From 4a61718cff790583a99bb729a1577198d522a860 Mon Sep 17 00:00:00 2001
From: Jake Barnby <jakeb994@gmail.com>
Date: Mon, 21 Nov 2022 16:49:45 +1300
Subject: [PATCH 1/8] Enable HSTS for all HTTPS requests

---
 app/controllers/general.php | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/app/controllers/general.php b/app/controllers/general.php
index 069a918680..0c10dd46e9 100644
--- a/app/controllers/general.php
+++ b/app/controllers/general.php
@@ -223,7 +223,9 @@ App::init()
 
                 return $response->redirect('https://' . $request->getHostname() . $request->getURI());
             }
+        }
 
+        if ($request->getProtocol() === 'https') {
             $response->addHeader('Strict-Transport-Security', 'max-age=' . (60 * 60 * 24 * 126)); // 126 days
         }
 

From dd99ab7b0022bd963813b3a09d7efa90a13f2c0b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Matej=20Ba=C4=8Do?= <matejbaco2000@gmail.com>
Date: Mon, 21 Nov 2022 14:24:52 +0000
Subject: [PATCH 2/8] Fix session expiration

---
 app/init.php              |  4 ++--
 app/tasks/maintenance.php |  1 -
 app/workers/deletes.php   | 23 ++++++++++++++---------
 3 files changed, 16 insertions(+), 12 deletions(-)

diff --git a/app/init.php b/app/init.php
index 3d24ef81d4..50624c21c8 100644
--- a/app/init.php
+++ b/app/init.php
@@ -790,9 +790,11 @@ App::setResource('user', function ($mode, $project, $console, $request, $respons
     Authorization::setDefaultStatus(true);
 
     Auth::setCookieName('a_session_' . $project->getId());
+    $authDuration = $project->getAttribute('auths', [])['duration'] ?? Auth::TOKEN_EXPIRATION_LOGIN_LONG;
 
     if (APP_MODE_ADMIN === $mode) {
         Auth::setCookieName('a_session_' . $console->getId());
+        $authDuration = Auth::TOKEN_EXPIRATION_LOGIN_LONG;
     }
 
     $session = Auth::decodeSession(
@@ -829,8 +831,6 @@ App::setResource('user', function ($mode, $project, $console, $request, $respons
         $user = $dbForConsole->getDocument('users', Auth::$unique);
     }
 
-    $authDuration = $project->getAttribute('auths', [])['duration'] ?? Auth::TOKEN_EXPIRATION_LOGIN_LONG;
-
     if (
         $user->isEmpty() // Check a document has been found in the DB
         || !Auth::sessionVerify($user->getAttribute('sessions', []), Auth::$secret, $authDuration)
diff --git a/app/tasks/maintenance.php b/app/tasks/maintenance.php
index 96264a9966..7199a338e3 100644
--- a/app/tasks/maintenance.php
+++ b/app/tasks/maintenance.php
@@ -98,7 +98,6 @@ $cli
         {
             (new Delete())
                 ->setType(DELETE_TYPE_SESSIONS)
-                ->setDatetime(DateTime::addSeconds(new \DateTime(), -1 * Auth::TOKEN_EXPIRATION_LOGIN_LONG)) //TODO: Update to use project session expiration instead of default.
                 ->trigger();
         }
 
diff --git a/app/workers/deletes.php b/app/workers/deletes.php
index 364e64842f..5dc7e8d737 100644
--- a/app/workers/deletes.php
+++ b/app/workers/deletes.php
@@ -1,5 +1,6 @@
 <?php
 
+use Appwrite\Auth\Auth;
 use Utopia\App;
 use Utopia\Cache\Adapter\Filesystem;
 use Utopia\Cache\Cache;
@@ -13,6 +14,7 @@ use Utopia\Abuse\Abuse;
 use Utopia\Abuse\Adapters\TimeLimit;
 use Utopia\CLI\Console;
 use Utopia\Audit\Audit;
+use Utopia\Database\DateTime;
 
 require_once __DIR__ . '/../init.php';
 
@@ -96,7 +98,7 @@ class DeletesV1 extends Worker
                 break;
 
             case DELETE_TYPE_SESSIONS:
-                $this->deleteExpiredSessions($this->args['datetime']);
+                $this->deleteExpiredSessions();
                 break;
 
             case DELETE_TYPE_CERTIFICATES:
@@ -105,7 +107,7 @@ class DeletesV1 extends Worker
                 break;
 
             case DELETE_TYPE_USAGE:
-                $this->deleteUsageStats($this->args['dateTime1d'], $this->args['hourlyUsageRetentionDatetime']);
+                $this->deleteUsageStats($this->args['hourlyUsageRetentionDatetime']);
                 break;
 
             case DELETE_TYPE_CACHE_BY_RESOURCE:
@@ -214,7 +216,6 @@ class DeletesV1 extends Worker
     }
 
     /**
-     * @param string $datetime1d
      * @param string $hourlyUsageRetentionDatetime
      */
     protected function deleteUsageStats(string $hourlyUsageRetentionDatetime)
@@ -316,16 +317,20 @@ class DeletesV1 extends Worker
         });
     }
 
-    /**
-     * @param string $datetime
-     */
-    protected function deleteExpiredSessions(string $datetime): void
+    protected function deleteExpiredSessions(): void
     {
-        $this->deleteForProjectIds(function (string $projectId) use ($datetime) {
+        $consoleDB = $this->getConsoleDB();
+
+        $this->deleteForProjectIds(function (string $projectId) use ($consoleDB) {
             $dbForProject = $this->getProjectDB($projectId);
+
+            $project = $consoleDB->getDocument('projects', $projectId);
+            $duration = $project->getAttribute('auths', [])['duration'] ?? Auth::TOKEN_EXPIRATION_LOGIN_LONG;
+            $expired = DateTime::addSeconds(new \DateTime(), -1 * $duration);
+
             // Delete Sessions
             $this->deleteByGroup('sessions', [
-                Query::lessThan('expire', $datetime)
+                Query::lessThan('$createdAt', $expired)
             ], $dbForProject);
         });
     }

From eda112755ae4fbf017b5426f42f55995f36f6baa Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Matej=20Ba=C4=8Do?= <matejbaco2000@gmail.com>
Date: Mon, 21 Nov 2022 14:26:59 +0000
Subject: [PATCH 3/8] Update changelogs

---
 CHANGES.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/CHANGES.md b/CHANGES.md
index 6b7af775de..359f39fb4d 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -1,3 +1,5 @@
+- Fix admin-mode session expiration, and expired session deletion [#4739](https://github.com/appwrite/appwrite/pull/4739)
+
 # Version 1.1.1
 
 ## Bugs

From d2b0218abaad0833ede62f82e398aead156b4d3b Mon Sep 17 00:00:00 2001
From: Christy Jacob <christyjacob4@gmail.com>
Date: Tue, 22 Nov 2022 18:26:41 +0000
Subject: [PATCH 4/8] feat: add build args for console

---
 Dockerfile    |  3 +++
 composer.lock | 12 ++++++------
 2 files changed, 9 insertions(+), 6 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index f63ed3ddda..12ee4ddc70 100755
--- a/Dockerfile
+++ b/Dockerfile
@@ -18,6 +18,9 @@ COPY app/console /usr/local/src/console
 
 WORKDIR /usr/local/src/console
 
+ARG VITE_GA_PROJECT=""
+ENV VITE_GA_PROJECT=$VITE_GA_PROJECT
+
 RUN npm ci
 RUN npm run build
 
diff --git a/composer.lock b/composer.lock
index 3b4148a950..e97546287f 100644
--- a/composer.lock
+++ b/composer.lock
@@ -3358,16 +3358,16 @@
         },
         {
             "name": "phpunit/php-code-coverage",
-            "version": "9.2.18",
+            "version": "9.2.19",
             "source": {
                 "type": "git",
                 "url": "https://github.com/sebastianbergmann/php-code-coverage.git",
-                "reference": "12fddc491826940cf9b7e88ad9664cf51f0f6d0a"
+                "reference": "c77b56b63e3d2031bd8997fcec43c1925ae46559"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/sebastianbergmann/php-code-coverage/zipball/12fddc491826940cf9b7e88ad9664cf51f0f6d0a",
-                "reference": "12fddc491826940cf9b7e88ad9664cf51f0f6d0a",
+                "url": "https://api.github.com/repos/sebastianbergmann/php-code-coverage/zipball/c77b56b63e3d2031bd8997fcec43c1925ae46559",
+                "reference": "c77b56b63e3d2031bd8997fcec43c1925ae46559",
                 "shasum": ""
             },
             "require": {
@@ -3423,7 +3423,7 @@
             ],
             "support": {
                 "issues": "https://github.com/sebastianbergmann/php-code-coverage/issues",
-                "source": "https://github.com/sebastianbergmann/php-code-coverage/tree/9.2.18"
+                "source": "https://github.com/sebastianbergmann/php-code-coverage/tree/9.2.19"
             },
             "funding": [
                 {
@@ -3431,7 +3431,7 @@
                     "type": "github"
                 }
             ],
-            "time": "2022-10-27T13:35:33+00:00"
+            "time": "2022-11-18T07:47:47+00:00"
         },
         {
             "name": "phpunit/php-file-iterator",

From fc752039a4ba035bff76da824bdc243ebd43882a Mon Sep 17 00:00:00 2001
From: Christy Jacob <christyjacob4@gmail.com>
Date: Wed, 23 Nov 2022 00:29:26 +0530
Subject: [PATCH 5/8] Update Dockerfile

Co-authored-by: Torsten Dittmann <torsten.dittmann@googlemail.com>
---
 Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index 12ee4ddc70..5d36384140 100755
--- a/Dockerfile
+++ b/Dockerfile
@@ -18,7 +18,7 @@ COPY app/console /usr/local/src/console
 
 WORKDIR /usr/local/src/console
 
-ARG VITE_GA_PROJECT=""
+ARG VITE_GA_PROJECT
 ENV VITE_GA_PROJECT=$VITE_GA_PROJECT
 
 RUN npm ci

From 4813e6b4d5c286ee23b1bd73fd07197de5c35d27 Mon Sep 17 00:00:00 2001
From: Christy Jacob <christyjacob4@gmail.com>
Date: Tue, 22 Nov 2022 19:32:35 +0000
Subject: [PATCH 6/8] feat: add console mode

---
 Dockerfile | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/Dockerfile b/Dockerfile
index 5d36384140..95073df08b 100755
--- a/Dockerfile
+++ b/Dockerfile
@@ -19,7 +19,10 @@ COPY app/console /usr/local/src/console
 WORKDIR /usr/local/src/console
 
 ARG VITE_GA_PROJECT
+ARG VITE_CONSOLE_MODE
+
 ENV VITE_GA_PROJECT=$VITE_GA_PROJECT
+ENV VITE_CONSOLE_MODE=$VITE_CONSOLE_MODE
 
 RUN npm ci
 RUN npm run build

From bd0139ef3be3d60d3a981f1a723e34db1fb0819e Mon Sep 17 00:00:00 2001
From: Jake Barnby <jakeb994@gmail.com>
Date: Wed, 23 Nov 2022 18:16:57 +1300
Subject: [PATCH 7/8] Make region optional with default of 'default'

---
 app/controllers/api/projects.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/controllers/api/projects.php b/app/controllers/api/projects.php
index d1dfea7245..1e70a99fc6 100644
--- a/app/controllers/api/projects.php
+++ b/app/controllers/api/projects.php
@@ -59,7 +59,7 @@ App::post('/v1/projects')
     ->param('projectId', '', new CustomId(), 'Unique Id. Choose your own unique ID or pass the string `ID.unique()` to auto generate it. Valid chars are a-z, A-Z, 0-9, period, hyphen, and underscore. Can\'t start with a special char. Max length is 36 chars.')
     ->param('name', null, new Text(128), 'Project name. Max length: 128 chars.')
     ->param('teamId', '', new UID(), 'Team unique ID.')
-    ->param('region', '', new Whitelist(array_keys(array_filter(Config::getParam('regions'), fn($config) => !$config['disabled']))), 'Project Region.')
+    ->param('region', 'default', new Whitelist(array_keys(array_filter(Config::getParam('regions'), fn($config) => !$config['disabled']))), 'Project Region.', true)
     ->param('description', '', new Text(256), 'Project description. Max length: 256 chars.', true)
     ->param('logo', '', new Text(1024), 'Project logo.', true)
     ->param('url', '', new URL(), 'Project URL.', true)

From 1e1ab2a8ae88a5a53a4d72ec72813c40035fe8fb Mon Sep 17 00:00:00 2001
From: Jake Barnby <jakeb994@gmail.com>
Date: Wed, 23 Nov 2022 18:22:44 +1300
Subject: [PATCH 8/8] Update changelog

---
 CHANGES.md | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/CHANGES.md b/CHANGES.md
index 6b7af775de..e1655b069c 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -1,5 +1,8 @@
-# Version 1.1.1
+# Version 1.1.2
+## Changes
+- Make `region` parameter optional with default for project create [#4763](https://github.com/appwrite/appwrite/pull/4763)
 
+# Version 1.1.1
 ## Bugs
 - Fix Deletes worker using incorrect device for file deletion [#4662](https://github.com/appwrite/appwrite/pull/4662)
 - Fix Migration for Stats adding the region attribute [#4704](https://github.com/appwrite/appwrite/pull/4704)