Merge pull request #3034 from appwrite/feat-improved-ssl

Feat: Improved SSL generation
2026-05-23 08:58:35 +00:00 · 2022-04-26 14:07:47 +03:00 · 2022-04-26 14:07:47 +03:00 · 58b7203469
commit 58b7203469
parent 55901ad67c 337a120d7f
1 changed files with 33 additions and 21 deletions
--- a/app/controllers/general.php
+++ b/app/controllers/general.php
@ -12,6 +12,7 @@ use Appwrite\Extend\Exception;
 use Utopia\Config\Config;
 use Utopia\Domains\Domain;
 use Appwrite\Auth\Auth;
+use Appwrite\Event\Event;
 use Appwrite\Network\Validator\Origin;
 use Appwrite\Utopia\Response\Filters\V11 as ResponseV11;
 use Appwrite\Utopia\Response\Filters\V12 as ResponseV12;
@ -73,33 +74,44 @@ App::init(function ($utopia, $request, $response, $console, $project, $dbForCons
        } else {
            Authorization::disable();

-            $domainDocument = $dbForConsole->findOne('domains', [
-                new Query('domain', QUERY::TYPE_EQUAL, [$domain->get()])
-            ]);
+            $mainDomain = null;
+            if(!empty(App::getEnv('_APP_DOMAIN', ''))) {
+                $mainDomain = App::getEnv('_APP_DOMAIN', '');
+            } else {
+                $domainDocument = $dbForConsole->findOne('domains', [], 0, ['_id'], ['ASC']);
+                $mainDomain = $domainDocument ? $domainDocument->getAttribute('domain') : $domain->get();
+            }

-            if (!$domainDocument) {
-                $domainDocument = new Document([
-                    'domain' => $domain->get(),
-                    'tld' => $domain->getSuffix(),
-                    'registerable' => $domain->getRegisterable(),
-                    'verification' => false,
-                    'certificateId' => null,
+            if($mainDomain !== $domain->get()) {
+                Console::warning($domain->get() . ' is not a main domain. Skipping SSL certificate generation.');
+            } else {
+                $domainDocument = $dbForConsole->findOne('domains', [
+                    new Query('domain', QUERY::TYPE_EQUAL, [$domain->get()])
                ]);

-                $domainDocument = $dbForConsole->createDocument('domains', $domainDocument);
-
-                Console::info('Issuing a TLS certificate for the master domain (' . $domain->get() . ') in a few seconds...');
-
-                Resque::enqueue('v1-certificates', 'CertificatesV1', [
-                    'document' => $domainDocument,
-                    'domain' => $domain->get(),
-                    'validateTarget' => false,
-                    'validateCNAME' => false,
-                ]);
+                if (!$domainDocument) {
+                    $domainDocument = new Document([
+                        'domain' => $domain->get(),
+                        'tld' => $domain->getSuffix(),
+                        'registerable' => $domain->getRegisterable(),
+                        'verification' => false,
+                        'certificateId' => null,
+                    ]);
+    
+                    $domainDocument = $dbForConsole->createDocument('domains', $domainDocument);
+    
+                    Console::info('Issuing a TLS certificate for the main domain (' . $domain->get() . ') in a few seconds...');
+    
+                    Resque::enqueue(Event::CERTIFICATES_QUEUE_NAME, Event::CERTIFICATES_CLASS_NAME, [
+                        'document' => $domainDocument,
+                        'domain' => $domain->get(),
+                        'validateTarget' => false,
+                        'validateCNAME' => false,
+                    ]);
+                }
            }

            $domains[$domain->get()] = true;
-
            Authorization::reset(); // ensure authorization is re-enabled
        }
        Config::setParam('domains', $domains);