appwrite/app/controllers/api/proxy.php

<?php

use Appwrite\Event\Certificate;
use Appwrite\Event\Delete;
use Appwrite\Event\Event;
use Appwrite\Extend\Exception;
use Appwrite\Network\Validator\DNS;
use Appwrite\SDK\AuthType;
use Appwrite\SDK\ContentType;
use Appwrite\SDK\Method;
use Appwrite\SDK\Response as SDKResponse;
use Appwrite\Utopia\Database\Validator\Queries\Rules;
use Appwrite\Utopia\Response;
use Utopia\App;
use Utopia\Database\Database;
use Utopia\Database\Document;
use Utopia\Database\Exception\Query as QueryException;
use Utopia\Database\Query;
use Utopia\Database\Validator\Query\Cursor;
use Utopia\Database\Validator\UID;
use Utopia\Domains\Domain;
use Utopia\Logger\Log;
use Utopia\System\System;
use Utopia\Validator\AnyOf;
use Utopia\Validator\IP;
use Utopia\Validator\Text;

App::get('/v1/proxy/rules')
    ->groups(['api', 'proxy'])
    ->desc('List rules')
    ->label('scope', 'rules.read')
    ->label('sdk', new Method(
        namespace: 'proxy',
        group: null,
        name: 'listRules',
        description: '/docs/references/proxy/list-rules.md',
        auth: [AuthType::ADMIN],
        responses: [
            new SDKResponse(
                code: Response::STATUS_CODE_OK,
                model: Response::MODEL_PROXY_RULE_LIST,
            )
        ]
    ))
    ->param('queries', [], new Rules(), 'Array of query strings generated using the Query class provided by the SDK. [Learn more about queries](https://appwrite.io/docs/databases#querying-documents). Maximum of ' . APP_LIMIT_ARRAY_PARAMS_SIZE . ' queries are allowed, each ' . APP_LIMIT_ARRAY_ELEMENT_SIZE . ' characters long. You may filter on the following attributes: ' . implode(', ', Rules::ALLOWED_ATTRIBUTES), true)
    ->param('search', '', new Text(256), 'Search term to filter your list results. Max length: 256 chars.', true)
    ->inject('response')
    ->inject('project')
    ->inject('dbForPlatform')
    ->action(function (array $queries, string $search, Response $response, Document $project, Database $dbForPlatform) {
        try {
            $queries = Query::parseQueries($queries);
        } catch (QueryException $e) {
            throw new Exception(Exception::GENERAL_QUERY_INVALID, $e->getMessage());
        }

        if (!empty($search)) {
            $queries[] = Query::search('search', $search);
        }

        $queries[] = Query::equal('projectInternalId', [$project->getSequence()]);

        /**
         * Get cursor document if there was a cursor query, we use array_filter and reset for reference $cursor to $queries
         */
        $cursor = \array_filter($queries, function ($query) {
            return \in_array($query->getMethod(), [Query::TYPE_CURSOR_AFTER, Query::TYPE_CURSOR_BEFORE]);
        });
        $cursor = reset($cursor);
        if ($cursor) {
            /** @var Query $cursor */

            $validator = new Cursor();
            if (!$validator->isValid($cursor)) {
                throw new Exception(Exception::GENERAL_QUERY_INVALID, $validator->getDescription());
            }

            $ruleId = $cursor->getValue();
            $cursorDocument = $dbForPlatform->getDocument('rules', $ruleId);

            if ($cursorDocument->isEmpty()) {
                throw new Exception(Exception::GENERAL_CURSOR_NOT_FOUND, "Rule '{$ruleId}' for the 'cursor' value not found.");
            }

            $cursor->setValue($cursorDocument);
        }

        $filterQueries = Query::groupByType($queries)['filters'];

        $rules = $dbForPlatform->find('rules', $queries);
        foreach ($rules as $rule) {
            $certificate = $dbForPlatform->getDocument('certificates', $rule->getAttribute('certificateId', ''));
            $rule->setAttribute('logs', $certificate->getAttribute('logs', ''));
            $rule->setAttribute('renewAt', $certificate->getAttribute('renewDate', ''));
        }

        $response->dynamic(new Document([
            'rules' => $rules,
            'total' => $dbForPlatform->count('rules', $filterQueries, APP_LIMIT_COUNT),
        ]), Response::MODEL_PROXY_RULE_LIST);
    });

App::get('/v1/proxy/rules/:ruleId')
    ->groups(['api', 'proxy'])
    ->desc('Get rule')
    ->label('scope', 'rules.read')
    ->label('sdk', new Method(
        namespace: 'proxy',
        group: null,
        name: 'getRule',
        description: '/docs/references/proxy/get-rule.md',
        auth: [AuthType::ADMIN],
        responses: [
            new SDKResponse(
                code: Response::STATUS_CODE_OK,
                model: Response::MODEL_PROXY_RULE,
            )
        ]
    ))
    ->param('ruleId', '', new UID(), 'Rule ID.')
    ->inject('response')
    ->inject('project')
    ->inject('dbForPlatform')
    ->action(function (string $ruleId, Response $response, Document $project, Database $dbForPlatform) {
        $rule = $dbForPlatform->getDocument('rules', $ruleId);

        if ($rule->isEmpty() || $rule->getAttribute('projectInternalId') !== $project->getSequence()) {
            throw new Exception(Exception::RULE_NOT_FOUND);
        }

        $certificate = $dbForPlatform->getDocument('certificates', $rule->getAttribute('certificateId', ''));
        $rule->setAttribute('logs', $certificate->getAttribute('logs', ''));
        $rule->setAttribute('renewAt', $certificate->getAttribute('renewDate', ''));

        $response->dynamic($rule, Response::MODEL_PROXY_RULE);
    });

App::delete('/v1/proxy/rules/:ruleId')
    ->groups(['api', 'proxy'])
    ->desc('Delete rule')
    ->label('scope', 'rules.write')
    ->label('event', 'rules.[ruleId].delete')
    ->label('audits.event', 'rules.delete')
    ->label('audits.resource', 'rule/{request.ruleId}')
    ->label('sdk', new Method(
        namespace: 'proxy',
        group: null,
        name: 'deleteRule',
        description: '/docs/references/proxy/delete-rule.md',
        auth: [AuthType::ADMIN],
        responses: [
            new SDKResponse(
                code: Response::STATUS_CODE_NOCONTENT,
                model: Response::MODEL_NONE,
            )
        ],
        contentType: ContentType::NONE
    ))
    ->param('ruleId', '', new UID(), 'Rule ID.')
    ->inject('response')
    ->inject('project')
    ->inject('dbForPlatform')
    ->inject('queueForDeletes')
    ->inject('queueForEvents')
    ->action(function (string $ruleId, Response $response, Document $project, Database $dbForPlatform, Delete $queueForDeletes, Event $queueForEvents) {
        $rule = $dbForPlatform->getDocument('rules', $ruleId);

        if ($rule->isEmpty() || $rule->getAttribute('projectInternalId') !== $project->getSequence()) {
            throw new Exception(Exception::RULE_NOT_FOUND);
        }

        $dbForPlatform->deleteDocument('rules', $rule->getId());

        $queueForDeletes
            ->setType(DELETE_TYPE_DOCUMENT)
            ->setDocument($rule);

        $queueForEvents->setParam('ruleId', $rule->getId());

        $response->noContent();
    });

App::patch('/v1/proxy/rules/:ruleId/verification')
    ->desc('Update rule verification status')
    ->groups(['api', 'proxy'])
    ->label('scope', 'rules.write')
    ->label('event', 'rules.[ruleId].update')
    ->label('audits.event', 'rule.update')
    ->label('audits.resource', 'rule/{response.$id}')
    ->label('sdk', new Method(
        namespace: 'proxy',
        group: null,
        name: 'updateRuleVerification',
        description: '/docs/references/proxy/update-rule-verification.md',
        auth: [AuthType::ADMIN],
        responses: [
            new SDKResponse(
                code: Response::STATUS_CODE_OK,
                model: Response::MODEL_PROXY_RULE,
            )
        ]
    ))
    ->param('ruleId', '', new UID(), 'Rule ID.')
    ->inject('response')
    ->inject('queueForCertificates')
    ->inject('queueForEvents')
    ->inject('project')
    ->inject('dbForPlatform')
    ->inject('log')
    ->action(function (string $ruleId, Response $response, Certificate $queueForCertificates, Event $queueForEvents, Document $project, Database $dbForPlatform, Log $log) {
        $rule = $dbForPlatform->getDocument('rules', $ruleId);

        if ($rule->isEmpty() || $rule->getAttribute('projectInternalId') !== $project->getSequence()) {
            throw new Exception(Exception::RULE_NOT_FOUND);
        }

        $targetCNAME = null;
        switch ($rule->getAttribute('type', '')) {
            case 'api':
                // For example: fra.cloud.appwrite.io
                $targetCNAME = new Domain(System::getEnv('_APP_DOMAIN_TARGET_CNAME', ''));
                break;
            case 'redirect':
                // For example: appwrite.network
                $targetCNAME = new Domain(System::getEnv('_APP_DOMAIN_SITES', ''));
                break;
            case 'deployment':
                switch ($rule->getAttribute('deploymentResourceType', '')) {
                    case 'function':
                        // For example: fra.appwrite.run
                        $targetCNAME = new Domain(System::getEnv('_APP_DOMAIN_FUNCTIONS', ''));
                        break;
                    case 'site':
                        // For example: appwrite.network
                        $targetCNAME = new Domain(System::getEnv('_APP_DOMAIN_SITES', ''));
                        break;
                    default:
                        break;
                }
                // no break
            default:
                break;
        }

        $validators = [];

        if (!is_null($targetCNAME)) {
            if ($targetCNAME->isKnown() && !$targetCNAME->isTest()) {
                $validators[] = new DNS($targetCNAME->get(), DNS::RECORD_CNAME);
            }
        }

        if ((new IP(IP::V4))->isValid(System::getEnv('_APP_DOMAIN_TARGET_A', ''))) {
            $validators[] = new DNS(System::getEnv('_APP_DOMAIN_TARGET_A', ''), DNS::RECORD_A);
        }
        if ((new IP(IP::V6))->isValid(System::getEnv('_APP_DOMAIN_TARGET_AAAA', ''))) {
            $validators[] = new DNS(System::getEnv('_APP_DOMAIN_TARGET_AAAA', ''), DNS::RECORD_AAAA);
        }

        if (empty($validators)) {
            throw new Exception(Exception::GENERAL_SERVER_ERROR, 'At least one of domain targets environment variable must be configured.');
        }

        if ($rule->getAttribute('verification') === true) {
            return $response->dynamic($rule, Response::MODEL_PROXY_RULE);
        }

        $validator = new AnyOf($validators, AnyOf::TYPE_STRING);
        $domain = new Domain($rule->getAttribute('domain', ''));

        $validationStart = \microtime(true);
        if (!$validator->isValid($domain->get())) {
            $log->addExtra('dnsTiming', \strval(\microtime(true) - $validationStart));
            $log->addTag('dnsDomain', $domain->get());

            $errors = [];
            foreach ($validators as $validator) {
                if (!empty($validator->getLogs())) {
                    $errors[] = $validator->getLogs();
                }
            }

            $error = \implode("\n", $errors);
            $log->addExtra('dnsResponse', \is_array($error) ? \json_encode($error) : \strval($error));

            throw new Exception(Exception::RULE_VERIFICATION_FAILED);
        }

        // Ensure CAA won't block certificate issuance
        if (!empty(System::getEnv('_APP_DOMAIN_TARGET_CAA', ''))) {
            $validationStart = \microtime(true);
            $validator = new DNS(System::getEnv('_APP_DOMAIN_TARGET_CAA', ''), DNS::RECORD_CAA);
            if (!$validator->isValid($domain->get())) {
                $log->addExtra('dnsTimingCaa', \strval(\microtime(true) - $validationStart));
                $log->addTag('dnsDomain', $domain->get());
                $error = $validator->getDescription();
                $log->addExtra('dnsResponse', \is_array($error) ? \json_encode($error) : \strval($error));
                throw new Exception(Exception::RULE_VERIFICATION_FAILED, 'Domain verification failed because CAA records do not allow certainly.com to issue certificates.');
            }
        }

        $dbForPlatform->updateDocument('rules', $rule->getId(), $rule->setAttribute('status', 'verifying'));

        // Issue a TLS certificate when domain is verified
        $queueForCertificates
            ->setDomain(new Document([
                'domain' => $rule->getAttribute('domain'),
                'domainType' => $rule->getAttribute('deploymentResourceType', $rule->getAttribute('type')),
            ]))
            ->trigger();

        $queueForEvents->setParam('ruleId', $rule->getId());

        $certificate = $dbForPlatform->getDocument('certificates', $rule->getAttribute('certificateId', ''));
        $rule->setAttribute('logs', $certificate->getAttribute('logs', ''));

        $response->dynamic($rule, Response::MODEL_PROXY_RULE);
    });
Implement rules 2023-03-08 18:30:01 +00:00			`<?php`

			`use Appwrite\Event\Certificate;`
			`use Appwrite\Event\Delete;`
			`use Appwrite\Event\Event;`
			`use Appwrite\Extend\Exception;`
Implement A/AAAA custom domain support 2025-04-08 14:48:50 +00:00			`use Appwrite\Network\Validator\DNS;`
Implement new SDK Class on 1.6.x 2025-01-17 04:31:39 +00:00			`use Appwrite\SDK\AuthType;`
			`use Appwrite\SDK\ContentType;`
			`use Appwrite\SDK\Method;`
			`use Appwrite\SDK\Response as SDKResponse;`
Implement rules 2023-03-08 18:30:01 +00:00			`use Appwrite\Utopia\Database\Validator\Queries\Rules;`
			`use Appwrite\Utopia\Response;`
Revert "Feat adding coroutines" 2024-10-08 07:54:40 +00:00			`use Utopia\App;`
Implement rules 2023-03-08 18:30:01 +00:00			`use Utopia\Database\Database;`
			`use Utopia\Database\Document;`
parseQueries 2024-02-12 16:02:04 +00:00			`use Utopia\Database\Exception\Query as QueryException;`
Implement rules 2023-03-08 18:30:01 +00:00			`use Utopia\Database\Query;`
Validate cursor queries to avoid getDocument type error 2024-10-17 05:41:24 +00:00			`use Utopia\Database\Validator\Query\Cursor;`
Implement rules 2023-03-08 18:30:01 +00:00			`use Utopia\Database\Validator\UID;`
			`use Utopia\Domains\Domain;`
Merge main 2024-02-12 01:18:19 +00:00			`use Utopia\Logger\Log;`
Fix format 2024-04-01 11:08:46 +00:00			`use Utopia\System\System;`
Implement A/AAAA custom domain support 2025-04-08 14:48:50 +00:00			`use Utopia\Validator\AnyOf;`
			`use Utopia\Validator\IP;`
Revert "Feat adding coroutines" 2024-10-08 07:54:40 +00:00			`use Utopia\Validator\Text;`
Implement rules 2023-03-08 18:30:01 +00:00
Revert "Feat adding coroutines" 2024-10-08 07:54:40 +00:00			`App::get('/v1/proxy/rules')`
Implement rules 2023-03-08 18:30:01 +00:00			`->groups(['api', 'proxy'])`
Change API reference endpoints to sentence casing 2024-09-03 16:22:30 +00:00			`->desc('List rules')`
Implement rules 2023-03-08 18:30:01 +00:00			`->label('scope', 'rules.read')`
Implement new SDK Class on 1.6.x 2025-01-17 04:31:39 +00:00			`->label('sdk', new Method(`
			`namespace: 'proxy',`
chore: make group nullable and remove it from endpoints where its not required 2025-04-12 06:41:57 +00:00			`group: null,`
Implement new SDK Class on 1.6.x 2025-01-17 04:31:39 +00:00			`name: 'listRules',`
			`description: '/docs/references/proxy/list-rules.md',`
			`auth: [AuthType::ADMIN],`
			`responses: [`
			`new SDKResponse(`
			`code: Response::STATUS_CODE_OK,`
			`model: Response::MODEL_PROXY_RULE_LIST,`
			`)`
			`]`
			`))`
Implement rules 2023-03-08 18:30:01 +00:00			`->param('queries', [], new Rules(), 'Array of query strings generated using the Query class provided by the SDK. [Learn more about queries](https://appwrite.io/docs/databases#querying-documents). Maximum of ' . APP_LIMIT_ARRAY_PARAMS_SIZE . ' queries are allowed, each ' . APP_LIMIT_ARRAY_ELEMENT_SIZE . ' characters long. You may filter on the following attributes: ' . implode(', ', Rules::ALLOWED_ATTRIBUTES), true)`
			`->param('search', '', new Text(256), 'Search term to filter your list results. Max length: 256 chars.', true)`
			`->inject('response')`
			`->inject('project')`
chore: replace occurrences of dbForConsole to dbForPlatform 2024-12-12 10:30:26 +00:00			`->inject('dbForPlatform')`
			`->action(function (array $queries, string $search, Response $response, Document $project, Database $dbForPlatform) {`
parseQueries 2024-02-12 16:02:04 +00:00			`try {`
			`$queries = Query::parseQueries($queries);`
			`} catch (QueryException $e) {`
			`throw new Exception(Exception::GENERAL_QUERY_INVALID, $e->getMessage());`
			`}`
Implement rules 2023-03-08 18:30:01 +00:00
			`if (!empty($search)) {`
			`$queries[] = Query::search('search', $search);`
			`}`

Internal ID -> sequence 2025-05-26 05:42:11 +00:00			`$queries[] = Query::equal('projectInternalId', [$project->getSequence()]);`
Implement rules 2023-03-08 18:30:01 +00:00
fix Indexes 2024-02-12 09:55:45 +00:00			`/**`
typo 2024-02-12 10:03:31 +00:00			`* Get cursor document if there was a cursor query, we use array_filter and reset for reference $cursor to $queries`
fix Indexes 2024-02-12 09:55:45 +00:00			`*/`
			`$cursor = \array_filter($queries, function ($query) {`
			`return \in_array($query->getMethod(), [Query::TYPE_CURSOR_AFTER, Query::TYPE_CURSOR_BEFORE]);`
			`});`
Implement rules 2023-03-08 18:30:01 +00:00			`$cursor = reset($cursor);`
			`if ($cursor) {`
			`/** @var Query $cursor */`
Validate cursor queries to avoid getDocument type error 2024-10-17 05:41:24 +00:00
			`$validator = new Cursor();`
			`if (!$validator->isValid($cursor)) {`
			`throw new Exception(Exception::GENERAL_QUERY_INVALID, $validator->getDescription());`
			`}`

Implement rules 2023-03-08 18:30:01 +00:00			`$ruleId = $cursor->getValue();`
chore: replace occurrences of dbForConsole to dbForPlatform 2024-12-12 10:30:26 +00:00			`$cursorDocument = $dbForPlatform->getDocument('rules', $ruleId);`
Implement rules 2023-03-08 18:30:01 +00:00
			`if ($cursorDocument->isEmpty()) {`
			`throw new Exception(Exception::GENERAL_CURSOR_NOT_FOUND, "Rule '{$ruleId}' for the 'cursor' value not found.");`
			`}`

			`$cursor->setValue($cursorDocument);`
			`}`

			`$filterQueries = Query::groupByType($queries)['filters'];`

chore: replace occurrences of dbForConsole to dbForPlatform 2024-12-12 10:30:26 +00:00			`$rules = $dbForPlatform->find('rules', $queries);`
Add logs to rules 2023-03-13 13:35:34 +00:00			`foreach ($rules as $rule) {`
chore: replace occurrences of dbForConsole to dbForPlatform 2024-12-12 10:30:26 +00:00			`$certificate = $dbForPlatform->getDocument('certificates', $rule->getAttribute('certificateId', ''));`
Add logs to rules 2023-03-13 13:35:34 +00:00			`$rule->setAttribute('logs', $certificate->getAttribute('logs', ''));`
Update installation, certificate & repository response models 2023-06-08 15:24:27 +00:00			`$rule->setAttribute('renewAt', $certificate->getAttribute('renewDate', ''));`
Add logs to rules 2023-03-13 13:35:34 +00:00			`}`

Implement rules 2023-03-08 18:30:01 +00:00			`$response->dynamic(new Document([`
Add logs to rules 2023-03-13 13:35:34 +00:00			`'rules' => $rules,`
chore: replace occurrences of dbForConsole to dbForPlatform 2024-12-12 10:30:26 +00:00			`'total' => $dbForPlatform->count('rules', $filterQueries, APP_LIMIT_COUNT),`
Implement rules 2023-03-08 18:30:01 +00:00			`]), Response::MODEL_PROXY_RULE_LIST);`
			`});`

Revert "Feat adding coroutines" 2024-10-08 07:54:40 +00:00			`App::get('/v1/proxy/rules/:ruleId')`
Implement rules 2023-03-08 18:30:01 +00:00			`->groups(['api', 'proxy'])`
Change API reference endpoints to sentence casing 2024-09-03 16:22:30 +00:00			`->desc('Get rule')`
Implement rules 2023-03-08 18:30:01 +00:00			`->label('scope', 'rules.read')`
Implement new SDK Class on 1.6.x 2025-01-17 04:31:39 +00:00			`->label('sdk', new Method(`
			`namespace: 'proxy',`
chore: make group nullable and remove it from endpoints where its not required 2025-04-12 06:41:57 +00:00			`group: null,`
Implement new SDK Class on 1.6.x 2025-01-17 04:31:39 +00:00			`name: 'getRule',`
			`description: '/docs/references/proxy/get-rule.md',`
			`auth: [AuthType::ADMIN],`
			`responses: [`
			`new SDKResponse(`
			`code: Response::STATUS_CODE_OK,`
			`model: Response::MODEL_PROXY_RULE,`
			`)`
			`]`
			`))`
Implement rules 2023-03-08 18:30:01 +00:00			`->param('ruleId', '', new UID(), 'Rule ID.')`
			`->inject('response')`
			`->inject('project')`
chore: replace occurrences of dbForConsole to dbForPlatform 2024-12-12 10:30:26 +00:00			`->inject('dbForPlatform')`
			`->action(function (string $ruleId, Response $response, Document $project, Database $dbForPlatform) {`
			`$rule = $dbForPlatform->getDocument('rules', $ruleId);`
Implement rules 2023-03-08 18:30:01 +00:00
Internal ID -> sequence 2025-05-26 05:42:11 +00:00			`if ($rule->isEmpty() \|\| $rule->getAttribute('projectInternalId') !== $project->getSequence()) {`
Implement rules 2023-03-08 18:30:01 +00:00			`throw new Exception(Exception::RULE_NOT_FOUND);`
			`}`

chore: replace occurrences of dbForConsole to dbForPlatform 2024-12-12 10:30:26 +00:00			`$certificate = $dbForPlatform->getDocument('certificates', $rule->getAttribute('certificateId', ''));`
Add logs to rules 2023-03-13 13:35:34 +00:00			`$rule->setAttribute('logs', $certificate->getAttribute('logs', ''));`
Update installation, certificate & repository response models 2023-06-08 15:24:27 +00:00			`$rule->setAttribute('renewAt', $certificate->getAttribute('renewDate', ''));`
Add logs to rules 2023-03-13 13:35:34 +00:00
Implement rules 2023-03-08 18:30:01 +00:00			`$response->dynamic($rule, Response::MODEL_PROXY_RULE);`
			`});`

Revert "Feat adding coroutines" 2024-10-08 07:54:40 +00:00			`App::delete('/v1/proxy/rules/:ruleId')`
Implement rules 2023-03-08 18:30:01 +00:00			`->groups(['api', 'proxy'])`
Change API reference endpoints to sentence casing 2024-09-03 16:22:30 +00:00			`->desc('Delete rule')`
Implement rules 2023-03-08 18:30:01 +00:00			`->label('scope', 'rules.write')`
			`->label('event', 'rules.[ruleId].delete')`
Update console version, fix docs. 2023-07-13 11:42:04 +00:00			`->label('audits.event', 'rules.delete')`
Implement rules 2023-03-08 18:30:01 +00:00			`->label('audits.resource', 'rule/{request.ruleId}')`
Implement new SDK Class on 1.6.x 2025-01-17 04:31:39 +00:00			`->label('sdk', new Method(`
			`namespace: 'proxy',`
chore: make group nullable and remove it from endpoints where its not required 2025-04-12 06:41:57 +00:00			`group: null,`
Implement new SDK Class on 1.6.x 2025-01-17 04:31:39 +00:00			`name: 'deleteRule',`
			`description: '/docs/references/proxy/delete-rule.md',`
			`auth: [AuthType::ADMIN],`
			`responses: [`
			`new SDKResponse(`
			`code: Response::STATUS_CODE_NOCONTENT,`
			`model: Response::MODEL_NONE,`
			`)`
			`],`
			`contentType: ContentType::NONE`
			`))`
Implement rules 2023-03-08 18:30:01 +00:00			`->param('ruleId', '', new UID(), 'Rule ID.')`
			`->inject('response')`
			`->inject('project')`
chore: replace occurrences of dbForConsole to dbForPlatform 2024-12-12 10:30:26 +00:00			`->inject('dbForPlatform')`
queues fixes 2023-10-19 15:28:01 +00:00			`->inject('queueForDeletes')`
			`->inject('queueForEvents')`
chore: replace occurrences of dbForConsole to dbForPlatform 2024-12-12 10:30:26 +00:00			`->action(function (string $ruleId, Response $response, Document $project, Database $dbForPlatform, Delete $queueForDeletes, Event $queueForEvents) {`
			`$rule = $dbForPlatform->getDocument('rules', $ruleId);`
Implement rules 2023-03-08 18:30:01 +00:00
Internal ID -> sequence 2025-05-26 05:42:11 +00:00			`if ($rule->isEmpty() \|\| $rule->getAttribute('projectInternalId') !== $project->getSequence()) {`
Implement rules 2023-03-08 18:30:01 +00:00			`throw new Exception(Exception::RULE_NOT_FOUND);`
			`}`

chore: replace occurrences of dbForConsole to dbForPlatform 2024-12-12 10:30:26 +00:00			`$dbForPlatform->deleteDocument('rules', $rule->getId());`
Implement rules 2023-03-08 18:30:01 +00:00
queues fixes 2023-10-19 15:28:01 +00:00			`$queueForDeletes`
Implement rules 2023-03-08 18:30:01 +00:00			`->setType(DELETE_TYPE_DOCUMENT)`
			`->setDocument($rule);`

queues fixes 2023-10-19 15:28:01 +00:00			`$queueForEvents->setParam('ruleId', $rule->getId());`
Implement rules 2023-03-08 18:30:01 +00:00
			`$response->noContent();`
			`});`

Revert "Feat adding coroutines" 2024-10-08 07:54:40 +00:00			`App::patch('/v1/proxy/rules/:ruleId/verification')`
			`->desc('Update rule verification status')`
Implement rules 2023-03-08 18:30:01 +00:00			`->groups(['api', 'proxy'])`
			`->label('scope', 'rules.write')`
Bug fixes after proxy QA 2023-03-10 12:20:24 +00:00			`->label('event', 'rules.[ruleId].update')`
			`->label('audits.event', 'rule.update')`
			`->label('audits.resource', 'rule/{response.$id}')`
Implement new SDK Class on 1.6.x 2025-01-17 04:31:39 +00:00			`->label('sdk', new Method(`
			`namespace: 'proxy',`
chore: make group nullable and remove it from endpoints where its not required 2025-04-12 06:41:57 +00:00			`group: null,`
Implement new SDK Class on 1.6.x 2025-01-17 04:31:39 +00:00			`name: 'updateRuleVerification',`
Address all missing descriptions apart from ones in projects.php 2025-01-17 07:44:25 +00:00			`description: '/docs/references/proxy/update-rule-verification.md',`
Implement new SDK Class on 1.6.x 2025-01-17 04:31:39 +00:00			`auth: [AuthType::ADMIN],`
			`responses: [`
			`new SDKResponse(`
			`code: Response::STATUS_CODE_OK,`
			`model: Response::MODEL_PROXY_RULE,`
			`)`
			`]`
			`))`
Implement rules 2023-03-08 18:30:01 +00:00			`->param('ruleId', '', new UID(), 'Rule ID.')`
			`->inject('response')`
queues fixes 2023-10-19 15:28:01 +00:00			`->inject('queueForCertificates')`
			`->inject('queueForEvents')`
Implement rules 2023-03-08 18:30:01 +00:00			`->inject('project')`
chore: replace occurrences of dbForConsole to dbForPlatform 2024-12-12 10:30:26 +00:00			`->inject('dbForPlatform')`
Merge main 2024-02-12 01:18:19 +00:00			`->inject('log')`
chore: replace occurrences of dbForConsole to dbForPlatform 2024-12-12 10:30:26 +00:00			`->action(function (string $ruleId, Response $response, Certificate $queueForCertificates, Event $queueForEvents, Document $project, Database $dbForPlatform, Log $log) {`
			`$rule = $dbForPlatform->getDocument('rules', $ruleId);`
Implement rules 2023-03-08 18:30:01 +00:00
Internal ID -> sequence 2025-05-26 05:42:11 +00:00			`if ($rule->isEmpty() \|\| $rule->getAttribute('projectInternalId') !== $project->getSequence()) {`
Implement rules 2023-03-08 18:30:01 +00:00			`throw new Exception(Exception::RULE_NOT_FOUND);`
			`}`

Fix CNAME validation 2025-05-22 08:13:12 +00:00			`$targetCNAME = null;`
			`switch ($rule->getAttribute('type', '')) {`
			`case 'api':`
			`// For example: fra.cloud.appwrite.io`
			`$targetCNAME = new Domain(System::getEnv('_APP_DOMAIN_TARGET_CNAME', ''));`
			`break;`
			`case 'redirect':`
			`// For example: appwrite.network`
			`$targetCNAME = new Domain(System::getEnv('_APP_DOMAIN_SITES', ''));`
			`break;`
			`case 'deployment':`
			`switch ($rule->getAttribute('deploymentResourceType', '')) {`
			`case 'function':`
			`// For example: fra.appwrite.run`
			`$targetCNAME = new Domain(System::getEnv('_APP_DOMAIN_FUNCTIONS', ''));`
			`break;`
			`case 'site':`
			`// For example: appwrite.network`
			`$targetCNAME = new Domain(System::getEnv('_APP_DOMAIN_SITES', ''));`
			`break;`
			`default:`
			`break;`
			`}`
			`// no break`
			`default:`
			`break;`
			`}`

Implement A/AAAA custom domain support 2025-04-08 14:48:50 +00:00			`$validators = [];`
Implement rules 2023-03-08 18:30:01 +00:00
Fix CNAME validation 2025-05-22 08:13:12 +00:00			`if (!is_null($targetCNAME)) {`
			`if ($targetCNAME->isKnown() && !$targetCNAME->isTest()) {`
			`$validators[] = new DNS($targetCNAME->get(), DNS::RECORD_CNAME);`
			`}`
Implement A/AAAA custom domain support 2025-04-08 14:48:50 +00:00			`}`
Fix CNAME validation 2025-05-22 08:13:12 +00:00
Implement A/AAAA custom domain support 2025-04-08 14:48:50 +00:00			`if ((new IP(IP::V4))->isValid(System::getEnv('_APP_DOMAIN_TARGET_A', ''))) {`
			`$validators[] = new DNS(System::getEnv('_APP_DOMAIN_TARGET_A', ''), DNS::RECORD_A);`
			`}`
			`if ((new IP(IP::V6))->isValid(System::getEnv('_APP_DOMAIN_TARGET_AAAA', ''))) {`
			`$validators[] = new DNS(System::getEnv('_APP_DOMAIN_TARGET_AAAA', ''), DNS::RECORD_AAAA);`
			`}`
Add check in proxy 2025-08-03 20:03:47 +00:00
Implement A/AAAA custom domain support 2025-04-08 14:48:50 +00:00			`if (empty($validators)) {`
			`throw new Exception(Exception::GENERAL_SERVER_ERROR, 'At least one of domain targets environment variable must be configured.');`
Implement rules 2023-03-08 18:30:01 +00:00			`}`

			`if ($rule->getAttribute('verification') === true) {`
			`return $response->dynamic($rule, Response::MODEL_PROXY_RULE);`
			`}`

Implement A/AAAA custom domain support 2025-04-08 14:48:50 +00:00			`$validator = new AnyOf($validators, AnyOf::TYPE_STRING);`
Bug fixes for proxy rule service 2023-03-10 07:42:52 +00:00			`$domain = new Domain($rule->getAttribute('domain', ''));`
Implement rules 2023-03-08 18:30:01 +00:00
Merge main 2024-02-12 01:18:19 +00:00			`$validationStart = \microtime(true);`
Bug fixes for proxy rule service 2023-03-10 07:42:52 +00:00			`if (!$validator->isValid($domain->get())) {`
Merge main 2024-02-12 01:18:19 +00:00			`$log->addExtra('dnsTiming', \strval(\microtime(true) - $validationStart));`
			`$log->addTag('dnsDomain', $domain->get());`

Implement A/AAAA custom domain support 2025-04-08 14:48:50 +00:00			`$errors = [];`
			`foreach ($validators as $validator) {`
			`if (!empty($validator->getLogs())) {`
			`$errors[] = $validator->getLogs();`
			`}`
			`}`

			`$error = \implode("\n", $errors);`
Merge main 2024-02-12 01:18:19 +00:00			`$log->addExtra('dnsResponse', \is_array($error) ? \json_encode($error) : \strval($error));`

Implement rules 2023-03-08 18:30:01 +00:00			`throw new Exception(Exception::RULE_VERIFICATION_FAILED);`
			`}`

Revert revert of CAA validation 2025-08-05 11:44:06 +00:00			`// Ensure CAA won't block certificate issuance`
			`if (!empty(System::getEnv('_APP_DOMAIN_TARGET_CAA', ''))) {`
			`$validationStart = \microtime(true);`
			`$validator = new DNS(System::getEnv('_APP_DOMAIN_TARGET_CAA', ''), DNS::RECORD_CAA);`
			`if (!$validator->isValid($domain->get())) {`
			`$log->addExtra('dnsTimingCaa', \strval(\microtime(true) - $validationStart));`
			`$log->addTag('dnsDomain', $domain->get());`
			`$error = $validator->getDescription();`
			`$log->addExtra('dnsResponse', \is_array($error) ? \json_encode($error) : \strval($error));`
			`throw new Exception(Exception::RULE_VERIFICATION_FAILED, 'Domain verification failed because CAA records do not allow certainly.com to issue certificates.');`
			`}`
			`}`

chore: replace occurrences of dbForConsole to dbForPlatform 2024-12-12 10:30:26 +00:00			`$dbForPlatform->updateDocument('rules', $rule->getId(), $rule->setAttribute('status', 'verifying'));`
Implement rules 2023-03-08 18:30:01 +00:00
			`// Issue a TLS certificate when domain is verified`
queues fixes 2023-10-19 15:28:01 +00:00			`$queueForCertificates`
Implement rules 2023-03-08 18:30:01 +00:00			`->setDomain(new Document([`
fix: send deploymentResourceType in rules verification 2025-05-22 07:58:48 +00:00			`'domain' => $rule->getAttribute('domain'),`
			`'domainType' => $rule->getAttribute('deploymentResourceType', $rule->getAttribute('type')),`
Implement rules 2023-03-08 18:30:01 +00:00			`]))`
			`->trigger();`

queues fixes 2023-10-19 15:28:01 +00:00			`$queueForEvents->setParam('ruleId', $rule->getId());`
Bug fixes after proxy QA 2023-03-10 12:20:24 +00:00
chore: replace occurrences of dbForConsole to dbForPlatform 2024-12-12 10:30:26 +00:00			`$certificate = $dbForPlatform->getDocument('certificates', $rule->getAttribute('certificateId', ''));`
Add logs to rules 2023-03-13 13:35:34 +00:00			`$rule->setAttribute('logs', $certificate->getAttribute('logs', ''));`

Implement rules 2023-03-08 18:30:01 +00:00			`$response->dynamic($rule, Response::MODEL_PROXY_RULE);`
Code formatting 2023-03-14 19:31:23 +00:00			`});`