Follows utopia-php/http#249 migration guide to drop usage of the shims
kept for one-minor-release compat. Affected call sites switch to:
- Handler / hook context: inject 'route' (Route|null from the per-request
DI container) instead of $utopia->getRoute().
- Resource factories (init/resources/request.php): Router::matchRoute()
returning ?RouteMatch instead of $utopia->match($request).
- Error path in app/http.php: $app->getResource('routeMatch')?->route,
guarded with try/catch for the pre-dispatch error case.
- GraphQL resolver inner-request pattern (Resolvers.php): capture
getResource('routeMatch') as the original, Router::matchRoute() for
the inner URL, rebind 'route' / 'routeMatch' on the resolver container
in finally instead of setRoute($original). Http::execute() shim is
retained — the guide explicitly keeps it for this hand-built-route
case.
Redundant re-match in shared/api.php storage-cache branch removed; the
injected $route is already the current one.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Pin utopia-php/http to the refactor/coroutine-safe-dispatch branch, which
extracts per-request state into a Dispatcher + immutable RouteMatch so the
shared Http/Router/Route objects are no longer mutated under concurrent
coroutines.
Appwrite-side adjustments:
- app/controllers/shared/api.php: Route::getMatchedPath() was removed from
the library; use Route::getPath() for the /documentsdb vs /vectorsdb
substring check. Both the registered pattern and the matched path contain
the literal segment, so the behaviour is preserved.
- app/controllers/general.php: drop four $route->label('router', true)
writes. The sole reader in the wildcard 404 handler was deleted in
40beecdddc (Feb 2025); the writes were orphaned and mutated the shared
Route definition, which is now frozen under the new dispatch model.
Deprecated shims for Http::match(), Http::getRoute(), Http::setRoute() are
still honoured by the library; remaining call sites can migrate in a
follow-up pass.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Cache write hook now checks HTTP status code before writing to prevent
failed AVIF (or any other) conversions from poisoning the cache.
Bumps utopia-php/image to 0.8.5 which fixes AVIF/HEIC output by using
native Imagick instead of the deprecated magick convert shell command.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Three bugs causing storage preview cache to be ineffective:
1. Cache keys included the `token` auth parameter, so requests using
resource tokens always generated unique keys and never hit cache.
Introduced `cache.params` label for routes to opt-in specific params
into the cache key; preview now declares only the transform params.
2. Cache hits never refreshed `accessedAt` in the DB or the filesystem
file mtime, because `$response->send()` in the init hook skips the
shutdown hook. After 30 days the maintenance job evicted still-active
cache entries, and after the original 30-day filesystem TTL the cache
file expired — causing periodic full re-renders. The cache-hit path
now updates both on the APP_CACHE_UPDATE (24h) interval.
3. `updateDocument` in the preview action passed the full file document
instead of a sparse one when updating `transformedAt`.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- general.php: add instanceof guard in error handler to prevent calling
isPrivileged() on a plain Document if getResource('user') returns
an unexpected type
- graphql.php: add setUser() calls on request/response in graphql group
init so sensitive field filtering works correctly for GraphQL routes
- api.php: fix session group init type hint from Document to User for
consistency with all other init blocks
https://claude.ai/code/session_01JLPDurUgyj7qViA8JqQFTH
All call sites now use $user->isApp() and $user->isPrivileged() instance
syntax instead of static User::isApp() / $user::isPrivileged() calls.
Added setUser() to Request class for consistency with Response.
https://claude.ai/code/session_01JLPDurUgyj7qViA8JqQFTH
PHPStan correctly flagged that Document::isPrivileged() doesn't exist.
Changed type hints from Document $user to User $user in all action
signatures where $user::isPrivileged() is called, since the runtime
instance is always a User (or subclass).
https://claude.ai/code/session_01JLPDurUgyj7qViA8JqQFTH
Replace all static User::isPrivileged() calls with $user::isPrivileged()
across the codebase. Since $user is resolved via setDocumentType, this
allows subclasses to override the privilege check without CE needing to
know about downstream-specific roles.
https://claude.ai/code/session_01JLPDurUgyj7qViA8JqQFTH
Introduce granular audit user types to differentiate between regular
users, console admins, guests, and the various API key scopes.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Introduced a new API endpoint to update user impersonator capability.
- Enhanced user model to include impersonator attributes.
- Updated database schema to support impersonation.
- Implemented impersonation logic in the request handling to allow users with impersonator capability to act as other users.
- Added relevant API documentation for impersonation headers.
This feature allows users with the appropriate permissions to impersonate other users, enhancing flexibility in user management.
- Remove var_dump debug calls leaking API keys to stdout
- Stop embedding secret keys in HTML data attributes on upgrades
- Strip sensitive fields from sessionStorage install lock
- Quote hostPath in Docker Compose YAML template
- Remove stack traces from client-facing error responses
- Strip sessionSecret and traces from Status endpoint response
- Fix undefined $input variable (should be $userInput) in CLI install
- Add backtick escaping in .env template to prevent shell injection
- Add 2-hour timeout to isInstallationComplete infinite loop
- Escape user-supplied startCommand in shell strings
- Add LOCK_EX to progress file writes
- Fix typo in Upgrade.php error message
- Remove unused variable in V21 response filter
- Remove dead code in applyLockPayload after sessionStorage sanitization
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Optimize updateDocument() calls across the codebase to pass only changed
attributes as sparse Document objects rather than full documents. This is
more efficient because updateDocument() internally performs array_merge().
Changes:
- Updated 58 files to use sparse Document objects
- Added Performance Patterns section to AGENTS.md with optimization guidelines
- Applied pattern to Workers, Functions, Sites, Teams, VCS modules
- Updated app/controllers/api files (account, users, messaging)
- Updated app infrastructure files (realtime, general, init/resources, shared/api)
Exceptions maintained:
- Migration files (need full document updates by design)
- Cases with 6+ attributes (marginal benefit)
- Complex nested relationship logic
Stale in-memory project documents in ScheduleBase (and request-scoped
copies in api.php/general.php) were overwriting current DB state when
updateProjectAccess triggered. Because Database::updateDocument uses
array_merge with the passed document taking priority, cached projects
missing recent OAuth provider changes would silently disable them.
Now fetches a fresh project document from the DB before writing, so only
accessedAt is updated without clobbering other fields.
loks0n
Chirag Aggarwal
Matej Bačo
Damodar Lohani
Claude
ArnabChatterjee20k
Damodar Lohani
ArnabChatterjee20k
eldadfux
Jake Barnby