diff --git a/app/app.php b/app/app.php index 2125a98cec..0c0258aa70 100644 --- a/app/app.php +++ b/app/app.php @@ -17,23 +17,8 @@ use Appwrite\Network\Validator\Origin; Config::setParam('domain', 'localhost'); Config::setParam('domainVerification', false); -// Config::setParam('domain', $request->getServer('HTTP_HOST', '')); -// Config::setParam('domainVerification', false); - -\define('COOKIE_DOMAIN', 'localhost'); -\define('COOKIE_SAMESITE', Response::COOKIE_SAMESITE_NONE); - -// \define('COOKIE_DOMAIN', -// ( -// $request->getServer('HTTP_HOST', null) === 'localhost' || -// $request->getServer('HTTP_HOST', null) === 'localhost:'.$request->getPort() || -// (\filter_var($request->getHostname(), FILTER_VALIDATE_IP) !== false) -// ) -// ? null -// : '.'.$request->getHostname() -// ); -// \define('COOKIE_SAMESITE', Response::COOKIE_SAMESITE_NONE); - +Config::setParam('cookieDomain', 'localhost'); +Config::setParam('cookieSamesite', Response::COOKIE_SAMESITE_NONE); // // Set project mail // $register->get('smtp') @@ -45,7 +30,6 @@ Config::setParam('domainVerification', false); // ) // ); - App::init(function ($utopia, $request, $response, $console, $project, $user, $locale, $webhooks, $audits, $usage, $clients) { /** @var Utopia\Request $request */ /** @var Utopia\Response $response */ @@ -91,10 +75,20 @@ App::init(function ($utopia, $request, $response, $console, $project, $user, $lo $selfDomain = new Domain(Config::getParam('hostname')); $endDomain = new Domain($origin); + Config::setParam('domain', $request->getServer('HTTP_HOST', '')); + Config::setParam('domainVerification', ($selfDomain->getRegisterable() === $endDomain->getRegisterable()) && $endDomain->getRegisterable() !== ''); + Config::setParam('cookieDomain', ( + $request->getServer('HTTP_HOST', null) === 'localhost' || + $request->getServer('HTTP_HOST', null) === 'localhost:'.$request->getPort() || + (\filter_var($request->getHostname(), FILTER_VALIDATE_IP) !== false) + ) + ? null + : '.'.$request->getHostname() + ); /* * Security Headers * diff --git a/app/controllers/api/account.php b/app/controllers/api/account.php index 16e7541d0b..84107cb81d 100644 --- a/app/controllers/api/account.php +++ b/app/controllers/api/account.php @@ -234,8 +234,8 @@ App::post('/v1/account/sessions') } $response - ->addCookie(Auth::$cookieName.'_legacy', Auth::encodeSession($profile->getId(), $secret), $expiry, '/', COOKIE_DOMAIN, ('https' == $protocol), true, null) - ->addCookie(Auth::$cookieName, Auth::encodeSession($profile->getId(), $secret), $expiry, '/', COOKIE_DOMAIN, ('https' == $protocol), true, COOKIE_SAMESITE) + ->addCookie(Auth::$cookieName.'_legacy', Auth::encodeSession($profile->getId(), $secret), $expiry, '/', Config::getParam('cookieDomain'), ('https' == $protocol), true, null) + ->addCookie(Auth::$cookieName, Auth::encodeSession($profile->getId(), $secret), $expiry, '/', Config::getParam('cookieDomain'), ('https' == $protocol), true, Config::getParam('cookieSamesite')) ->setStatusCode(Response::STATUS_CODE_CREATED) ->json($session->getArrayCopy(['$id', 'type', 'expire'])) ; @@ -526,7 +526,7 @@ App::get('/v1/account/sessions/oauth2/:provider/redirect') $state['success'] = URLParser::parse($state['success']); $query = URLParser::parseQuery($state['success']['query']); $query['project'] = $project->getId(); - $query['domain'] = COOKIE_DOMAIN; + $query['domain'] = Config::getParam('cookieDomain'); $query['key'] = Auth::$cookieName; $query['secret'] = Auth::encodeSession($user->getId(), $secret); $state['success']['query'] = URLParser::unparseQuery($query); @@ -536,8 +536,8 @@ App::get('/v1/account/sessions/oauth2/:provider/redirect') $response ->addHeader('Cache-Control', 'no-store, no-cache, must-revalidate, max-age=0') ->addHeader('Pragma', 'no-cache') - ->addCookie(Auth::$cookieName.'_legacy', Auth::encodeSession($user->getId(), $secret), $expiry, '/', COOKIE_DOMAIN, ('https' == $protocol), true, null) - ->addCookie(Auth::$cookieName, Auth::encodeSession($user->getId(), $secret), $expiry, '/', COOKIE_DOMAIN, ('https' == $protocol), true, COOKIE_SAMESITE) + ->addCookie(Auth::$cookieName.'_legacy', Auth::encodeSession($user->getId(), $secret), $expiry, '/', Config::getParam('cookieDomain'), ('https' == $protocol), true, null) + ->addCookie(Auth::$cookieName, Auth::encodeSession($user->getId(), $secret), $expiry, '/', Config::getParam('cookieDomain'), ('https' == $protocol), true, Config::getParam('cookieSamesite')) ->redirect($state['success']) ; }, ['request', 'response', 'project', 'user', 'projectDB', 'audit']); @@ -975,8 +975,8 @@ App::delete('/v1/account') } $response - ->addCookie(Auth::$cookieName.'_legacy', '', \time() - 3600, '/', COOKIE_DOMAIN, ('https' == $protocol), true, null) - ->addCookie(Auth::$cookieName, '', \time() - 3600, '/', COOKIE_DOMAIN, ('https' == $protocol), true, COOKIE_SAMESITE) + ->addCookie(Auth::$cookieName.'_legacy', '', \time() - 3600, '/', Config::getParam('cookieDomain'), ('https' == $protocol), true, null) + ->addCookie(Auth::$cookieName, '', \time() - 3600, '/', Config::getParam('cookieDomain'), ('https' == $protocol), true, Config::getParam('cookieSamesite')) ->noContent() ; }, ['request', 'response', 'user', 'projectDB', 'audit', 'webhook']); @@ -1034,8 +1034,8 @@ App::delete('/v1/account/sessions/:sessionId') if ($token->getAttribute('secret') == Auth::hash(Auth::$secret)) { // If current session delete the cookies too $response - ->addCookie(Auth::$cookieName.'_legacy', '', \time() - 3600, '/', COOKIE_DOMAIN, ('https' == $protocol), true, null) - ->addCookie(Auth::$cookieName, '', \time() - 3600, '/', COOKIE_DOMAIN, ('https' == $protocol), true, COOKIE_SAMESITE) + ->addCookie(Auth::$cookieName.'_legacy', '', \time() - 3600, '/', Config::getParam('cookieDomain'), ('https' == $protocol), true, null) + ->addCookie(Auth::$cookieName, '', \time() - 3600, '/', Config::getParam('cookieDomain'), ('https' == $protocol), true, Config::getParam('cookieSamesite')) ; } @@ -1093,8 +1093,8 @@ App::delete('/v1/account/sessions') if ($token->getAttribute('secret') == Auth::hash(Auth::$secret)) { // If current session delete the cookies too $response - ->addCookie(Auth::$cookieName.'_legacy', '', \time() - 3600, '/', COOKIE_DOMAIN, ('https' == $protocol), true, null) - ->addCookie(Auth::$cookieName, '', \time() - 3600, '/', COOKIE_DOMAIN, ('https' == $protocol), true, COOKIE_SAMESITE) + ->addCookie(Auth::$cookieName.'_legacy', '', \time() - 3600, '/', Config::getParam('cookieDomain'), ('https' == $protocol), true, null) + ->addCookie(Auth::$cookieName, '', \time() - 3600, '/', Config::getParam('cookieDomain'), ('https' == $protocol), true, Config::getParam('cookieSamesite')) ; } } diff --git a/app/controllers/api/teams.php b/app/controllers/api/teams.php index 4af413f62e..6e1c31751c 100644 --- a/app/controllers/api/teams.php +++ b/app/controllers/api/teams.php @@ -570,8 +570,8 @@ App::patch('/v1/teams/:teamId/memberships/:inviteId/status') } $response - ->addCookie(Auth::$cookieName.'_legacy', Auth::encodeSession($user->getId(), $secret), $expiry, '/', COOKIE_DOMAIN, ('https' == $protocol), true, null) - ->addCookie(Auth::$cookieName, Auth::encodeSession($user->getId(), $secret), $expiry, '/', COOKIE_DOMAIN, ('https' == $protocol), true, COOKIE_SAMESITE) + ->addCookie(Auth::$cookieName.'_legacy', Auth::encodeSession($user->getId(), $secret), $expiry, '/', Config::getParam('cookieDomain'), ('https' == $protocol), true, null) + ->addCookie(Auth::$cookieName, Auth::encodeSession($user->getId(), $secret), $expiry, '/', Config::getParam('cookieDomain'), ('https' == $protocol), true, Config::getParam('cookieSamesite')) ->json(\array_merge($membership->getArrayCopy([ '$id', 'userId', diff --git a/docker-compose.yml b/docker-compose.yml index 8c8bbaea68..026e1beafb 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -50,7 +50,7 @@ services: - ./phpunit.xml:/usr/share/nginx/html/phpunit.xml - ./tests:/usr/share/nginx/html/tests - ./app:/usr/share/nginx/html/app - #- ./vendor:/usr/share/nginx/html/vendor + # - ./vendor:/usr/share/nginx/html/vendor - ./docs:/usr/share/nginx/html/docs - ./public:/usr/share/nginx/html/public - ./src:/usr/share/nginx/html/src