From 9b2fbc5c52476f453fd62ba977254dacb1b9dcb4 Mon Sep 17 00:00:00 2001 From: Torsten Dittmann Date: Fri, 29 Dec 2023 21:52:50 +0100 Subject: [PATCH 1/5] feat: console hostname env variable --- .env | 3 ++- app/config/variables.php | 17 +++++++++-------- app/init.php | 12 ++++++++++++ 3 files changed, 23 insertions(+), 9 deletions(-) diff --git a/.env b/.env index ad551e705a..81145b563d 100644 --- a/.env +++ b/.env @@ -4,12 +4,13 @@ _APP_WORKER_PER_CORE=6 _APP_CONSOLE_WHITELIST_ROOT=disabled _APP_CONSOLE_WHITELIST_EMAILS= _APP_CONSOLE_WHITELIST_IPS= +_APP_CONSOLE_HOSTNAMES= _APP_SYSTEM_EMAIL_NAME=Appwrite _APP_SYSTEM_EMAIL_ADDRESS=team@appwrite.io _APP_SYSTEM_SECURITY_EMAIL_ADDRESS=security@appwrite.io _APP_SYSTEM_RESPONSE_FORMAT= _APP_OPTIONS_ABUSE=disabled -_APP_OPTIONS_ROUTER_PROTECTION=disbled +_APP_OPTIONS_ROUTER_PROTECTION=disabled _APP_OPTIONS_FORCE_HTTPS=disabled _APP_OPTIONS_FUNCTIONS_FORCE_HTTPS=disabled _APP_OPENSSL_KEY_V1=your-secret-key diff --git a/app/config/variables.php b/app/config/variables.php index 9d555bf013..a88145601d 100644 --- a/app/config/variables.php +++ b/app/config/variables.php @@ -115,14 +115,6 @@ return [ 'question' => '', 'filter' => '' ], - // [ - // 'name' => '_APP_CONSOLE_WHITELIST_DOMAINS', - // 'description' => 'This option allows you to limit creation of users to Appwrite console for users sharing the same email domains. This option is very useful for team working with company emails domain.\n\nTo enable this option, pass a list of allowed email domains separated by a comma.', - // 'introduction' => '', - // 'default' => '', - // 'required' => false, - // 'question' => '', - // ], [ 'name' => '_APP_CONSOLE_WHITELIST_IPS', 'description' => "This last option allows you to limit creation of users in Appwrite console for users sharing the same set of IP addresses. This option is very useful for team working with a VPN service or a company IP.\n\nTo enable/activate this option, pass a list of allowed IP addresses separated by a comma.", @@ -132,6 +124,15 @@ return [ 'question' => '', 'filter' => '' ], + [ + 'name' => '_APP_CONSOLE_HOSTNAMES', + 'description' => 'This option allows you to add additional hostnames to your Appwrite console. This option is very useful for allowing access to the console project from additional domains. To enable it, pass a list of allowed hostnames separated by a comma.', + 'introduction' => '', + 'default' => '', + 'required' => false, + 'question' => '', + 'filter' => '' + ], [ 'name' => '_APP_SYSTEM_EMAIL_NAME', 'description' => 'This is the sender name value that will appear on email messages sent to developers from the Appwrite console. The default value is: \'Appwrite\'. You can use url encoded strings for spaces and special chars.', diff --git a/app/init.php b/app/init.php index 72bf75d41b..ccd7b96573 100644 --- a/app/init.php +++ b/app/init.php @@ -946,6 +946,18 @@ App::setResource('clients', function ($request, $console, $project) { 'hostname' => $request->getHostname(), ], Document::SET_TYPE_APPEND); + $hostnames = explode(',', App::getEnv('_APP_CONSOLE_HOSTNAMES', '')); + if (is_array($hostnames)) { + foreach ($hostnames as $hostname) { + $console->setAttribute('platforms', [ + '$collection' => ID::custom('platforms'), + 'type' => Origin::CLIENT_TYPE_WEB, + 'name' => $hostname, + 'hostname' => $hostname, + ], Document::SET_TYPE_APPEND); + } + } + /** * Get All verified client URLs for both console and current projects * + Filter for duplicated entries From cc1272f80bb2e73c10d89b52e0142ba4c384b237 Mon Sep 17 00:00:00 2001 From: Torsten Dittmann Date: Fri, 29 Dec 2023 22:09:59 +0100 Subject: [PATCH 2/5] feat: add new env variable to compsoe files --- app/views/install/compose.phtml | 5 +++-- docker-compose.yml | 17 +++++++++-------- 2 files changed, 12 insertions(+), 10 deletions(-) diff --git a/app/views/install/compose.phtml b/app/views/install/compose.phtml index 898b46b3a5..2321dbf290 100644 --- a/app/views/install/compose.phtml +++ b/app/views/install/compose.phtml @@ -79,6 +79,7 @@ services: - _APP_CONSOLE_WHITELIST_ROOT - _APP_CONSOLE_WHITELIST_EMAILS - _APP_CONSOLE_WHITELIST_IPS + - _APP_CONSOLE_HOSTNAMES - _APP_SYSTEM_EMAIL_NAME - _APP_SYSTEM_EMAIL_ADDRESS - _APP_SYSTEM_SECURITY_EMAIL_ADDRESS @@ -273,7 +274,7 @@ services: depends_on: - redis - mariadb - volumes: + volumes: - appwrite-uploads:/storage/uploads:rw - appwrite-cache:/storage/cache:rw - appwrite-functions:/storage/functions:rw @@ -420,7 +421,7 @@ services: depends_on: - redis - mariadb - volumes: + volumes: - appwrite-config:/storage/config:rw - appwrite-certificates:/storage/certificates:rw environment: diff --git a/docker-compose.yml b/docker-compose.yml index 97cf7e5136..fcec1b7732 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -53,7 +53,7 @@ services: DEBUG: false TESTING: true VERSION: dev - ports: + ports: - 9501:80 networks: - appwrite @@ -88,7 +88,7 @@ services: - mariadb - redis # - clamav - entrypoint: + entrypoint: - php - -e - app/http.php @@ -100,6 +100,7 @@ services: - _APP_CONSOLE_WHITELIST_ROOT - _APP_CONSOLE_WHITELIST_EMAILS - _APP_CONSOLE_WHITELIST_IPS + - _APP_CONSOLE_HOSTNAMES - _APP_SYSTEM_EMAIL_NAME - _APP_SYSTEM_EMAIL_ADDRESS - _APP_SYSTEM_SECURITY_EMAIL_ADDRESS @@ -195,7 +196,7 @@ services: container_name: appwrite-realtime image: appwrite-dev restart: unless-stopped - ports: + ports: - 9505:80 labels: - "traefik.enable=true" @@ -303,7 +304,7 @@ services: depends_on: - redis - mariadb - volumes: + volumes: - appwrite-uploads:/storage/uploads:rw - appwrite-cache:/storage/cache:rw - appwrite-functions:/storage/functions:rw @@ -357,7 +358,7 @@ services: image: appwrite-dev networks: - appwrite - volumes: + volumes: - ./app:/usr/src/code/app - ./src:/usr/src/code/src depends_on: @@ -456,7 +457,7 @@ services: depends_on: - redis - mariadb - volumes: + volumes: - appwrite-config:/storage/config:rw - appwrite-certificates:/storage/certificates:rw - ./app:/usr/src/code/app @@ -744,7 +745,7 @@ services: - _APP_REDIS_USER - _APP_REDIS_PASS - _APP_MIXPANEL_TOKEN - + appwrite-hamster-scheduler: entrypoint: hamster <<: *x-logging @@ -995,7 +996,7 @@ services: # - './debug:/tmp' # ports: # - '3001:80' - + graphql-explorer: container_name: appwrite-graphql-explorer image: appwrite/altair:0.3.0 From 06e385b346e09d5fbe386070e0bbd60ab7ecf6b8 Mon Sep 17 00:00:00 2001 From: Steven Nguyen Date: Wed, 3 Jan 2024 19:12:21 +0000 Subject: [PATCH 3/5] Add changes from previous console platforms variable PR See https://github.com/appwrite/appwrite/pull/4581 --- .env | 2 +- app/config/variables.php | 2 +- tests/e2e/General/HTTPTest.php | 46 ++++++++++++++++++++++++++++++++++ 3 files changed, 48 insertions(+), 2 deletions(-) diff --git a/.env b/.env index 81145b563d..9df5864bd0 100644 --- a/.env +++ b/.env @@ -4,7 +4,7 @@ _APP_WORKER_PER_CORE=6 _APP_CONSOLE_WHITELIST_ROOT=disabled _APP_CONSOLE_WHITELIST_EMAILS= _APP_CONSOLE_WHITELIST_IPS= -_APP_CONSOLE_HOSTNAMES= +_APP_CONSOLE_HOSTNAMES=localhost,appwrite.io,*.appwrite.io _APP_SYSTEM_EMAIL_NAME=Appwrite _APP_SYSTEM_EMAIL_ADDRESS=team@appwrite.io _APP_SYSTEM_SECURITY_EMAIL_ADDRESS=security@appwrite.io diff --git a/app/config/variables.php b/app/config/variables.php index a88145601d..69eca57533 100644 --- a/app/config/variables.php +++ b/app/config/variables.php @@ -127,7 +127,7 @@ return [ [ 'name' => '_APP_CONSOLE_HOSTNAMES', 'description' => 'This option allows you to add additional hostnames to your Appwrite console. This option is very useful for allowing access to the console project from additional domains. To enable it, pass a list of allowed hostnames separated by a comma.', - 'introduction' => '', + 'introduction' => '1.5.0', 'default' => '', 'required' => false, 'question' => '', diff --git a/tests/e2e/General/HTTPTest.php b/tests/e2e/General/HTTPTest.php index f83f28c26d..bf8f6de279 100644 --- a/tests/e2e/General/HTTPTest.php +++ b/tests/e2e/General/HTTPTest.php @@ -171,4 +171,50 @@ class HTTPTest extends Scope $this->assertEquals(200, $response['headers']['status-code']); } + + public function testCors() + { + /** + * Test for SUCCESS + */ + + $endpoint = '/v1/projects'; // Can be any non-404 route + + $response = $this->client->call(Client::METHOD_GET, $endpoint); + + $this->assertEquals('http://localhost', $response['headers']['access-control-allow-origin']); + + $response = $this->client->call(Client::METHOD_GET, $endpoint, [ + 'origin' => 'http://localhost', + ]); + + $this->assertEquals('http://localhost', $response['headers']['access-control-allow-origin']); + + $response = $this->client->call(Client::METHOD_GET, $endpoint, [ + 'origin' => 'http://appwrite.io', + ]); + + $this->assertEquals('http://appwrite.io', $response['headers']['access-control-allow-origin']); + + $response = $this->client->call(Client::METHOD_GET, $endpoint, [ + 'origin' => 'https://appwrite.io', + ]); + + $this->assertEquals('https://appwrite.io', $response['headers']['access-control-allow-origin']); + + $response = $this->client->call(Client::METHOD_GET, $endpoint, [ + 'origin' => 'http://cloud.appwrite.io', + ]); + + $this->assertEquals('http://cloud.appwrite.io', $response['headers']['access-control-allow-origin']); + + /** + * Test for FAILURE + */ + $response = $this->client->call(Client::METHOD_GET, $endpoint, [ + 'origin' => 'http://google.com', + ]); + + $this->assertEquals('http://localhost', $response['headers']['access-control-allow-origin']); + } } From faf39fcc81b824e81d6fd68029721117f878f2ce Mon Sep 17 00:00:00 2001 From: Steven Nguyen Date: Wed, 3 Jan 2024 19:25:54 +0000 Subject: [PATCH 4/5] Fix _APP_CONSOLE_HOSTNAMES check Ensure invalid hostnames such as empty strings are not added as a hostname. --- app/init.php | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/app/init.php b/app/init.php index ccd7b96573..1bc362fdc2 100644 --- a/app/init.php +++ b/app/init.php @@ -80,6 +80,7 @@ use Utopia\Queue\Connection; use Utopia\Storage\Storage; use Utopia\VCS\Adapter\Git\GitHub as VcsGitHub; use Utopia\Validator\Range; +use Utopia\Validator\Hostname; use Utopia\Validator\IP; use Utopia\Validator\URL; use Utopia\Validator\WhiteList; @@ -947,15 +948,18 @@ App::setResource('clients', function ($request, $console, $project) { ], Document::SET_TYPE_APPEND); $hostnames = explode(',', App::getEnv('_APP_CONSOLE_HOSTNAMES', '')); - if (is_array($hostnames)) { - foreach ($hostnames as $hostname) { - $console->setAttribute('platforms', [ - '$collection' => ID::custom('platforms'), - 'type' => Origin::CLIENT_TYPE_WEB, - 'name' => $hostname, - 'hostname' => $hostname, - ], Document::SET_TYPE_APPEND); + $validator = new Hostname(); + foreach ($hostnames as $hostname) { + $hostname = trim($hostname); + if (!$validator->isValid($hostname)) { + continue; } + $console->setAttribute('platforms', [ + '$collection' => ID::custom('platforms'), + 'type' => Origin::CLIENT_TYPE_WEB, + 'name' => $hostname, + 'hostname' => $hostname, + ], Document::SET_TYPE_APPEND); } /** From 310d75b6be6e072d3bd63d62b2b3f6f671196232 Mon Sep 17 00:00:00 2001 From: loks0n <22452787+loks0n@users.noreply.github.com> Date: Wed, 10 Jan 2024 10:17:52 +0000 Subject: [PATCH 5/5] feat: update assistant --- app/views/install/compose.phtml | 2 +- docker-compose.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/app/views/install/compose.phtml b/app/views/install/compose.phtml index 898b46b3a5..9146d0cca4 100644 --- a/app/views/install/compose.phtml +++ b/app/views/install/compose.phtml @@ -652,7 +652,7 @@ services: - _APP_DB_PASS appwrite-assistant: - image: appwrite/assistant:0.2.2 + image: appwrite/assistant:0.3.0 container_name: appwrite-assistant <<: *x-logging restart: unless-stopped diff --git a/docker-compose.yml b/docker-compose.yml index 97cf7e5136..7fe63473d5 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -711,7 +711,7 @@ services: appwrite-assistant: container_name: appwrite-assistant - image: appwrite/assistant:0.2.2 + image: appwrite/assistant:0.3.0 networks: - appwrite environment: