From 45e9040fa5a0c3a9e8650a27c2d6bae88e34dccb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Matej=20Ba=C4=8Do?= Date: Mon, 21 Mar 2022 14:23:56 +0000 Subject: [PATCH 1/7] Disallow HTTP communication if required --- app/config/errors.php | 5 +++++ app/controllers/general.php | 4 ++++ composer.lock | 28 ++++++++++++++-------------- src/Appwrite/Extend/Exception.php | 1 + 4 files changed, 24 insertions(+), 14 deletions(-) diff --git a/app/config/errors.php b/app/config/errors.php index b7b5c1ca31..ca305ed0b5 100644 --- a/app/config/errors.php +++ b/app/config/errors.php @@ -78,6 +78,11 @@ return [ 'description' => 'An internal server error occurred.', 'code' => 500, ], + Exception::GENERAL_FORCED_HTTPS_IGNORED => [ + 'name' => Exception::GENERAL_FORCED_HTTPS_IGNORED, + 'description' => 'Appwrite instance forces secure communication. Switch to HTTPS protocol in your endpoint.', + 'code' => 500, + ], /** User Errors */ Exception::USER_COUNT_EXCEEDED => [ diff --git a/app/controllers/general.php b/app/controllers/general.php index c08c244b31..4cf77bb4bb 100644 --- a/app/controllers/general.php +++ b/app/controllers/general.php @@ -173,6 +173,10 @@ App::init(function ($utopia, $request, $response, $console, $project, $dbForCons */ if (App::getEnv('_APP_OPTIONS_FORCE_HTTPS', 'disabled') === 'enabled') { // Force HTTPS if ($request->getProtocol() !== 'https') { + if($request->getMethod() !== Request::METHOD_GET) { + throw new Exception('HTTPS communication required.', 500, Exception::GENERAL_FORCED_HTTPS_IGNORED); + } + return $response->redirect('https://'.$request->getHostname().$request->getURI()); } diff --git a/composer.lock b/composer.lock index 291b391b3e..4a9b786b33 100644 --- a/composer.lock +++ b/composer.lock @@ -478,16 +478,16 @@ }, { "name": "guzzlehttp/guzzle", - "version": "7.4.1", + "version": "7.4.2", "source": { "type": "git", "url": "https://github.com/guzzle/guzzle.git", - "reference": "ee0a041b1760e6a53d2a39c8c34115adc2af2c79" + "reference": "ac1ec1cd9b5624694c3a40be801d94137afb12b4" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/guzzle/guzzle/zipball/ee0a041b1760e6a53d2a39c8c34115adc2af2c79", - "reference": "ee0a041b1760e6a53d2a39c8c34115adc2af2c79", + "url": "https://api.github.com/repos/guzzle/guzzle/zipball/ac1ec1cd9b5624694c3a40be801d94137afb12b4", + "reference": "ac1ec1cd9b5624694c3a40be801d94137afb12b4", "shasum": "" }, "require": { @@ -582,7 +582,7 @@ ], "support": { "issues": "https://github.com/guzzle/guzzle/issues", - "source": "https://github.com/guzzle/guzzle/tree/7.4.1" + "source": "https://github.com/guzzle/guzzle/tree/7.4.2" }, "funding": [ { @@ -598,7 +598,7 @@ "type": "tidelift" } ], - "time": "2021-12-06T18:43:05+00:00" + "time": "2022-03-20T14:16:28+00:00" }, { "name": "guzzlehttp/promises", @@ -686,16 +686,16 @@ }, { "name": "guzzlehttp/psr7", - "version": "2.1.0", + "version": "2.2.1", "source": { "type": "git", "url": "https://github.com/guzzle/psr7.git", - "reference": "089edd38f5b8abba6cb01567c2a8aaa47cec4c72" + "reference": "c94a94f120803a18554c1805ef2e539f8285f9a2" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/guzzle/psr7/zipball/089edd38f5b8abba6cb01567c2a8aaa47cec4c72", - "reference": "089edd38f5b8abba6cb01567c2a8aaa47cec4c72", + "url": "https://api.github.com/repos/guzzle/psr7/zipball/c94a94f120803a18554c1805ef2e539f8285f9a2", + "reference": "c94a94f120803a18554c1805ef2e539f8285f9a2", "shasum": "" }, "require": { @@ -719,7 +719,7 @@ "type": "library", "extra": { "branch-alias": { - "dev-master": "2.1-dev" + "dev-master": "2.2-dev" } }, "autoload": { @@ -781,7 +781,7 @@ ], "support": { "issues": "https://github.com/guzzle/psr7/issues", - "source": "https://github.com/guzzle/psr7/tree/2.1.0" + "source": "https://github.com/guzzle/psr7/tree/2.2.1" }, "funding": [ { @@ -797,7 +797,7 @@ "type": "tidelift" } ], - "time": "2021-10-06T17:43:30+00:00" + "time": "2022-03-20T21:55:58+00:00" }, { "name": "influxdb/influxdb-php", @@ -6580,5 +6580,5 @@ "platform-overrides": { "php": "8.0" }, - "plugin-api-version": "2.1.0" + "plugin-api-version": "2.2.0" } diff --git a/src/Appwrite/Extend/Exception.php b/src/Appwrite/Extend/Exception.php index 4f396990fd..a5858d662b 100644 --- a/src/Appwrite/Extend/Exception.php +++ b/src/Appwrite/Extend/Exception.php @@ -46,6 +46,7 @@ class Exception extends \Exception const GENERAL_ROUTE_NOT_FOUND = 'general_route_not_found'; const GENERAL_CURSOR_NOT_FOUND = 'general_cursor_not_found'; const GENERAL_SERVER_ERROR = 'general_server_error'; + const GENERAL_FORCED_HTTPS_IGNORED = 'general_forced_https_ignored'; /** Users */ const USER_COUNT_EXCEEDED = 'user_count_exceeded'; From 41107098745260b62a3d6229a5ce5b5c0ff0575f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Matej=20Ba=C4=8Do?= Date: Tue, 5 Apr 2022 16:57:22 +0000 Subject: [PATCH 2/7] PR review changes --- app/config/errors.php | 6 +++--- app/controllers/general.php | 2 +- src/Appwrite/Extend/Exception.php | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/app/config/errors.php b/app/config/errors.php index ca305ed0b5..6ebc311798 100644 --- a/app/config/errors.php +++ b/app/config/errors.php @@ -78,9 +78,9 @@ return [ 'description' => 'An internal server error occurred.', 'code' => 500, ], - Exception::GENERAL_FORCED_HTTPS_IGNORED => [ - 'name' => Exception::GENERAL_FORCED_HTTPS_IGNORED, - 'description' => 'Appwrite instance forces secure communication. Switch to HTTPS protocol in your endpoint.', + Exception::GENERAL_METHOD_UNSUPPORTED => [ + 'name' => Exception::GENERAL_METHOD_UNSUPPORTED, + 'description' => 'The HTTP method is unsupported by the current protocol or resource.', 'code' => 500, ], diff --git a/app/controllers/general.php b/app/controllers/general.php index 4cf77bb4bb..30e2d4cd96 100644 --- a/app/controllers/general.php +++ b/app/controllers/general.php @@ -174,7 +174,7 @@ App::init(function ($utopia, $request, $response, $console, $project, $dbForCons if (App::getEnv('_APP_OPTIONS_FORCE_HTTPS', 'disabled') === 'enabled') { // Force HTTPS if ($request->getProtocol() !== 'https') { if($request->getMethod() !== Request::METHOD_GET) { - throw new Exception('HTTPS communication required.', 500, Exception::GENERAL_FORCED_HTTPS_IGNORED); + throw new Exception('Method unsupported over HTTP.', 405, Exception::GENERAL_METHOD_UNSUPPORTED); } return $response->redirect('https://'.$request->getHostname().$request->getURI()); diff --git a/src/Appwrite/Extend/Exception.php b/src/Appwrite/Extend/Exception.php index a5858d662b..04b44b57b2 100644 --- a/src/Appwrite/Extend/Exception.php +++ b/src/Appwrite/Extend/Exception.php @@ -46,7 +46,7 @@ class Exception extends \Exception const GENERAL_ROUTE_NOT_FOUND = 'general_route_not_found'; const GENERAL_CURSOR_NOT_FOUND = 'general_cursor_not_found'; const GENERAL_SERVER_ERROR = 'general_server_error'; - const GENERAL_FORCED_HTTPS_IGNORED = 'general_forced_https_ignored'; + const GENERAL_METHOD_UNSUPPORTED = 'general_method_unsupported'; /** Users */ const USER_COUNT_EXCEEDED = 'user_count_exceeded'; From 6141080449d0c65321ed0c99887041edb8d6d670 Mon Sep 17 00:00:00 2001 From: Matej Baco Date: Wed, 20 Apr 2022 10:10:39 +0200 Subject: [PATCH 3/7] Fix code in exception --- app/config/errors.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/config/errors.php b/app/config/errors.php index 6ebc311798..9c1da2c540 100644 --- a/app/config/errors.php +++ b/app/config/errors.php @@ -81,7 +81,7 @@ return [ Exception::GENERAL_METHOD_UNSUPPORTED => [ 'name' => Exception::GENERAL_METHOD_UNSUPPORTED, 'description' => 'The HTTP method is unsupported by the current protocol or resource.', - 'code' => 500, + 'code' => 405, ], /** User Errors */ From 5e54339673931e0f6fe50bae9f22218689e4ecde Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Matej=20Ba=C4=8Do?= Date: Wed, 20 Apr 2022 08:53:29 +0000 Subject: [PATCH 4/7] Update lockfile after merge --- composer.lock | 34 +++++++++++++--------------------- 1 file changed, 13 insertions(+), 21 deletions(-) diff --git a/composer.lock b/composer.lock index e908e573c5..3084527702 100644 --- a/composer.lock +++ b/composer.lock @@ -2250,16 +2250,16 @@ }, { "name": "utopia-php/framework", - "version": "0.19.8", + "version": "0.19.9", "source": { "type": "git", "url": "https://github.com/utopia-php/framework.git", - "reference": "8c3b3e330546fd6cd65bd1f8d8d08882ff3abb7d" + "reference": "4af9fc866edce1b8cff94731fb26c27599118e87" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/utopia-php/framework/zipball/8c3b3e330546fd6cd65bd1f8d8d08882ff3abb7d", - "reference": "8c3b3e330546fd6cd65bd1f8d8d08882ff3abb7d", + "url": "https://api.github.com/repos/utopia-php/framework/zipball/4af9fc866edce1b8cff94731fb26c27599118e87", + "reference": "4af9fc866edce1b8cff94731fb26c27599118e87", "shasum": "" }, "require": { @@ -2293,9 +2293,9 @@ ], "support": { "issues": "https://github.com/utopia-php/framework/issues", - "source": "https://github.com/utopia-php/framework/tree/0.19.8" + "source": "https://github.com/utopia-php/framework/tree/0.19.9" }, - "time": "2022-04-12T00:28:15+00:00" + "time": "2022-04-14T15:39:47+00:00" }, { "name": "utopia-php/image", @@ -3551,16 +3551,16 @@ }, { "name": "matthiasmullie/minify", - "version": "1.3.66", + "version": "1.3.67", "source": { "type": "git", "url": "https://github.com/matthiasmullie/minify.git", - "reference": "45fd3b0f1dfa2c965857c6d4a470bea52adc31a6" + "reference": "acaee1b7ca3cd67a39d7f98673cacd7e4739a8d9" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/matthiasmullie/minify/zipball/45fd3b0f1dfa2c965857c6d4a470bea52adc31a6", - "reference": "45fd3b0f1dfa2c965857c6d4a470bea52adc31a6", + "url": "https://api.github.com/repos/matthiasmullie/minify/zipball/acaee1b7ca3cd67a39d7f98673cacd7e4739a8d9", + "reference": "acaee1b7ca3cd67a39d7f98673cacd7e4739a8d9", "shasum": "" }, "require": { @@ -3609,23 +3609,15 @@ ], "support": { "issues": "https://github.com/matthiasmullie/minify/issues", - "source": "https://github.com/matthiasmullie/minify/tree/1.3.66" + "source": "https://github.com/matthiasmullie/minify/tree/1.3.67" }, "funding": [ { - "url": "https://github.com/[user1", - "type": "github" - }, - { - "url": "https://github.com/matthiasmullie] # Replace with up to 4 GitHub Sponsors-enabled usernames e.g.", - "type": "github" - }, - { - "url": "https://github.com/user2", + "url": "https://github.com/matthiasmullie", "type": "github" } ], - "time": "2021-01-06T15:18:10+00:00" + "time": "2022-03-24T08:54:59+00:00" }, { "name": "matthiasmullie/path-converter", From 4c82810d619a79a7cb2425eae511f57348ea1d8b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Matej=20Ba=C4=8Do?= Date: Mon, 25 Apr 2022 09:12:43 +0000 Subject: [PATCH 5/7] PR review changes --- app/config/errors.php | 8 ++++---- app/controllers/general.php | 2 +- src/Appwrite/Extend/Exception.php | 2 +- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/app/config/errors.php b/app/config/errors.php index 9c1da2c540..8dadcf079c 100644 --- a/app/config/errors.php +++ b/app/config/errors.php @@ -78,10 +78,10 @@ return [ 'description' => 'An internal server error occurred.', 'code' => 500, ], - Exception::GENERAL_METHOD_UNSUPPORTED => [ - 'name' => Exception::GENERAL_METHOD_UNSUPPORTED, - 'description' => 'The HTTP method is unsupported by the current protocol or resource.', - 'code' => 405, + Exception::GENERAL_PROTOCOL_UNSUPPORTED => [ + 'name' => Exception::GENERAL_PROTOCOL_UNSUPPORTED, + 'description' => 'The request cannot be fulfilled with the current protocol. Please check the value of the _APP_OPTIONS_FORCE_HTTPS environment variable.', + 'code' => 500, ], /** User Errors */ diff --git a/app/controllers/general.php b/app/controllers/general.php index 443d32140b..4cb2d9232e 100644 --- a/app/controllers/general.php +++ b/app/controllers/general.php @@ -174,7 +174,7 @@ App::init(function ($utopia, $request, $response, $console, $project, $dbForCons if (App::getEnv('_APP_OPTIONS_FORCE_HTTPS', 'disabled') === 'enabled') { // Force HTTPS if ($request->getProtocol() !== 'https') { if($request->getMethod() !== Request::METHOD_GET) { - throw new Exception('Method unsupported over HTTP.', 405, Exception::GENERAL_METHOD_UNSUPPORTED); + throw new Exception('Method unsupported over HTTP.', 500, Exception::GENERAL_PROTOCOL_UNSUPPORTED); } return $response->redirect('https://'.$request->getHostname().$request->getURI()); diff --git a/src/Appwrite/Extend/Exception.php b/src/Appwrite/Extend/Exception.php index 04b44b57b2..ee5d6ab729 100644 --- a/src/Appwrite/Extend/Exception.php +++ b/src/Appwrite/Extend/Exception.php @@ -46,7 +46,7 @@ class Exception extends \Exception const GENERAL_ROUTE_NOT_FOUND = 'general_route_not_found'; const GENERAL_CURSOR_NOT_FOUND = 'general_cursor_not_found'; const GENERAL_SERVER_ERROR = 'general_server_error'; - const GENERAL_METHOD_UNSUPPORTED = 'general_method_unsupported'; + const GENERAL_PROTOCOL_UNSUPPORTED = 'general_protocol_unsupported'; /** Users */ const USER_COUNT_EXCEEDED = 'user_count_exceeded'; From 66d68a786b2bd4bda849d5a4fafbfc26e512ac09 Mon Sep 17 00:00:00 2001 From: Christy Jacob Date: Tue, 26 Apr 2022 12:22:01 +0300 Subject: [PATCH 6/7] Update src/Appwrite/Extend/Exception.php --- src/Appwrite/Extend/Exception.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Appwrite/Extend/Exception.php b/src/Appwrite/Extend/Exception.php index ee5d6ab729..cf508d1198 100644 --- a/src/Appwrite/Extend/Exception.php +++ b/src/Appwrite/Extend/Exception.php @@ -46,7 +46,7 @@ class Exception extends \Exception const GENERAL_ROUTE_NOT_FOUND = 'general_route_not_found'; const GENERAL_CURSOR_NOT_FOUND = 'general_cursor_not_found'; const GENERAL_SERVER_ERROR = 'general_server_error'; - const GENERAL_PROTOCOL_UNSUPPORTED = 'general_protocol_unsupported'; + const GENERAL_PROTOCOL_UNSUPPORTED = 'general_protocol_unsupported'; /** Users */ const USER_COUNT_EXCEEDED = 'user_count_exceeded'; From 1e0fe177a8d859a5490674927af0a41742b9dfd0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Matej=20Ba=C4=8Do?= Date: Tue, 26 Apr 2022 10:00:20 +0000 Subject: [PATCH 7/7] Post-merge fix --- composer.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/composer.lock b/composer.lock index 6d052aed1c..ea07e51fea 100644 --- a/composer.lock +++ b/composer.lock @@ -6576,5 +6576,5 @@ "platform-overrides": { "php": "8.0" }, - "plugin-api-version": "2.1.0" + "plugin-api-version": "2.3.0" }