diff --git a/app/cli.php b/app/cli.php index 08726c2d4d..d30e870c30 100644 --- a/app/cli.php +++ b/app/cli.php @@ -59,6 +59,7 @@ CLI::setResource('pools', function (Registry $register) { CLI::setResource('authorization', function () { $authorization = new Authorization(); + $authorization->disable(); return $authorization; }, []); @@ -133,13 +134,11 @@ CLI::setResource('getProjectDB', function (Group $pools, Database $dbForPlatform if (\in_array($dsn->getHost(), $sharedTables)) { $database - ->setAuthorization($authorization) ->setSharedTables(true) ->setTenant((int)$project->getSequence()) ->setNamespace($dsn->getParam('namespace')); } else { $database - ->setAuthorization($authorization) ->setSharedTables(false) ->setTenant(null) ->setNamespace('_' . $project->getSequence()); @@ -150,18 +149,17 @@ CLI::setResource('getProjectDB', function (Group $pools, Database $dbForPlatform $adapter = new DatabasePool($pools->get($dsn->getHost())); $database = new Database($adapter, $cache); + $database->setAuthorization($authorization); $databases[$dsn->getHost()] = $database; $sharedTables = \explode(',', System::getEnv('_APP_DATABASE_SHARED_TABLES', '')); if (\in_array($dsn->getHost(), $sharedTables)) { $database - ->setAuthorization($authorization) ->setSharedTables(true) ->setTenant((int)$project->getSequence()) ->setNamespace($dsn->getParam('namespace')); } else { $database - ->setAuthorization($authorization) ->setSharedTables(false) ->setTenant(null) ->setNamespace('_' . $project->getSequence()); @@ -186,9 +184,9 @@ CLI::setResource('getLogsDB', function (Group $pools, Cache $cache, Authorizatio $adapter = new DatabasePool($pools->get('logs')); $database = new Database($adapter, $cache); - + $database->setAuthorization($authorization); + $database - ->setAuthorization($authorization) ->setSharedTables(true) ->setNamespace('logsV1') ->setTimeout(APP_DATABASE_TIMEOUT_MILLISECONDS_TASK) diff --git a/app/controllers/general.php b/app/controllers/general.php index b6452abd7f..332f0c1d15 100644 --- a/app/controllers/general.php +++ b/app/controllers/general.php @@ -1175,7 +1175,7 @@ App::error() ->inject('queueForStatsUsage') ->inject('devKey') ->inject('authorization') - ->action(function (Throwable $error, App $utopia, Request $request, Response $response, Document $project, ?Logger $logger, Log $log, StatsUsage $queueForStatsUsage, Authorization $authorization) { + ->action(function (Throwable $error, App $utopia, Request $request, Response $response, Document $project, ?Logger $logger, Log $log, StatsUsage $queueForStatsUsage, Document $devKey, Authorization $authorization) { $version = System::getEnv('_APP_VERSION', 'UNKNOWN'); $route = $utopia->getRoute(); $class = \get_class($error); diff --git a/app/init/resources.php b/app/init/resources.php index 2d5d8059a6..e85b18d80a 100644 --- a/app/init/resources.php +++ b/app/init/resources.php @@ -424,9 +424,10 @@ App::setResource('dbForProject', function (Group $pools, Database $dbForPlatform }, ['pools', 'dbForPlatform', 'cache', 'project', 'authorization']); App::setResource('dbForPlatform', function (Group $pools, Cache $cache, Authorization $authorization) { + $adapter = new DatabasePool($pools->get('console')); $database = new Database($adapter, $cache); - + $database ->setAuthorization($authorization) ->setNamespace('_console') @@ -484,6 +485,7 @@ App::setResource('getProjectDB', function (Group $pools, Database $dbForPlatform $adapter = new DatabasePool($pools->get($dsn->getHost())); $database = new Database($adapter, $cache); + $database->setAuthorization($authorization); $databases[$dsn->getHost()] = $database; $configure($database); diff --git a/app/worker.php b/app/worker.php index c5dcb14a1e..211b4ebfa6 100644 --- a/app/worker.php +++ b/app/worker.php @@ -51,6 +51,7 @@ Server::setResource('register', fn () => $register); Server::setResource('authorization', function () { $authorization = new Authorization(); + $authorization->disable(); return $authorization; }, []); @@ -58,8 +59,9 @@ Server::setResource('dbForPlatform', function (Cache $cache, Registry $register, $pools = $register->get('pools'); $adapter = new DatabasePool($pools->get('console')); $dbForPlatform = new Database($adapter, $cache); - $dbForPlatform->setNamespace('_console'); $dbForPlatform->setAuthorization($authorization); + $dbForPlatform->setNamespace('_console'); + return $dbForPlatform; }, ['cache', 'register', 'authorization']); @@ -91,18 +93,16 @@ Server::setResource('dbForProject', function (Cache $cache, Registry $register, $adapter = new DatabasePool($pools->get($dsn->getHost())); $database = new Database($adapter, $cache); - + $database->setAuthorization($authorization); $sharedTables = \explode(',', System::getEnv('_APP_DATABASE_SHARED_TABLES', '')); if (\in_array($dsn->getHost(), $sharedTables)) { $database - ->setAuthorization($authorization) ->setSharedTables(true) ->setTenant((int)$project->getSequence()) ->setNamespace($dsn->getParam('namespace')); } else { $database - ->setAuthorization($authorization) ->setSharedTables(false) ->setTenant(null) ->setNamespace('_' . $project->getSequence()); @@ -130,18 +130,16 @@ Server::setResource('getProjectDB', function (Group $pools, Database $dbForPlatf if (isset($databases[$dsn->getHost()])) { $database = $databases[$dsn->getHost()]; - + $database->setAuthorization($authorization); $sharedTables = \explode(',', System::getEnv('_APP_DATABASE_SHARED_TABLES', '')); if (\in_array($dsn->getHost(), $sharedTables)) { $database - ->setAuthorization($authorization) ->setSharedTables(true) ->setTenant((int)$project->getSequence()) ->setNamespace($dsn->getParam('namespace')); } else { $database - ->setAuthorization($authorization) ->setSharedTables(false) ->setTenant(null) ->setNamespace('_' . $project->getSequence()); @@ -151,7 +149,9 @@ Server::setResource('getProjectDB', function (Group $pools, Database $dbForPlatf } $adapter = new DatabasePool($pools->get($dsn->getHost())); + $adapter->setAuthorization($authorization); $database = new Database($adapter, $cache); + $database->setAuthorization($authorization); $databases[$dsn->getHost()] = $database; @@ -159,13 +159,11 @@ Server::setResource('getProjectDB', function (Group $pools, Database $dbForPlatf if (\in_array($dsn->getHost(), $sharedTables)) { $database - ->setAuthorization($authorization) ->setSharedTables(true) ->setTenant((int)$project->getSequence()) ->setNamespace($dsn->getParam('namespace')); } else { $database - ->setAuthorization($authorization) ->setSharedTables(false) ->setTenant(null) ->setNamespace('_' . $project->getSequence()); diff --git a/composer.json b/composer.json index f030d0aabf..5225e67d52 100644 --- a/composer.json +++ b/composer.json @@ -48,7 +48,7 @@ "appwrite/php-clamav": "2.0.*", "utopia-php/abuse": "1.*", "utopia-php/analytics": "0.10.*", - "utopia-php/audit": "1.*", + "utopia-php/audit": "dev-feat-auth-single-instance as 1.1.0", "utopia-php/cache": "0.13.*", "utopia-php/cli": "0.15.*", "utopia-php/config": "0.2.*", diff --git a/composer.lock b/composer.lock index ced7e9d96c..5785529265 100644 --- a/composer.lock +++ b/composer.lock @@ -4,7 +4,7 @@ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", "This file is @generated automatically" ], - "content-hash": "a2f032a3d278c7f493ea4d87d6908258", + "content-hash": "d7f36b787ff2fe013d9b866c3823f6d4", "packages": [ { "name": "adhocore/jwt", @@ -3547,21 +3547,21 @@ }, { "name": "utopia-php/audit", - "version": "1.0.2", + "version": "dev-feat-auth-single-instance", "source": { "type": "git", "url": "https://github.com/utopia-php/audit.git", - "reference": "8c17065c2473d4ca799f65585ca74eb53e1be211" + "reference": "b74a6f8213b444e0af6ce0714ec85ea2859b3508" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/utopia-php/audit/zipball/8c17065c2473d4ca799f65585ca74eb53e1be211", - "reference": "8c17065c2473d4ca799f65585ca74eb53e1be211", + "url": "https://api.github.com/repos/utopia-php/audit/zipball/b74a6f8213b444e0af6ce0714ec85ea2859b3508", + "reference": "b74a6f8213b444e0af6ce0714ec85ea2859b3508", "shasum": "" }, "require": { "php": ">=8.0", - "utopia-php/database": "*" + "utopia-php/database": "dev-feat-authorization-instance as 3.0.2" }, "require-dev": { "laravel/pint": "1.*", @@ -3588,9 +3588,9 @@ ], "support": { "issues": "https://github.com/utopia-php/audit/issues", - "source": "https://github.com/utopia-php/audit/tree/1.0.2" + "source": "https://github.com/utopia-php/audit/tree/feat-auth-single-instance" }, - "time": "2025-10-20T07:14:26+00:00" + "time": "2025-10-27T13:39:14+00:00" }, { "name": "utopia-php/cache", @@ -8831,6 +8831,12 @@ } ], "aliases": [ + { + "package": "utopia-php/audit", + "version": "dev-feat-auth-single-instance", + "alias": "1.1.0", + "alias_normalized": "1.1.0.0" + }, { "package": "utopia-php/database", "version": "dev-feat-authorization-instance", @@ -8840,6 +8846,7 @@ ], "minimum-stability": "stable", "stability-flags": { + "utopia-php/audit": 20, "utopia-php/database": 20 }, "prefer-stable": false, diff --git a/docker-compose.yml b/docker-compose.yml index b72f12a116..38685354c1 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -89,6 +89,7 @@ services: - ./public:/usr/src/code/public - ./src:/usr/src/code/src - ./dev:/usr/src/code/dev + - ./vendor/utopia-php/database/src:/usr/src/code/vendor/utopia-php/database/src depends_on: - mariadb - redis diff --git a/src/Appwrite/Platform/Modules/Databases/Http/Databases/Collections/Documents/Create.php b/src/Appwrite/Platform/Modules/Databases/Http/Databases/Collections/Documents/Create.php index 5a5e3f223b..bc23a0e130 100644 --- a/src/Appwrite/Platform/Modules/Databases/Http/Databases/Collections/Documents/Create.php +++ b/src/Appwrite/Platform/Modules/Databases/Http/Databases/Collections/Documents/Create.php @@ -203,7 +203,7 @@ class Create extends Action throw new Exception(Exception::GENERAL_BAD_REQUEST, 'Bulk create is not supported for ' . $this->getSDKNamespace() .' with relationship ' . $this->getStructureContext()); } - $setPermissions = function (Document $document, ?array $permissions) use ($user, $isAPIKey, $isPrivilegedUser, $isBulk) { + $setPermissions = function (Document $document, ?array $permissions) use ($user, $isAPIKey, $isPrivilegedUser, $isBulk, $dbForProject) { $allowedPermissions = [ Database::PERMISSION_READ, Database::PERMISSION_UPDATE, diff --git a/src/Appwrite/Platform/Modules/Databases/Http/Databases/Transactions/Operations/Create.php b/src/Appwrite/Platform/Modules/Databases/Http/Databases/Transactions/Operations/Create.php index aa3926817e..bea26a2983 100644 --- a/src/Appwrite/Platform/Modules/Databases/Http/Databases/Transactions/Operations/Create.php +++ b/src/Appwrite/Platform/Modules/Databases/Http/Databases/Transactions/Operations/Create.php @@ -172,9 +172,12 @@ class Create extends Action $documentValid = false; if ($document !== null && !$document->isEmpty() && $documentSecurity) { if ($permissionType === Database::PERMISSION_UPDATE) { - $documentValid = $validator->isValid($document->getUpdate()); + $documentValid = $dbForProject->getAuthorization()->isValid( + new input(Database::PERMISSION_UPDATE, $document->getUpdate())); } elseif ($permissionType === Database::PERMISSION_DELETE) { - $documentValid = $validator->isValid($document->getDelete()); + $documentValid = $dbForProject->getAuthorization()->isValid( + new input(Database::PERMISSION_DELETE, $document->getDelete()) + ); } } diff --git a/src/Appwrite/Platform/Modules/Functions/Http/Executions/Create.php b/src/Appwrite/Platform/Modules/Functions/Http/Executions/Create.php index a05dfbd2a4..572736f975 100644 --- a/src/Appwrite/Platform/Modules/Functions/Http/Executions/Create.php +++ b/src/Appwrite/Platform/Modules/Functions/Http/Executions/Create.php @@ -155,7 +155,7 @@ class Create extends Base $function = $dbForProject->getAuthorization()->skip(fn () => $dbForProject->getDocument('functions', $functionId)); $isAPIKey = Auth::isAppUser($dbForProject->getAuthorization()->getRoles()); - $isPrivilegedUser = Auth::isPrivilegedUser($dbForProject->getAuthorization()->getRole); + $isPrivilegedUser = Auth::isPrivilegedUser($dbForProject->getAuthorization()->getRoles()); if ($function->isEmpty() || (!$function->getAttribute('enabled') && !$isAPIKey && !$isPrivilegedUser)) { throw new Exception(Exception::FUNCTION_NOT_FOUND);