], "myapp:///", true],
"scheme with special chars" => [[], ["my-app+custom.123"], "my-app+custom.123://", true],
"url https" => [["example.com"], [], "https://example.com", true],
"url http" => [["example.com"], [], "http://example.com", true],
"malformed scheme" => [[], [], "http:/example.com", false],
"invalid url" => [[], [], "example.com", false],
"invalid host" => [["notexample.com"], [], "https://example.com", false],
"javascript scheme" => [[], [], "javascript://alert(1)", false],
"javascript scheme with different case" => [[], [], "JaVaScRiPt://alert(1)", false],
"empty string" => [[], [], "", false],
];
}
/**
* @dataProvider redirectsProvider
*/
public function testIsValid(
array $hostnames,
array $schemes,
string $value,
bool $expected
): void {
$validator = new Redirect($hostnames, $schemes);
$this->assertEquals($expected, $validator->isValid($value));
}
}