mirror of
https://github.com/appwrite/appwrite
synced 2026-05-23 17:08:45 +00:00
Merge remote-tracking branch 'origin/refactor-auth-single-instance' into refactor-auth-single-instance
This commit is contained in:
shimon
commit
65e99ff0de
10 changed files with 39 additions and 30 deletions
10
app/cli.php
10
app/cli.php
|
|
@ -59,6 +59,7 @@ CLI::setResource('pools', function (Registry $register) {
|
|||
|
||||
CLI::setResource('authorization', function () {
|
||||
$authorization = new Authorization();
|
||||
$authorization->disable();
|
||||
return $authorization;
|
||||
}, []);
|
||||
|
||||
|
|
@ -133,13 +134,11 @@ CLI::setResource('getProjectDB', function (Group $pools, Database $dbForPlatform
|
|||
|
||||
if (\in_array($dsn->getHost(), $sharedTables)) {
|
||||
$database
|
||||
->setAuthorization($authorization)
|
||||
->setSharedTables(true)
|
||||
->setTenant((int)$project->getSequence())
|
||||
->setNamespace($dsn->getParam('namespace'));
|
||||
} else {
|
||||
$database
|
||||
->setAuthorization($authorization)
|
||||
->setSharedTables(false)
|
||||
->setTenant(null)
|
||||
->setNamespace('_' . $project->getSequence());
|
||||
|
|
@ -150,18 +149,17 @@ CLI::setResource('getProjectDB', function (Group $pools, Database $dbForPlatform
|
|||
|
||||
$adapter = new DatabasePool($pools->get($dsn->getHost()));
|
||||
$database = new Database($adapter, $cache);
|
||||
$database->setAuthorization($authorization);
|
||||
$databases[$dsn->getHost()] = $database;
|
||||
$sharedTables = \explode(',', System::getEnv('_APP_DATABASE_SHARED_TABLES', ''));
|
||||
|
||||
if (\in_array($dsn->getHost(), $sharedTables)) {
|
||||
$database
|
||||
->setAuthorization($authorization)
|
||||
->setSharedTables(true)
|
||||
->setTenant((int)$project->getSequence())
|
||||
->setNamespace($dsn->getParam('namespace'));
|
||||
} else {
|
||||
$database
|
||||
->setAuthorization($authorization)
|
||||
->setSharedTables(false)
|
||||
->setTenant(null)
|
||||
->setNamespace('_' . $project->getSequence());
|
||||
|
|
@ -186,9 +184,9 @@ CLI::setResource('getLogsDB', function (Group $pools, Cache $cache, Authorizatio
|
|||
|
||||
$adapter = new DatabasePool($pools->get('logs'));
|
||||
$database = new Database($adapter, $cache);
|
||||
|
||||
$database->setAuthorization($authorization);
|
||||
|
||||
$database
|
||||
->setAuthorization($authorization)
|
||||
->setSharedTables(true)
|
||||
->setNamespace('logsV1')
|
||||
->setTimeout(APP_DATABASE_TIMEOUT_MILLISECONDS_TASK)
|
||||
|
|
|
|||
|
|
@ -1175,7 +1175,7 @@ App::error()
|
|||
->inject('queueForStatsUsage')
|
||||
->inject('devKey')
|
||||
->inject('authorization')
|
||||
->action(function (Throwable $error, App $utopia, Request $request, Response $response, Document $project, ?Logger $logger, Log $log, StatsUsage $queueForStatsUsage, Authorization $authorization) {
|
||||
->action(function (Throwable $error, App $utopia, Request $request, Response $response, Document $project, ?Logger $logger, Log $log, StatsUsage $queueForStatsUsage, Document $devKey, Authorization $authorization) {
|
||||
$version = System::getEnv('_APP_VERSION', 'UNKNOWN');
|
||||
$route = $utopia->getRoute();
|
||||
$class = \get_class($error);
|
||||
|
|
|
|||
|
|
@ -424,9 +424,10 @@ App::setResource('dbForProject', function (Group $pools, Database $dbForPlatform
|
|||
}, ['pools', 'dbForPlatform', 'cache', 'project', 'authorization']);
|
||||
|
||||
App::setResource('dbForPlatform', function (Group $pools, Cache $cache, Authorization $authorization) {
|
||||
|
||||
$adapter = new DatabasePool($pools->get('console'));
|
||||
$database = new Database($adapter, $cache);
|
||||
|
||||
|
||||
$database
|
||||
->setAuthorization($authorization)
|
||||
->setNamespace('_console')
|
||||
|
|
@ -484,6 +485,7 @@ App::setResource('getProjectDB', function (Group $pools, Database $dbForPlatform
|
|||
|
||||
$adapter = new DatabasePool($pools->get($dsn->getHost()));
|
||||
$database = new Database($adapter, $cache);
|
||||
$database->setAuthorization($authorization);
|
||||
$databases[$dsn->getHost()] = $database;
|
||||
$configure($database);
|
||||
|
||||
|
|
|
|||
|
|
@ -51,6 +51,7 @@ Server::setResource('register', fn () => $register);
|
|||
|
||||
Server::setResource('authorization', function () {
|
||||
$authorization = new Authorization();
|
||||
$authorization->disable();
|
||||
return $authorization;
|
||||
}, []);
|
||||
|
||||
|
|
@ -58,8 +59,9 @@ Server::setResource('dbForPlatform', function (Cache $cache, Registry $register,
|
|||
$pools = $register->get('pools');
|
||||
$adapter = new DatabasePool($pools->get('console'));
|
||||
$dbForPlatform = new Database($adapter, $cache);
|
||||
$dbForPlatform->setNamespace('_console');
|
||||
$dbForPlatform->setAuthorization($authorization);
|
||||
$dbForPlatform->setNamespace('_console');
|
||||
|
||||
|
||||
return $dbForPlatform;
|
||||
}, ['cache', 'register', 'authorization']);
|
||||
|
|
@ -91,18 +93,16 @@ Server::setResource('dbForProject', function (Cache $cache, Registry $register,
|
|||
|
||||
$adapter = new DatabasePool($pools->get($dsn->getHost()));
|
||||
$database = new Database($adapter, $cache);
|
||||
|
||||
$database->setAuthorization($authorization);
|
||||
$sharedTables = \explode(',', System::getEnv('_APP_DATABASE_SHARED_TABLES', ''));
|
||||
|
||||
if (\in_array($dsn->getHost(), $sharedTables)) {
|
||||
$database
|
||||
->setAuthorization($authorization)
|
||||
->setSharedTables(true)
|
||||
->setTenant((int)$project->getSequence())
|
||||
->setNamespace($dsn->getParam('namespace'));
|
||||
} else {
|
||||
$database
|
||||
->setAuthorization($authorization)
|
||||
->setSharedTables(false)
|
||||
->setTenant(null)
|
||||
->setNamespace('_' . $project->getSequence());
|
||||
|
|
@ -130,18 +130,16 @@ Server::setResource('getProjectDB', function (Group $pools, Database $dbForPlatf
|
|||
|
||||
if (isset($databases[$dsn->getHost()])) {
|
||||
$database = $databases[$dsn->getHost()];
|
||||
|
||||
$database->setAuthorization($authorization);
|
||||
$sharedTables = \explode(',', System::getEnv('_APP_DATABASE_SHARED_TABLES', ''));
|
||||
|
||||
if (\in_array($dsn->getHost(), $sharedTables)) {
|
||||
$database
|
||||
->setAuthorization($authorization)
|
||||
->setSharedTables(true)
|
||||
->setTenant((int)$project->getSequence())
|
||||
->setNamespace($dsn->getParam('namespace'));
|
||||
} else {
|
||||
$database
|
||||
->setAuthorization($authorization)
|
||||
->setSharedTables(false)
|
||||
->setTenant(null)
|
||||
->setNamespace('_' . $project->getSequence());
|
||||
|
|
@ -151,7 +149,9 @@ Server::setResource('getProjectDB', function (Group $pools, Database $dbForPlatf
|
|||
}
|
||||
|
||||
$adapter = new DatabasePool($pools->get($dsn->getHost()));
|
||||
$adapter->setAuthorization($authorization);
|
||||
$database = new Database($adapter, $cache);
|
||||
$database->setAuthorization($authorization);
|
||||
|
||||
$databases[$dsn->getHost()] = $database;
|
||||
|
||||
|
|
@ -159,13 +159,11 @@ Server::setResource('getProjectDB', function (Group $pools, Database $dbForPlatf
|
|||
|
||||
if (\in_array($dsn->getHost(), $sharedTables)) {
|
||||
$database
|
||||
->setAuthorization($authorization)
|
||||
->setSharedTables(true)
|
||||
->setTenant((int)$project->getSequence())
|
||||
->setNamespace($dsn->getParam('namespace'));
|
||||
} else {
|
||||
$database
|
||||
->setAuthorization($authorization)
|
||||
->setSharedTables(false)
|
||||
->setTenant(null)
|
||||
->setNamespace('_' . $project->getSequence());
|
||||
|
|
|
|||
|
|
@ -48,7 +48,7 @@
|
|||
"appwrite/php-clamav": "2.0.*",
|
||||
"utopia-php/abuse": "1.*",
|
||||
"utopia-php/analytics": "0.10.*",
|
||||
"utopia-php/audit": "1.*",
|
||||
"utopia-php/audit": "dev-feat-auth-single-instance as 1.1.0",
|
||||
"utopia-php/cache": "0.13.*",
|
||||
"utopia-php/cli": "0.15.*",
|
||||
"utopia-php/config": "0.2.*",
|
||||
|
|
|
|||
23
composer.lock
generated
23
composer.lock
generated
|
|
@ -4,7 +4,7 @@
|
|||
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
|
||||
"This file is @generated automatically"
|
||||
],
|
||||
"content-hash": "a2f032a3d278c7f493ea4d87d6908258",
|
||||
"content-hash": "d7f36b787ff2fe013d9b866c3823f6d4",
|
||||
"packages": [
|
||||
{
|
||||
"name": "adhocore/jwt",
|
||||
|
|
@ -3547,21 +3547,21 @@
|
|||
},
|
||||
{
|
||||
"name": "utopia-php/audit",
|
||||
"version": "1.0.2",
|
||||
"version": "dev-feat-auth-single-instance",
|
||||
"source": {
|
||||
"type": "git",
|
||||
"url": "https://github.com/utopia-php/audit.git",
|
||||
"reference": "8c17065c2473d4ca799f65585ca74eb53e1be211"
|
||||
"reference": "b74a6f8213b444e0af6ce0714ec85ea2859b3508"
|
||||
},
|
||||
"dist": {
|
||||
"type": "zip",
|
||||
"url": "https://api.github.com/repos/utopia-php/audit/zipball/8c17065c2473d4ca799f65585ca74eb53e1be211",
|
||||
"reference": "8c17065c2473d4ca799f65585ca74eb53e1be211",
|
||||
"url": "https://api.github.com/repos/utopia-php/audit/zipball/b74a6f8213b444e0af6ce0714ec85ea2859b3508",
|
||||
"reference": "b74a6f8213b444e0af6ce0714ec85ea2859b3508",
|
||||
"shasum": ""
|
||||
},
|
||||
"require": {
|
||||
"php": ">=8.0",
|
||||
"utopia-php/database": "*"
|
||||
"utopia-php/database": "dev-feat-authorization-instance as 3.0.2"
|
||||
},
|
||||
"require-dev": {
|
||||
"laravel/pint": "1.*",
|
||||
|
|
@ -3588,9 +3588,9 @@
|
|||
],
|
||||
"support": {
|
||||
"issues": "https://github.com/utopia-php/audit/issues",
|
||||
"source": "https://github.com/utopia-php/audit/tree/1.0.2"
|
||||
"source": "https://github.com/utopia-php/audit/tree/feat-auth-single-instance"
|
||||
},
|
||||
"time": "2025-10-20T07:14:26+00:00"
|
||||
"time": "2025-10-27T13:39:14+00:00"
|
||||
},
|
||||
{
|
||||
"name": "utopia-php/cache",
|
||||
|
|
@ -8831,6 +8831,12 @@
|
|||
}
|
||||
],
|
||||
"aliases": [
|
||||
{
|
||||
"package": "utopia-php/audit",
|
||||
"version": "dev-feat-auth-single-instance",
|
||||
"alias": "1.1.0",
|
||||
"alias_normalized": "1.1.0.0"
|
||||
},
|
||||
{
|
||||
"package": "utopia-php/database",
|
||||
"version": "dev-feat-authorization-instance",
|
||||
|
|
@ -8840,6 +8846,7 @@
|
|||
],
|
||||
"minimum-stability": "stable",
|
||||
"stability-flags": {
|
||||
"utopia-php/audit": 20,
|
||||
"utopia-php/database": 20
|
||||
},
|
||||
"prefer-stable": false,
|
||||
|
|
|
|||
|
|
@ -89,6 +89,7 @@ services:
|
|||
- ./public:/usr/src/code/public
|
||||
- ./src:/usr/src/code/src
|
||||
- ./dev:/usr/src/code/dev
|
||||
- ./vendor/utopia-php/database/src:/usr/src/code/vendor/utopia-php/database/src
|
||||
depends_on:
|
||||
- mariadb
|
||||
- redis
|
||||
|
|
|
|||
|
|
@ -203,7 +203,7 @@ class Create extends Action
|
|||
throw new Exception(Exception::GENERAL_BAD_REQUEST, 'Bulk create is not supported for ' . $this->getSDKNamespace() .' with relationship ' . $this->getStructureContext());
|
||||
}
|
||||
|
||||
$setPermissions = function (Document $document, ?array $permissions) use ($user, $isAPIKey, $isPrivilegedUser, $isBulk) {
|
||||
$setPermissions = function (Document $document, ?array $permissions) use ($user, $isAPIKey, $isPrivilegedUser, $isBulk, $dbForProject) {
|
||||
$allowedPermissions = [
|
||||
Database::PERMISSION_READ,
|
||||
Database::PERMISSION_UPDATE,
|
||||
|
|
|
|||
|
|
@ -172,9 +172,12 @@ class Create extends Action
|
|||
$documentValid = false;
|
||||
if ($document !== null && !$document->isEmpty() && $documentSecurity) {
|
||||
if ($permissionType === Database::PERMISSION_UPDATE) {
|
||||
$documentValid = $validator->isValid($document->getUpdate());
|
||||
$documentValid = $dbForProject->getAuthorization()->isValid(
|
||||
new input(Database::PERMISSION_UPDATE, $document->getUpdate()));
|
||||
} elseif ($permissionType === Database::PERMISSION_DELETE) {
|
||||
$documentValid = $validator->isValid($document->getDelete());
|
||||
$documentValid = $dbForProject->getAuthorization()->isValid(
|
||||
new input(Database::PERMISSION_DELETE, $document->getDelete())
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -155,7 +155,7 @@ class Create extends Base
|
|||
$function = $dbForProject->getAuthorization()->skip(fn () => $dbForProject->getDocument('functions', $functionId));
|
||||
|
||||
$isAPIKey = Auth::isAppUser($dbForProject->getAuthorization()->getRoles());
|
||||
$isPrivilegedUser = Auth::isPrivilegedUser($dbForProject->getAuthorization()->getRole);
|
||||
$isPrivilegedUser = Auth::isPrivilegedUser($dbForProject->getAuthorization()->getRoles());
|
||||
|
||||
if ($function->isEmpty() || (!$function->getAttribute('enabled') && !$isAPIKey && !$isPrivilegedUser)) {
|
||||
throw new Exception(Exception::FUNCTION_NOT_FOUND);
|
||||
|
|
|
|||
Loading…
Reference in a new issue