appwrite/app/controllers/api/projects.php

<?php

use Appwrite\Auth\Validator\MockNumber;
use Appwrite\Extend\Exception;
use Appwrite\SDK\AuthType;
use Appwrite\SDK\Method;
use Appwrite\SDK\Response as SDKResponse;
use Appwrite\Utopia\Response;
use Utopia\Config\Config;
use Utopia\Database\Database;
use Utopia\Database\Document;
use Utopia\Database\Validator\UID;
use Utopia\Http\Http;
use Utopia\System\System;
use Utopia\Validator\ArrayList;
use Utopia\Validator\Boolean;
use Utopia\Validator\Nullable;
use Utopia\Validator\Text;
use Utopia\Validator\WhiteList;

Http::init()
    ->groups(['projects'])
    ->inject('project')
    ->action(function (Document $project) {
        if ($project->getId() !== 'console') {
            throw new Exception(Exception::GENERAL_ACCESS_FORBIDDEN);
        }
    });

Http::get('/v1/projects/:projectId')
    ->desc('Get project')
    ->groups(['api', 'projects'])
    ->label('scope', 'projects.read')
    ->label('sdk', new Method(
        namespace: 'projects',
        group: 'projects',
        name: 'get',
        description: '/docs/references/projects/get.md',
        auth: [AuthType::ADMIN],
        responses: [
            new SDKResponse(
                code: Response::STATUS_CODE_OK,
                model: Response::MODEL_PROJECT,
            )
        ]
    ))
    ->param('projectId', '', fn (Database $dbForPlatform) => new UID($dbForPlatform->getAdapter()->getMaxUIDLength()), 'Project unique ID.', false, ['dbForPlatform'])
    ->inject('response')
    ->inject('dbForPlatform')
    ->action(function (string $projectId, Response $response, Database $dbForPlatform) {

        $project = $dbForPlatform->getDocument('projects', $projectId);

        if ($project->isEmpty()) {
            throw new Exception(Exception::PROJECT_NOT_FOUND);
        }

        $response->dynamic($project, Response::MODEL_PROJECT);
    });

// Backwards compatibility
Http::patch('/v1/projects/:projectId/oauth2')
    ->desc('Update project OAuth2')
    ->groups(['api', 'projects'])
    ->label('scope', 'projects.write')
    ->param('projectId', '', fn (Database $dbForPlatform) => new UID($dbForPlatform->getAdapter()->getMaxUIDLength()), 'Project unique ID.', false, ['dbForPlatform'])
    ->param('provider', '', new WhiteList(\array_keys(Config::getParam('oAuthProviders')), true), 'Provider Name')
    ->param('appId', null, new Nullable(new Text(256)), 'Provider app ID. Max length: 256 chars.', true)
    ->param('secret', null, new Nullable(new text(512)), 'Provider secret key. Max length: 512 chars.', true)
    ->param('enabled', null, new Nullable(new Boolean()), 'Provider status. Set to \'false\' to disable new session creation.', true)
    ->inject('response')
    ->inject('dbForPlatform')
    ->action(function (string $projectId, string $provider, ?string $appId, ?string $secret, ?bool $enabled, Response $response, Database $dbForPlatform) {

        $project = $dbForPlatform->getDocument('projects', $projectId);

        if ($project->isEmpty()) {
            throw new Exception(Exception::PROJECT_NOT_FOUND);
        }

        $providers = $project->getAttribute('oAuthProviders', []);

        if ($appId !== null) {
            $providers[$provider . 'Appid'] = $appId;
        }

        if ($secret !== null) {
            $providers[$provider . 'Secret'] = $secret;
        }

        if ($enabled !== null) {
            $providers[$provider . 'Enabled'] = $enabled;
        }

        $project = $dbForPlatform->updateDocument('projects', $project->getId(), $project->setAttribute('oAuthProviders', $providers));

        $response->dynamic($project, Response::MODEL_PROJECT);
    });

// Backwards compatibility
Http::patch('/v1/projects/:projectId/auth/mock-numbers')
    ->desc('Update the mock numbers for the project')
    ->groups(['api', 'projects'])
    ->label('scope', 'projects.write')
    ->param('projectId', '', fn (Database $dbForPlatform) => new UID($dbForPlatform->getAdapter()->getMaxUIDLength()), 'Project unique ID.', false, ['dbForPlatform'])
    ->param('numbers', '', new ArrayList(new MockNumber(), 10), 'An array of mock numbers and their corresponding verification codes (OTPs). Each number should be a valid E.164 formatted phone number. Maximum of 10 numbers are allowed.')
    ->inject('response')
    ->inject('dbForPlatform')
    ->action(function (string $projectId, array $numbers, Response $response, Database $dbForPlatform) {

        $uniqueNumbers = [];
        foreach ($numbers as $number) {
            if (isset($uniqueNumbers[$number['phone']])) {
                throw new Exception(Exception::GENERAL_BAD_REQUEST, 'Duplicate phone numbers are not allowed.');
            }
            $uniqueNumbers[$number['phone']] = $number['otp'];
        }

        $project = $dbForPlatform->getDocument('projects', $projectId);

        if ($project->isEmpty()) {
            throw new Exception(Exception::PROJECT_NOT_FOUND);
        }

        $auths = $project->getAttribute('auths', []);

        $auths['mockNumbers'] = $numbers;

        $project = $dbForPlatform->updateDocument('projects', $project->getId(), $project->setAttribute('auths', $auths));

        $response->dynamic($project, Response::MODEL_PROJECT);
    });

// Backwards compatibility
Http::delete('/v1/projects/:projectId/templates/email')
    ->alias('/v1/projects/:projectId/templates/email/:type/:locale')
    ->desc('Delete custom email template')
    ->groups(['api', 'projects'])
    ->label('scope', 'projects.write')
    ->param('projectId', '', fn (Database $dbForPlatform) => new UID($dbForPlatform->getAdapter()->getMaxUIDLength()), 'Project unique ID.', false, ['dbForPlatform'])
    ->param('type', '', new WhiteList(Config::getParam('locale-templates')['email'] ?? [], true), 'Template type')
    ->param('locale', '', fn ($localeCodes) => new WhiteList($localeCodes), 'Template locale', true, ['localeCodes'])
    ->inject('response')
    ->inject('dbForPlatform')
    ->action(function (string $projectId, string $type, string $locale, Response $response, Database $dbForPlatform) {
        $locale = $locale ?: System::getEnv('_APP_LOCALE', 'en');

        $project = $dbForPlatform->getDocument('projects', $projectId);
        if ($project->isEmpty()) {
            throw new Exception(Exception::PROJECT_NOT_FOUND);
        }

        $templates = $project->getAttribute('templates', []);
        unset($templates['email.' . $type . '-' . $locale]);

        $project = $dbForPlatform->updateDocument('projects', $project->getId(), $project->setAttribute('templates', $templates));

        $response->noContent();
    });
Test for admin controllers 2019-12-14 19:33:29 +00:00			`<?php`

feat: initial commit 2024-02-11 14:51:19 +00:00			`use Appwrite\Auth\Validator\MockNumber;`
Fix project imports 2023-08-23 02:04:36 +00:00			`use Appwrite\Extend\Exception;`
Implement new SDK Class on 1.6.x 2025-01-17 04:31:39 +00:00			`use Appwrite\SDK\AuthType;`
			`use Appwrite\SDK\Method;`
			`use Appwrite\SDK\Response as SDKResponse;`
wip: new response objects 2020-08-14 21:56:50 +00:00			`use Appwrite\Utopia\Response;`
integrate abuse and audit 2021-06-07 05:17:29 +00:00			`use Utopia\Config\Config;`
project usage from appwrite db (wip) 2021-08-16 13:27:15 +00:00			`use Utopia\Database\Database;`
Work in progress - projects controller 2021-05-15 22:41:42 +00:00			`use Utopia\Database\Document;`
			`use Utopia\Database\Validator\UID;`
Upgrade utopia-php dependencies and fix namespace changes - Upgrade utopia-php/cli from 0.15 to 0.22 - Upgrade utopia-php/analytics from 0.10 to 0.15 - Upgrade utopia-php/orchestration from 0.9 to 0.19 - Use dev branches for utopia-php/framework and utopia-php/platform - Remove utopia-php/swoole dependency (merged into framework) - Migrate Utopia\CLI\Console to Utopia\Console across all files - Migrate Utopia\Http to Utopia\Http\Http namespace - Migrate Utopia\Swoole\Files to Utopia\Http\Files (now instance-based) - Convert static CLI::setResource() calls to instance-based Dependency API - Fix StatsResources task named parameter mismatch 2026-02-10 05:04:24 +00:00			`use Utopia\Http\Http;`
Fix format 2024-04-01 11:08:46 +00:00			`use Utopia\System\System;`
Revert "Feat adding coroutines" 2024-10-08 07:54:40 +00:00			`use Utopia\Validator\ArrayList;`
			`use Utopia\Validator\Boolean;`
wrap all optional values with default null with nullable 2025-11-10 04:45:49 +00:00			`use Utopia\Validator\Nullable;`
Revert "Feat adding coroutines" 2024-10-08 07:54:40 +00:00			`use Utopia\Validator\Text;`
			`use Utopia\Validator\WhiteList;`

replace app usage with http 2026-02-04 05:30:22 +00:00			`Http::init()`
implementing new Utopia hooks 2022-07-22 06:00:42 +00:00			`->groups(['projects'])`
groups at the top in hooks 2022-08-02 01:10:48 +00:00			`->inject('project')`
implementing new Utopia hooks 2022-07-22 06:00:42 +00:00			`->action(function (Document $project) {`
			`if ($project->getId() !== 'console') {`
Merge branch 'master' into feat-simplify-exceptions 2022-08-08 14:03:01 +00:00			`throw new Exception(Exception::GENERAL_ACCESS_FORBIDDEN);`
implementing new Utopia hooks 2022-07-22 06:00:42 +00:00			`}`
			`});`
Started work on the UI 2021-07-31 21:36:18 +00:00
replace app usage with http 2026-02-04 05:30:22 +00:00			`Http::get('/v1/projects/:projectId')`
converted desc to sentence case 2023-08-01 15:26:48 +00:00			`->desc('Get project')`
Adding group support, upgraded FW 2020-06-25 18:32:12 +00:00			`->groups(['api', 'projects'])`
Test for admin controllers 2019-12-14 19:33:29 +00:00			`->label('scope', 'projects.read')`
Implement new SDK Class on 1.6.x 2025-01-17 04:31:39 +00:00			`->label('sdk', new Method(`
			`namespace: 'projects',`
feat: sdk group attribute 2025-03-31 05:48:17 +00:00			`group: 'projects',`
Implement new SDK Class on 1.6.x 2025-01-17 04:31:39 +00:00			`name: 'get',`
Add remaining missing descriptions and enable the desc check 2025-01-20 03:16:00 +00:00			`description: '/docs/references/projects/get.md',`
Implement new SDK Class on 1.6.x 2025-01-17 04:31:39 +00:00			`auth: [AuthType::ADMIN],`
			`responses: [`
			`new SDKResponse(`
			`code: Response::STATUS_CODE_OK,`
			`model: Response::MODEL_PROJECT,`
			`)`
			`]`
			`))`
Fix wrong db for UID max length check 2025-10-21 02:04:08 +00:00			`->param('projectId', '', fn (Database $dbForPlatform) => new UID($dbForPlatform->getAdapter()->getMaxUIDLength()), 'Project unique ID.', false, ['dbForPlatform'])`
Updated projects controller 2020-12-26 16:33:36 +00:00			`->inject('response')`
chore: replace occurrences of dbForConsole to dbForPlatform 2024-12-12 10:30:26 +00:00			`->inject('dbForPlatform')`
			`->action(function (string $projectId, Response $response, Database $dbForPlatform) {`
Revert "Feat adding coroutines" 2024-10-08 07:54:40 +00:00
chore: replace occurrences of dbForConsole to dbForPlatform 2024-12-12 10:30:26 +00:00			`$project = $dbForPlatform->getDocument('projects', $projectId);`
Test for admin controllers 2019-12-14 19:33:29 +00:00
Work in progress - projects controller 2021-05-15 22:41:42 +00:00			`if ($project->isEmpty()) {`
Migrate all exceptions to new signature 2022-07-26 14:24:32 +00:00			`throw new Exception(Exception::PROJECT_NOT_FOUND);`
Updated controllers 2020-06-30 15:46:42 +00:00			`}`
Test for admin controllers 2019-12-14 19:33:29 +00:00
Cleanup old db library 2021-07-25 14:47:18 +00:00			`$response->dynamic($project, Response::MODEL_PROJECT);`
Updated projects controller 2020-12-26 16:33:36 +00:00			`});`
Disable all APIs 2024-03-04 22:28:42 +00:00
Simplify specs 2026-04-24 14:37:27 +00:00			`// Backwards compatibility`
replace app usage with http 2026-02-04 05:30:22 +00:00			`Http::patch('/v1/projects/:projectId/oauth2')`
converted desc to sentence case 2023-08-01 15:26:48 +00:00			`->desc('Update project OAuth2')`
Adding group support, upgraded FW 2020-06-25 18:32:12 +00:00			`->groups(['api', 'projects'])`
Test for admin controllers 2019-12-14 19:33:29 +00:00			`->label('scope', 'projects.write')`
Fix wrong db for UID max length check 2025-10-21 02:04:08 +00:00			`->param('projectId', '', fn (Database $dbForPlatform) => new UID($dbForPlatform->getAdapter()->getMaxUIDLength()), 'Project unique ID.', false, ['dbForPlatform'])`
made review changes 2023-10-25 17:33:23 +00:00			`->param('provider', '', new WhiteList(\array_keys(Config::getParam('oAuthProviders')), true), 'Provider Name')`
wrap all optional values with default null with nullable 2025-11-10 04:45:49 +00:00			`->param('appId', null, new Nullable(new Text(256)), 'Provider app ID. Max length: 256 chars.', true)`
			`->param('secret', null, new Nullable(new text(512)), 'Provider secret key. Max length: 512 chars.', true)`
			`->param('enabled', null, new Nullable(new Boolean()), 'Provider status. Set to \'false\' to disable new session creation.', true)`
Updated projects controller 2020-12-26 16:33:36 +00:00			`->inject('response')`
chore: replace occurrences of dbForConsole to dbForPlatform 2024-12-12 10:30:26 +00:00			`->inject('dbForPlatform')`
			`->action(function (string $projectId, string $provider, ?string $appId, ?string $secret, ?bool $enabled, Response $response, Database $dbForPlatform) {`
Revert "Feat adding coroutines" 2024-10-08 07:54:40 +00:00
chore: replace occurrences of dbForConsole to dbForPlatform 2024-12-12 10:30:26 +00:00			`$project = $dbForPlatform->getDocument('projects', $projectId);`
Test for admin controllers 2019-12-14 19:33:29 +00:00
Work in progress - projects controller 2021-05-15 22:41:42 +00:00			`if ($project->isEmpty()) {`
Migrate all exceptions to new signature 2022-07-26 14:24:32 +00:00			`throw new Exception(Exception::PROJECT_NOT_FOUND);`
Updated controllers 2020-06-30 15:46:42 +00:00			`}`
Test for admin controllers 2019-12-14 19:33:29 +00:00
made review changes 2023-10-25 17:33:23 +00:00			`$providers = $project->getAttribute('oAuthProviders', []);`
Implement status of oauth providers, and refactor response models 2022-08-19 09:21:51 +00:00
Linter fix, update tests 2022-08-19 09:43:03 +00:00			`if ($appId !== null) {`
Implement status of oauth providers, and refactor response models 2022-08-19 09:21:51 +00:00			`$providers[$provider . 'Appid'] = $appId;`
			`}`

Linter fix, update tests 2022-08-19 09:43:03 +00:00			`if ($secret !== null) {`
Implement status of oauth providers, and refactor response models 2022-08-19 09:21:51 +00:00			`$providers[$provider . 'Secret'] = $secret;`
			`}`

Linter fix, update tests 2022-08-19 09:43:03 +00:00			`if ($enabled !== null) {`
Implement status of oauth providers, and refactor response models 2022-08-19 09:21:51 +00:00			`$providers[$provider . 'Enabled'] = $enabled;`
			`}`
oauth2 providers in project grouped 2021-08-06 10:35:50 +00:00
chore: replace occurrences of dbForConsole to dbForPlatform 2024-12-12 10:30:26 +00:00			`$project = $dbForPlatform->updateDocument('projects', $project->getId(), $project->setAttribute('oAuthProviders', $providers));`
Updated controllers 2020-06-30 15:46:42 +00:00
feat: teamHideSensitiveFields 2024-11-01 11:38:56 +00:00			`$response->dynamic($project, Response::MODEL_PROJECT);`
			`});`

Add public mocks API for phones 2026-04-22 09:30:39 +00:00			`// Backwards compatibility`
replace app usage with http 2026-02-04 05:30:22 +00:00			`Http::patch('/v1/projects/:projectId/auth/mock-numbers')`
feat: initial commit 2024-02-11 14:51:19 +00:00			`->desc('Update the mock numbers for the project')`
			`->groups(['api', 'projects'])`
			`->label('scope', 'projects.write')`
Fix wrong db for UID max length check 2025-10-21 02:04:08 +00:00			`->param('projectId', '', fn (Database $dbForPlatform) => new UID($dbForPlatform->getAdapter()->getMaxUIDLength()), 'Project unique ID.', false, ['dbForPlatform'])`
feat: initial commit 2024-02-11 14:51:19 +00:00			`->param('numbers', '', new ArrayList(new MockNumber(), 10), 'An array of mock numbers and their corresponding verification codes (OTPs). Each number should be a valid E.164 formatted phone number. Maximum of 10 numbers are allowed.')`
			`->inject('response')`
chore: replace occurrences of dbForConsole to dbForPlatform 2024-12-12 10:30:26 +00:00			`->inject('dbForPlatform')`
			`->action(function (string $projectId, array $numbers, Response $response, Database $dbForPlatform) {`
feat: initial commit 2024-02-11 14:51:19 +00:00
feat: address review comments 2024-07-21 19:30:06 +00:00			`$uniqueNumbers = [];`
			`foreach ($numbers as $number) {`
feat: address review comments 2024-07-21 19:45:39 +00:00			`if (isset($uniqueNumbers[$number['phone']])) {`
			`throw new Exception(Exception::GENERAL_BAD_REQUEST, 'Duplicate phone numbers are not allowed.');`
feat: address review comments 2024-07-21 19:30:06 +00:00			`}`
feat: address review comments 2024-07-21 19:45:39 +00:00			`$uniqueNumbers[$number['phone']] = $number['otp'];`
feat: address review comments 2024-07-21 19:30:06 +00:00			`}`
chore: linter 2024-07-22 09:08:02 +00:00
chore: replace occurrences of dbForConsole to dbForPlatform 2024-12-12 10:30:26 +00:00			`$project = $dbForPlatform->getDocument('projects', $projectId);`
feat: initial commit 2024-02-11 14:51:19 +00:00
			`if ($project->isEmpty()) {`
			`throw new Exception(Exception::PROJECT_NOT_FOUND);`
			`}`

			`$auths = $project->getAttribute('auths', []);`

			`$auths['mockNumbers'] = $numbers;`

chore: replace occurrences of dbForConsole to dbForPlatform 2024-12-12 10:30:26 +00:00			`$project = $dbForPlatform->updateDocument('projects', $project->getId(), $project->setAttribute('auths', $auths));`
feat: initial commit 2024-02-11 14:51:19 +00:00
			`$response->dynamic($project, Response::MODEL_PROJECT);`
			`});`

Post-merge fix 2026-04-22 07:59:00 +00:00			`// Backwards compatibility`
			`Http::delete('/v1/projects/:projectId/templates/email')`
			`->alias('/v1/projects/:projectId/templates/email/:type/:locale')`
			`->desc('Delete custom email template')`
			`->groups(['api', 'projects'])`
			`->label('scope', 'projects.write')`
			`->param('projectId', '', fn (Database $dbForPlatform) => new UID($dbForPlatform->getAdapter()->getMaxUIDLength()), 'Project unique ID.', false, ['dbForPlatform'])`
			`->param('type', '', new WhiteList(Config::getParam('locale-templates')['email'] ?? [], true), 'Template type')`
			`->param('locale', '', fn ($localeCodes) => new WhiteList($localeCodes), 'Template locale', true, ['localeCodes'])`
			`->inject('response')`
			`->inject('dbForPlatform')`
			`->action(function (string $projectId, string $type, string $locale, Response $response, Database $dbForPlatform) {`
			`$locale = $locale ?: System::getEnv('_APP_LOCALE', 'en');`

			`$project = $dbForPlatform->getDocument('projects', $projectId);`
			`if ($project->isEmpty()) {`
			`throw new Exception(Exception::PROJECT_NOT_FOUND);`
			`}`

			`$templates = $project->getAttribute('templates', []);`
			`unset($templates['email.' . $type . '-' . $locale]);`

			`$project = $dbForPlatform->updateDocument('projects', $project->getId(), $project->setAttribute('templates', $templates));`

			`$response->noContent();`
			`});`