Resolve conflicts in app/controllers/api/account.php by keeping HEAD's
GeoRecord injection (the branch's core feature) and adopting main's Bus
pattern for session alerts:
- Drop the local sendSessionAlert() helper function; session alerts are
now dispatched via Bus
- $createSession signature: replace Mail $queueForMails with Bus $bus
- Same swap in the email/password login action and the deprecated magic
URL session update action
- Two inline sendSessionAlert() calls replaced with
$bus->dispatch(new SessionCreated(user, project, session, locale))
- Add 'use Appwrite\Bus\Events\SessionCreated;' and 'use Utopia\Bus\Bus;'
imports
- Other Mail $queueForMails injections (Magic URL, OTP, verification,
recovery emails) are unaffected — they remain on the Mail queue
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Three bugs causing storage preview cache to be ineffective:
1. Cache keys included the `token` auth parameter, so requests using
resource tokens always generated unique keys and never hit cache.
Introduced `cache.params` label for routes to opt-in specific params
into the cache key; preview now declares only the transform params.
2. Cache hits never refreshed `accessedAt` in the DB or the filesystem
file mtime, because `$response->send()` in the init hook skips the
shutdown hook. After 30 days the maintenance job evicted still-active
cache entries, and after the original 30-day filesystem TTL the cache
file expired — causing periodic full re-renders. The cache-hit path
now updates both on the APP_CACHE_UPDATE (24h) interval.
3. `updateDocument` in the preview action passed the full file document
instead of a sparse one when updating `transformedAt`.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Resolve merge conflicts:
- Adapt geo resources to use $container->set() DI pattern
- Keep GeoRecord type hints while adding domainVerification/cookieDomain params
- Remove duplicate resources already moved to request.php
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Add restart policy and logging config to appwrite-geo docker service
- Fix auth denylist condition bug (wrong parentheses) and normalize country codes
- Use geoRecord->isEu() directly instead of re-checking config in general.php
- Add array type guard for geo service JSON response in resources.php
- Add getGeoForIp callable resource with per-IP caching for log endpoints
- Fix all log endpoints to look up geo per log entry IP instead of using
the viewer's geoRecord, which was returning the same country for all logs
https://claude.ai/code/session_01JUg4bHzgpHrkvZdPeKsTVM
Resolve conflicts in docker-compose.yml, Documents/Logs/XList.php,
and TablesDB/Rows/Logs/XList.php. Keep geoRecord (new geo service)
while integrating getDatabasesDB from 1.9.x. Fix 6 additional
auto-merged files that incorrectly used geodb/locale instead of
geoRecord.
https://claude.ai/code/session_01Pp3FnMwnJqph6ohBatUFYL
- general.php: add instanceof guard in error handler to prevent calling
isPrivileged() on a plain Document if getResource('user') returns
an unexpected type
- graphql.php: add setUser() calls on request/response in graphql group
init so sensitive field filtering works correctly for GraphQL routes
- api.php: fix session group init type hint from Document to User for
consistency with all other init blocks
https://claude.ai/code/session_01JLPDurUgyj7qViA8JqQFTH
All call sites now use $user->isApp() and $user->isPrivileged() instance
syntax instead of static User::isApp() / $user::isPrivileged() calls.
Added setUser() to Request class for consistency with Response.
https://claude.ai/code/session_01JLPDurUgyj7qViA8JqQFTH
PHPStan correctly flagged that Document::isPrivileged() doesn't exist.
Changed type hints from Document $user to User $user in all action
signatures where $user::isPrivileged() is called, since the runtime
instance is always a User (or subclass).
https://claude.ai/code/session_01JLPDurUgyj7qViA8JqQFTH
Replace all static User::isPrivileged() calls with $user::isPrivileged()
across the codebase. Since $user is resolved via setDocumentType, this
allows subclasses to override the privilege check without CE needing to
know about downstream-specific roles.
https://claude.ai/code/session_01JLPDurUgyj7qViA8JqQFTH
Introduce granular audit user types to differentiate between regular
users, console admins, guests, and the various API key scopes.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Introduced a new API endpoint to update user impersonator capability.
- Enhanced user model to include impersonator attributes.
- Updated database schema to support impersonation.
- Implemented impersonation logic in the request handling to allow users with impersonator capability to act as other users.
- Added relevant API documentation for impersonation headers.
This feature allows users with the appropriate permissions to impersonate other users, enhancing flexibility in user management.
- Remove var_dump debug calls leaking API keys to stdout
- Stop embedding secret keys in HTML data attributes on upgrades
- Strip sensitive fields from sessionStorage install lock
- Quote hostPath in Docker Compose YAML template
- Remove stack traces from client-facing error responses
- Strip sessionSecret and traces from Status endpoint response
- Fix undefined $input variable (should be $userInput) in CLI install
- Add backtick escaping in .env template to prevent shell injection
- Add 2-hour timeout to isInstallationComplete infinite loop
- Escape user-supplied startCommand in shell strings
- Add LOCK_EX to progress file writes
- Fix typo in Upgrade.php error message
- Remove unused variable in V21 response filter
- Remove dead code in applyLockPayload after sessionStorage sanitization
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Damodar Lohani
Chirag Aggarwal
Matej Bačo
loks0n
Damodar Lohani
Claude
ArnabChatterjee20k
ArnabChatterjee20k
eldadfux
Jake Barnby