From 79f24098a49b447daca5670ea7edafcac5a585c8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Matej=20Ba=C4=8Do?= Date: Tue, 5 Apr 2022 16:46:11 +0000 Subject: [PATCH 1/3] Implemented query and order index checks --- app/controllers/api/database.php | 10 +++- composer.lock | 53 ++++++++++--------- .../Database/Validator/OrderAttributes.php | 25 +++++++++ .../Utopia/Database/Validator/Queries.php | 25 +++++++++ 4 files changed, 87 insertions(+), 26 deletions(-) create mode 100644 src/Appwrite/Utopia/Database/Validator/OrderAttributes.php create mode 100644 src/Appwrite/Utopia/Database/Validator/Queries.php diff --git a/app/controllers/api/database.php b/app/controllers/api/database.php index 1cf78b07e3..fa7fddfccd 100644 --- a/app/controllers/api/database.php +++ b/app/controllers/api/database.php @@ -19,7 +19,6 @@ use Utopia\Database\Validator\Authorization; use Utopia\Database\Validator\Key; use Utopia\Database\Validator\Permissions; use Utopia\Database\Validator\QueryValidator; -use Utopia\Database\Validator\Queries as QueriesValidator; use Utopia\Database\Validator\Structure; use Utopia\Database\Validator\UID; use Utopia\Database\Exception\Authorization as AuthorizationException; @@ -31,6 +30,8 @@ use Appwrite\Network\Validator\Email; use Appwrite\Network\Validator\IP; use Appwrite\Network\Validator\URL; use Appwrite\Utopia\Database\Validator\CustomId; +use Appwrite\Utopia\Database\Validator\Queries as QueriesValidator; +use Appwrite\Utopia\Database\Validator\OrderAttributes as OrderAttributesValudator; use Appwrite\Utopia\Response; use Appwrite\Detector\Detector; use Appwrite\Event\Event; @@ -1742,6 +1743,13 @@ App::get('/v1/database/collections/:collectionId/documents') } } + if(!empty($orderAttributes)) { + $validator = new OrderAttributesValudator($collection->getAttribute('attributes', []), $collection->getAttribute('indexes', []), true); + if (!$validator->isValid($orderAttributes)) { + throw new Exception($validator->getDescription(), 400, Exception::GENERAL_QUERY_INVALID); + } + } + $cursorDocument = null; if (!empty($cursor)) { $cursorDocument = $collection->getAttribute('permission') === 'collection' diff --git a/composer.lock b/composer.lock index 4a9b786b33..03d8f468d2 100644 --- a/composer.lock +++ b/composer.lock @@ -300,20 +300,23 @@ }, { "name": "colinmollenhour/credis", - "version": "v1.12.1", + "version": "v1.12.2", "source": { "type": "git", "url": "https://github.com/colinmollenhour/credis.git", - "reference": "c27faa11724229986335c23f4b6d0f1d8d6547fb" + "reference": "77e6ede2e01c4cfaade114fe1e07d2f9756949f1" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/colinmollenhour/credis/zipball/c27faa11724229986335c23f4b6d0f1d8d6547fb", - "reference": "c27faa11724229986335c23f4b6d0f1d8d6547fb", + "url": "https://api.github.com/repos/colinmollenhour/credis/zipball/77e6ede2e01c4cfaade114fe1e07d2f9756949f1", + "reference": "77e6ede2e01c4cfaade114fe1e07d2f9756949f1", "shasum": "" }, "require": { - "php": ">=5.4.0" + "php": ">=5.6.0" + }, + "suggest": { + "ext-redis": "Improved performance for communicating with redis" }, "type": "library", "autoload": { @@ -338,9 +341,9 @@ "homepage": "https://github.com/colinmollenhour/credis", "support": { "issues": "https://github.com/colinmollenhour/credis/issues", - "source": "https://github.com/colinmollenhour/credis/tree/v1.12.1" + "source": "https://github.com/colinmollenhour/credis/tree/v1.12.2" }, - "time": "2020-11-06T16:09:14+00:00" + "time": "2022-03-08T18:12:43+00:00" }, { "name": "composer/package-versions-deprecated", @@ -3491,16 +3494,16 @@ }, { "name": "felixfbecker/language-server-protocol", - "version": "1.5.1", + "version": "v1.5.2", "source": { "type": "git", "url": "https://github.com/felixfbecker/php-language-server-protocol.git", - "reference": "9d846d1f5cf101deee7a61c8ba7caa0a975cd730" + "reference": "6e82196ffd7c62f7794d778ca52b69feec9f2842" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/felixfbecker/php-language-server-protocol/zipball/9d846d1f5cf101deee7a61c8ba7caa0a975cd730", - "reference": "9d846d1f5cf101deee7a61c8ba7caa0a975cd730", + "url": "https://api.github.com/repos/felixfbecker/php-language-server-protocol/zipball/6e82196ffd7c62f7794d778ca52b69feec9f2842", + "reference": "6e82196ffd7c62f7794d778ca52b69feec9f2842", "shasum": "" }, "require": { @@ -3541,9 +3544,9 @@ ], "support": { "issues": "https://github.com/felixfbecker/php-language-server-protocol/issues", - "source": "https://github.com/felixfbecker/php-language-server-protocol/tree/1.5.1" + "source": "https://github.com/felixfbecker/php-language-server-protocol/tree/v1.5.2" }, - "time": "2021-02-22T14:02:09+00:00" + "time": "2022-03-02T22:36:06+00:00" }, { "name": "matthiasmullie/minify", @@ -4118,16 +4121,16 @@ }, { "name": "phpdocumentor/type-resolver", - "version": "1.6.0", + "version": "1.6.1", "source": { "type": "git", "url": "https://github.com/phpDocumentor/TypeResolver.git", - "reference": "93ebd0014cab80c4ea9f5e297ea48672f1b87706" + "reference": "77a32518733312af16a44300404e945338981de3" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/phpDocumentor/TypeResolver/zipball/93ebd0014cab80c4ea9f5e297ea48672f1b87706", - "reference": "93ebd0014cab80c4ea9f5e297ea48672f1b87706", + "url": "https://api.github.com/repos/phpDocumentor/TypeResolver/zipball/77a32518733312af16a44300404e945338981de3", + "reference": "77a32518733312af16a44300404e945338981de3", "shasum": "" }, "require": { @@ -4162,9 +4165,9 @@ "description": "A PSR-5 based resolver of Class names, Types and Structural Element Names", "support": { "issues": "https://github.com/phpDocumentor/TypeResolver/issues", - "source": "https://github.com/phpDocumentor/TypeResolver/tree/1.6.0" + "source": "https://github.com/phpDocumentor/TypeResolver/tree/1.6.1" }, - "time": "2022-01-04T19:58:01+00:00" + "time": "2022-03-15T21:29:03+00:00" }, { "name": "phpspec/prophecy", @@ -6324,16 +6327,16 @@ }, { "name": "twig/twig", - "version": "v3.3.8", + "version": "v3.3.9", "source": { "type": "git", "url": "https://github.com/twigphp/Twig.git", - "reference": "972d8604a92b7054828b539f2febb0211dd5945c" + "reference": "6ff9b0e440fa66f97f207e181c41340ddfa5683d" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/twigphp/Twig/zipball/972d8604a92b7054828b539f2febb0211dd5945c", - "reference": "972d8604a92b7054828b539f2febb0211dd5945c", + "url": "https://api.github.com/repos/twigphp/Twig/zipball/6ff9b0e440fa66f97f207e181c41340ddfa5683d", + "reference": "6ff9b0e440fa66f97f207e181c41340ddfa5683d", "shasum": "" }, "require": { @@ -6384,7 +6387,7 @@ ], "support": { "issues": "https://github.com/twigphp/Twig/issues", - "source": "https://github.com/twigphp/Twig/tree/v3.3.8" + "source": "https://github.com/twigphp/Twig/tree/v3.3.9" }, "funding": [ { @@ -6396,7 +6399,7 @@ "type": "tidelift" } ], - "time": "2022-02-04T06:59:48+00:00" + "time": "2022-03-25T09:37:52+00:00" }, { "name": "vimeo/psalm", diff --git a/src/Appwrite/Utopia/Database/Validator/OrderAttributes.php b/src/Appwrite/Utopia/Database/Validator/OrderAttributes.php new file mode 100644 index 0000000000..628615f006 --- /dev/null +++ b/src/Appwrite/Utopia/Database/Validator/OrderAttributes.php @@ -0,0 +1,25 @@ +getAttribute('status') === 'available'; + }); + + parent::__construct($attributes, $indexes, $strict); + } +} \ No newline at end of file diff --git a/src/Appwrite/Utopia/Database/Validator/Queries.php b/src/Appwrite/Utopia/Database/Validator/Queries.php new file mode 100644 index 0000000000..73bf04be40 --- /dev/null +++ b/src/Appwrite/Utopia/Database/Validator/Queries.php @@ -0,0 +1,25 @@ +getAttribute('status') === 'available'; + }); + + parent::__construct($attributes, $indexes, $strict); + } +} \ No newline at end of file From 46c27721858b5ffdd704ee166732e245777b65b0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Matej=20Ba=C4=8Do?= Date: Thu, 14 Apr 2022 09:05:31 +0000 Subject: [PATCH 2/3] Update lock file after merge --- composer.lock | 22 +++++++--------------- 1 file changed, 7 insertions(+), 15 deletions(-) diff --git a/composer.lock b/composer.lock index e908e573c5..81af655cbd 100644 --- a/composer.lock +++ b/composer.lock @@ -3551,16 +3551,16 @@ }, { "name": "matthiasmullie/minify", - "version": "1.3.66", + "version": "1.3.67", "source": { "type": "git", "url": "https://github.com/matthiasmullie/minify.git", - "reference": "45fd3b0f1dfa2c965857c6d4a470bea52adc31a6" + "reference": "acaee1b7ca3cd67a39d7f98673cacd7e4739a8d9" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/matthiasmullie/minify/zipball/45fd3b0f1dfa2c965857c6d4a470bea52adc31a6", - "reference": "45fd3b0f1dfa2c965857c6d4a470bea52adc31a6", + "url": "https://api.github.com/repos/matthiasmullie/minify/zipball/acaee1b7ca3cd67a39d7f98673cacd7e4739a8d9", + "reference": "acaee1b7ca3cd67a39d7f98673cacd7e4739a8d9", "shasum": "" }, "require": { @@ -3609,23 +3609,15 @@ ], "support": { "issues": "https://github.com/matthiasmullie/minify/issues", - "source": "https://github.com/matthiasmullie/minify/tree/1.3.66" + "source": "https://github.com/matthiasmullie/minify/tree/1.3.67" }, "funding": [ { - "url": "https://github.com/[user1", - "type": "github" - }, - { - "url": "https://github.com/matthiasmullie] # Replace with up to 4 GitHub Sponsors-enabled usernames e.g.", - "type": "github" - }, - { - "url": "https://github.com/user2", + "url": "https://github.com/matthiasmullie", "type": "github" } ], - "time": "2021-01-06T15:18:10+00:00" + "time": "2022-03-24T08:54:59+00:00" }, { "name": "matthiasmullie/path-converter", From 9abe1a41e9ed0bb94e14a5451c8f0259a356ec11 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Matej=20Ba=C4=8Do?= Date: Mon, 25 Apr 2022 09:00:31 +0000 Subject: [PATCH 3/3] Fix typo --- app/controllers/api/database.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/app/controllers/api/database.php b/app/controllers/api/database.php index fa7fddfccd..637e158a45 100644 --- a/app/controllers/api/database.php +++ b/app/controllers/api/database.php @@ -31,7 +31,7 @@ use Appwrite\Network\Validator\IP; use Appwrite\Network\Validator\URL; use Appwrite\Utopia\Database\Validator\CustomId; use Appwrite\Utopia\Database\Validator\Queries as QueriesValidator; -use Appwrite\Utopia\Database\Validator\OrderAttributes as OrderAttributesValudator; +use Appwrite\Utopia\Database\Validator\OrderAttributes as OrderAttributesValidator; use Appwrite\Utopia\Response; use Appwrite\Detector\Detector; use Appwrite\Event\Event; @@ -1744,7 +1744,7 @@ App::get('/v1/database/collections/:collectionId/documents') } if(!empty($orderAttributes)) { - $validator = new OrderAttributesValudator($collection->getAttribute('attributes', []), $collection->getAttribute('indexes', []), true); + $validator = new OrderAttributesValidator($collection->getAttribute('attributes', []), $collection->getAttribute('indexes', []), true); if (!$validator->isValid($orderAttributes)) { throw new Exception($validator->getDescription(), 400, Exception::GENERAL_QUERY_INVALID); }