diff --git a/.env b/.env index c10c12613b..5ea2ba2852 100644 --- a/.env +++ b/.env @@ -15,6 +15,7 @@ _APP_SYSTEM_TEAM_EMAIL=team@appwrite.io _APP_EMAIL_SECURITY=security@appwrite.io _APP_EMAIL_CERTIFICATES=certificates@appwrite.io _APP_SYSTEM_RESPONSE_FORMAT= +_APP_CUSTOM_DOMAIN_DENY_LIST= _APP_OPTIONS_ABUSE=disabled _APP_OPTIONS_ROUTER_PROTECTION=disabled _APP_OPTIONS_FORCE_HTTPS=disabled diff --git a/app/config/variables.php b/app/config/variables.php index 27463d2fee..a828ceda61 100644 --- a/app/config/variables.php +++ b/app/config/variables.php @@ -79,6 +79,15 @@ return [ 'question' => 'Enter your Appwrite hostname', 'filter' => '' ], + [ + 'name' => '_APP_CUSTOM_DOMAIN_DENY_LIST', + 'description' => 'List of reserved or prohibited domains when configuring custom domains.', + 'introduction' => '', + 'default' => 'example.com,test.com,app.example.com', + 'required' => false, + 'question' => '', + 'filter' => '' + ], [ 'name' => '_APP_DOMAIN_FUNCTIONS', 'description' => 'A domain to use for function preview URLs. Setting to empty turns off function preview URLs.', diff --git a/app/controllers/api/migrations.php b/app/controllers/api/migrations.php index 75afc7ed2c..4061f2c2c4 100644 --- a/app/controllers/api/migrations.php +++ b/app/controllers/api/migrations.php @@ -408,6 +408,7 @@ App::get('/v1/migrations/appwrite/report') ->inject('project') ->inject('user') ->action(function (array $resources, string $endpoint, string $projectID, string $key, Response $response) { + $appwrite = new Appwrite($projectID, $endpoint, $key); try { diff --git a/app/controllers/api/projects.php b/app/controllers/api/projects.php index 48d20cd17f..b29bd227aa 100644 --- a/app/controllers/api/projects.php +++ b/app/controllers/api/projects.php @@ -138,6 +138,14 @@ App::post('/v1/projects') $databases = Config::getParam('pools-database', []); + if ($region !== 'default') { + $databaseKeys = System::getEnv('_APP_DATABASE_KEYS', ''); + $keys = explode(',', $databaseKeys); + $databases = array_filter($keys, function ($value) use ($region) { + return str_contains($value, $region); + }); + } + $databaseOverride = System::getEnv('_APP_DATABASE_OVERRIDE'); $index = \array_search($databaseOverride, $databases); if ($index !== false) { @@ -205,17 +213,17 @@ App::post('/v1/projects') $dsn = new DSN('mysql://' . $dsn); } - $adapter = $pools->get($dsn->getHost())->pop()->getResource(); - $dbForProject = new Database($adapter, $cache); $sharedTables = \explode(',', System::getEnv('_APP_DATABASE_SHARED_TABLES', '')); $sharedTablesV1 = \explode(',', System::getEnv('_APP_DATABASE_SHARED_TABLES_V1', '')); - $projectTables = !\in_array($dsn->getHost(), $sharedTables); $sharedTablesV1 = \in_array($dsn->getHost(), $sharedTablesV1); $sharedTablesV2 = !$projectTables && !$sharedTablesV1; $sharedTables = $sharedTablesV1 || $sharedTablesV2; if (!$sharedTablesV2) { + $adapter = $pools->get($dsn->getHost())->pop()->getResource(); + $dbForProject = new Database($adapter, $cache); + if ($sharedTables) { $dbForProject ->setSharedTables(true) diff --git a/app/controllers/api/proxy.php b/app/controllers/api/proxy.php index 393caad93d..80f3df2605 100644 --- a/app/controllers/api/proxy.php +++ b/app/controllers/api/proxy.php @@ -55,14 +55,25 @@ App::post('/v1/proxy/rules') ->inject('dbForPlatform') ->inject('dbForProject') ->action(function (string $domain, string $resourceType, string $resourceId, Response $response, Document $project, Certificate $queueForCertificates, Event $queueForEvents, Database $dbForPlatform, Database $dbForProject) { + $mainDomain = System::getEnv('_APP_DOMAIN', ''); if ($domain === $mainDomain) { throw new Exception(Exception::GENERAL_ARGUMENT_INVALID, 'You cannot assign your main domain to specific resource. Please use subdomain or a different domain.'); } - $functionsDomain = System::getEnv('_APP_DOMAIN_FUNCTIONS', ''); - if ($functionsDomain != '' && str_ends_with($domain, $functionsDomain)) { - throw new Exception(Exception::GENERAL_ARGUMENT_INVALID, 'You cannot assign your functions domain or it\'s subdomain to specific resource. Please use different domain.'); + $functionsDomain = System::getEnv('_APP_DOMAIN_FUNCTIONS'); + $denyListDomains = System::getEnv('_APP_CUSTOM_DOMAIN_DENY_LIST'); + + if (!empty($denyListDomains)) { + $functionsDomain .= ',' . $denyListDomains; + } + + $deniedDomains = array_map('trim', explode(',', $functionsDomain)); + + foreach ($deniedDomains as $deniedDomain) { + if (str_ends_with($domain, $deniedDomain)) { + throw new Exception(Exception::GENERAL_ARGUMENT_INVALID, 'You cannot assign your functions domain or its subdomain to a specific resource. Please use a different domain.'); + } } if ($domain === 'localhost' || $domain === APP_HOSTNAME_INTERNAL) { diff --git a/app/controllers/general.php b/app/controllers/general.php index 6c1167cf76..b28718e514 100644 --- a/app/controllers/general.php +++ b/app/controllers/general.php @@ -72,11 +72,19 @@ function router(App $utopia, Database $dbForPlatform, callable $getProjectDB, Sw } if ($route->isEmpty()) { - if ($host === System::getEnv('_APP_DOMAIN_FUNCTIONS', '')) { + + $appDomainFunctionsFallback = System::getEnv('_APP_DOMAIN_FUNCTIONS_FALLBACK', ''); + $appDomainFunctions = System::getEnv('_APP_DOMAIN_FUNCTIONS', ''); + + if (!empty($appDomainFunctionsFallback) && \str_ends_with($host, $appDomainFunctionsFallback)) { + $appDomainFunctions = $appDomainFunctionsFallback; + } + + if ($host === $appDomainFunctions) { throw new AppwriteException(AppwriteException::GENERAL_ACCESS_FORBIDDEN, 'This domain cannot be used for security reasons. Please use any subdomain instead.'); } - if (\str_ends_with($host, System::getEnv('_APP_DOMAIN_FUNCTIONS', ''))) { + if (\str_ends_with($host, $appDomainFunctions)) { throw new AppwriteException(AppwriteException::GENERAL_ACCESS_FORBIDDEN, 'This domain is not connected to any Appwrite resource yet. Please configure custom domain or function domain to allow this request.'); } diff --git a/app/controllers/shared/api.php b/app/controllers/shared/api.php index 87382bbfe2..bf35f9073b 100644 --- a/app/controllers/shared/api.php +++ b/app/controllers/shared/api.php @@ -534,7 +534,7 @@ App::init() $data = $cache->load($key, $timestamp); if (!empty($data) && !$cacheLog->isEmpty()) { - $parts = explode('/', $cacheLog->getAttribute('resourceType')); + $parts = explode('/', $cacheLog->getAttribute('resourceType', '')); $type = $parts[0] ?? null; if ($type === 'bucket' && (!$isImageTransformation || !$isDisabled)) { diff --git a/app/init/resources.php b/app/init/resources.php index 2360179913..c719a47344 100644 --- a/app/init/resources.php +++ b/app/init/resources.php @@ -48,6 +48,8 @@ use Utopia\Storage\Device\S3; use Utopia\Storage\Device\Wasabi; use Utopia\Storage\Storage; use Utopia\System\System; +use Utopia\Telemetry\Adapter as Telemetry; +use Utopia\Telemetry\Adapter\None as NoTelemetry; use Utopia\Validator\Hostname; use Utopia\VCS\Adapter\Git\GitHub as VcsGitHub; @@ -464,7 +466,9 @@ App::setResource('getLogsDB', function (Group $pools, Cache $cache) { }; }, ['pools', 'cache']); -App::setResource('cache', function (Group $pools) { +App::setResource('telemetry', fn () => new NoTelemetry()); + +App::setResource('cache', function (Group $pools, Telemetry $telemetry) { $list = Config::getParam('pools-cache', []); $adapters = []; @@ -472,12 +476,15 @@ App::setResource('cache', function (Group $pools) { $adapters[] = $pools ->get($value) ->pop() - ->getResource() - ; + ->getResource(); } - return new Cache(new Sharding($adapters)); -}, ['pools']); + $cache = new Cache(new Sharding($adapters)); + + $cache->setTelemetry($telemetry); + + return $cache; +}, ['pools', 'telemetry']); App::setResource('redis', function () { $host = System::getEnv('_APP_REDIS_HOST', 'localhost'); diff --git a/app/views/install/compose.phtml b/app/views/install/compose.phtml index 7dfe14fcef..f34af1865e 100644 --- a/app/views/install/compose.phtml +++ b/app/views/install/compose.phtml @@ -168,7 +168,7 @@ $image = $this->getParam('image', ''); appwrite-console: <<: *x-logging container_name: appwrite-console - image: /console:5.2.53 + image: /console:5.2.58 restart: unless-stopped networks: - appwrite diff --git a/docker-compose.yml b/docker-compose.yml index 8c8a364f30..3e01235f07 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -198,13 +198,14 @@ services: - _APP_DATABASE_SHARED_TABLES_V1 - _APP_DATABASE_SHARED_NAMESPACE - _APP_FUNCTIONS_CREATION_ABUSE_LIMIT + - _APP_CUSTOM_DOMAIN_DENY_LIST extra_hosts: - "host.docker.internal:host-gateway" appwrite-console: <<: *x-logging container_name: appwrite-console - image: appwrite/console:5.2.53 + image: appwrite/console:5.2.58 restart: unless-stopped networks: - appwrite diff --git a/src/Appwrite/Event/Event.php b/src/Appwrite/Event/Event.php index 0edffdf4dc..a00cc45159 100644 --- a/src/Appwrite/Event/Event.php +++ b/src/Appwrite/Event/Event.php @@ -351,6 +351,7 @@ class Event */ public function trigger(): string|bool { + if ($this->paused) { return false; } @@ -360,6 +361,7 @@ class Event // Merge the base payload with any trimmed values $payload = array_merge($this->preparePayload(), $this->trimPayload()); + return $this->publisher->enqueue($queue, $payload); } diff --git a/src/Appwrite/Migration/Version/V21.php b/src/Appwrite/Migration/Version/V21.php index 51e8a18b9d..0a89221b12 100644 --- a/src/Appwrite/Migration/Version/V21.php +++ b/src/Appwrite/Migration/Version/V21.php @@ -82,6 +82,14 @@ class V21 extends Migration Console::warning("'type' from {$id}: {$th->getMessage()}"); } break; + case 'migrations': + // Create destination attribute + try { + $this->createAttributeFromCollection($this->projectDB, $id, 'destination'); + } catch (Throwable $th) { + Console::warning("'destination' from {$id}: {$th->getMessage()}"); + } + break; case 'schedules': // Create data attribute try { @@ -91,7 +99,14 @@ class V21 extends Migration } break; - + case 'databases': + // Create originalId attribute + try { + $this->createAttributeFromCollection($this->projectDB, $id, 'originalId'); + } catch (Throwable $th) { + Console::warning("'originalId' from {$id}: {$th->getMessage()}"); + } + break; case 'functions': // Create scopes attribute try { diff --git a/src/Appwrite/Platform/Tasks/Maintenance.php b/src/Appwrite/Platform/Tasks/Maintenance.php index b9e312a3fb..2df75b22a8 100644 --- a/src/Appwrite/Platform/Tasks/Maintenance.php +++ b/src/Appwrite/Platform/Tasks/Maintenance.php @@ -47,15 +47,20 @@ class Maintenance extends Action Console::info("[{$time}] Notifying workers with maintenance tasks every {$interval} seconds"); - $dbForPlatform->foreach('projects', function (Document $project) use ($queueForDeletes, $usageStatsRetentionHourly) { - $queueForDeletes - ->setType(DELETE_TYPE_MAINTENANCE) - ->setProject($project) - ->setUsageRetentionHourlyDateTime(DateTime::addSeconds(new \DateTime(), -1 * $usageStatsRetentionHourly)) - ->trigger(); - }, [ - Query::limit(100), - ]); + $dbForPlatform->foreach( + 'projects', + function (Document $project) use ($queueForDeletes, $usageStatsRetentionHourly) { + $queueForDeletes + ->setType(DELETE_TYPE_MAINTENANCE) + ->setProject($project) + ->setUsageRetentionHourlyDateTime(DateTime::addSeconds(new \DateTime(), -1 * $usageStatsRetentionHourly)) + ->trigger(); + }, + [ + Query::equal('region', [System::getEnv('_APP_REGION', 'default')]), + Query::limit(100), + ] + ); $queueForDeletes ->setType(DELETE_TYPE_MAINTENANCE) diff --git a/src/Appwrite/Platform/Tasks/StatsResources.php b/src/Appwrite/Platform/Tasks/StatsResources.php index ac3b9ead73..ca2a6860ff 100644 --- a/src/Appwrite/Platform/Tasks/StatsResources.php +++ b/src/Appwrite/Platform/Tasks/StatsResources.php @@ -67,7 +67,8 @@ class StatsResources extends Action * For each project that were accessed in last 24 hours */ $this->foreachDocument($this->dbForPlatform, 'projects', [ - Query::greaterThanEqual('accessedAt', DateTime::format($last24Hours)) + Query::greaterThanEqual('accessedAt', DateTime::format($last24Hours)), + Query::equal('region', [System::getEnv('_APP_REGION', 'default')]) ], function ($project) use ($queue) { $queue ->setProject($project) diff --git a/src/Appwrite/Platform/Workers/Deletes.php b/src/Appwrite/Platform/Workers/Deletes.php index 5092599d67..5be865f42b 100644 --- a/src/Appwrite/Platform/Workers/Deletes.php +++ b/src/Appwrite/Platform/Workers/Deletes.php @@ -494,21 +494,22 @@ class Deletes extends Action } /** - * @param Database $dbForPlatform - * @param Document $document - * @return void - * @throws Authorization - * @throws DatabaseException - * @throws Conflict - * @throws Restricted - * @throws Structure - * @throws Exception - */ - private function deleteProjectsByTeam(Database $dbForPlatform, callable $getProjectDB, CertificatesAdapter $certificates, Document $document): void + * @param Database $dbForPlatform + * @param Document $document + * @return void + * @throws Authorization + * @throws DatabaseException + * @throws Conflict + * @throws Restricted + * @throws Structure + * @throws Exception + */ + protected function deleteProjectsByTeam(Database $dbForPlatform, callable $getProjectDB, CertificatesAdapter $certificates, Document $document): void { $projects = $dbForPlatform->find('projects', [ - Query::equal('teamInternalId', [$document->getInternalId()]) + Query::equal('teamInternalId', [$document->getInternalId()]), + Query::equal('region', [System::getEnv('_APP_REGION', 'default')]) ]); foreach ($projects as $project) { diff --git a/src/Appwrite/Platform/Workers/StatsResources.php b/src/Appwrite/Platform/Workers/StatsResources.php index 3c0e772bd4..0144020d38 100644 --- a/src/Appwrite/Platform/Workers/StatsResources.php +++ b/src/Appwrite/Platform/Workers/StatsResources.php @@ -70,7 +70,6 @@ class StatsResources extends Action } if (empty($project->getAttribute('database'))) { - var_dump($payload); return; } diff --git a/src/Appwrite/Platform/Workers/Webhooks.php b/src/Appwrite/Platform/Workers/Webhooks.php index c903dafdae..44e8bd3118 100644 --- a/src/Appwrite/Platform/Workers/Webhooks.php +++ b/src/Appwrite/Platform/Workers/Webhooks.php @@ -54,6 +54,8 @@ class Webhooks extends Action $this->errors = []; $payload = $message->getPayload() ?? []; + + if (empty($payload)) { throw new Exception('Missing payload'); }