From f905c10acca614f3340f1a1787062f021d83be16 Mon Sep 17 00:00:00 2001 From: Chirag Aggarwal Date: Tue, 6 May 2025 07:18:23 +0000 Subject: [PATCH 1/2] chore: add harden create email token endpoint --- app/controllers/api/account.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/controllers/api/account.php b/app/controllers/api/account.php index 1ffae4b25a..3169870d9c 100644 --- a/app/controllers/api/account.php +++ b/app/controllers/api/account.php @@ -2100,7 +2100,7 @@ App::post('/v1/account/tokens/email') contentType: ContentType::JSON, )) ->label('abuse-limit', 10) - ->label('abuse-key', 'url:{url},email:{param-email}') + ->label('abuse-key', ['url:{url},email:{param-email}', 'url:{url},ip:{ip}']) ->param('userId', '', new CustomId(), 'User ID. Choose a custom ID or generate a random ID with `ID.unique()`. Valid chars are a-z, A-Z, 0-9, period, hyphen, and underscore. Can\'t start with a special char. Max length is 36 chars.') ->param('email', '', new Email(), 'User email.') ->param('phrase', false, new Boolean(), 'Toggle for security phrase. If enabled, email will be send with a randomly generated phrase and the phrase will also be included in the response. Confirming phrases match increases the security of your authentication flow.', true) From 8d93a8aa099f74f29d875df4273b2bd244e2b562 Mon Sep 17 00:00:00 2001 From: Fabian Gruber Date: Tue, 6 May 2025 12:20:04 +0200 Subject: [PATCH 2/2] tasks: clean all Timers on error & shutdown --- app/cli.php | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/app/cli.php b/app/cli.php index 3a4fb844a1..fc658c5ad2 100644 --- a/app/cli.php +++ b/app/cli.php @@ -10,6 +10,7 @@ use Appwrite\Event\StatsUsage; use Appwrite\Platform\Appwrite; use Appwrite\Runtimes\Runtimes; use Executor\Executor; +use Swoole\Timer; use Utopia\Cache\Adapter\Sharding; use Utopia\Cache\Cache; use Utopia\CLI\CLI; @@ -286,6 +287,10 @@ $cli 'Task', $taskName, ]); + + Timer::clearAll(); }); +$cli->shutdown()->action(fn () => Timer::clearAll()); + $cli->run();