From 21f25b4ce4241923d52ffcefac3fc487dded330b Mon Sep 17 00:00:00 2001
From: Hemachandar <hmac.devo@gmail.com>
Date: Tue, 16 Sep 2025 14:16:02 +0530
Subject: [PATCH 1/4] Auto-allow sites domain for OAuth

---
 app/init/resources.php | 63 ++++++++++++++++++++++++++++--------------
 1 file changed, 43 insertions(+), 20 deletions(-)

diff --git a/app/init/resources.php b/app/init/resources.php
index e4e8fbef5e..99b6e74382 100644
--- a/app/init/resources.php
+++ b/app/init/resources.php
@@ -151,7 +151,7 @@ App::setResource('queueForMigrations', function (Publisher $publisher) {
 App::setResource('queueForStatsResources', function (Publisher $publisher) {
     return new StatsResources($publisher);
 }, ['publisher']);
-App::setResource('platforms', function (Request $request, Document $console, Document $project) {
+App::setResource('platforms', function (Request $request, Document $console, Document $project, Database $dbForPlatform) {
     $console->setAttribute('platforms', [ // Always allow current host
         '$collection' => ID::custom('platforms'),
         'name' => 'Current Host',
@@ -190,11 +190,52 @@ App::setResource('platforms', function (Request $request, Document $console, Doc
         ], Document::SET_TYPE_APPEND);
     }
 
+    $origin = \parse_url($request->getOrigin(), PHP_URL_HOST);
+
+    if (empty($origin)) {
+        $origin = \parse_url($request->getReferer(), PHP_URL_HOST);
+    }
+
+    // Safe if rule with same project ID exists
+    if (!empty($origin)) {
+        if (System::getEnv('_APP_RULES_FORMAT') === 'md5') {
+            $rule = Authorization::skip(fn () => $dbForPlatform->getDocument('rules', md5($origin ?? '')));
+        } else {
+            $rule = Authorization::skip(
+                fn () => $dbForPlatform->find('rules', [
+                    Query::equal('domain', [$origin]),
+                    Query::limit(1)
+                ])
+            )[0] ?? new Document();
+        }
+
+        var_dump($rule);
+
+        if (!$rule->isEmpty() && $rule->getAttribute('projectInternalId') === $project->getSequence()) {
+            echo "inside project internal id\n";
+
+            $project->setAttribute('platforms', [
+                '$collection' => ID::custom('platforms'),
+                'type' => Platform::TYPE_WEB,
+                'name' => $origin,
+                'hostname' => $origin,
+            ], Document::SET_TYPE_APPEND);
+        }
+    }
+
+    // Unsafe; Localhost is always safe for ease of local development
+    $project->setAttribute('platforms', [
+        '$collection' => ID::custom('platforms'),
+        'type' => Platform::TYPE_WEB,
+        'name' => "localhost",
+        'hostname' => "localhost",
+    ], Document::SET_TYPE_APPEND);
+
     return [
         ...$console->getAttribute('platforms', []),
         ...$project->getAttribute('platforms', []),
     ];
-}, ['request', 'console', 'project']);
+}, ['request', 'console', 'project', 'dbForPlatform']);
 
 App::setResource('user', function ($mode, $project, $console, $request, $response, $dbForProject, $dbForPlatform) {
     /** @var Appwrite\Utopia\Request $request */
@@ -1005,24 +1046,6 @@ App::setResource('httpReferrerSafe', function (Request $request, string $httpRef
         return $referrer;
     }
 
-    // Safe if rule with same project ID exists
-    if (!empty($origin)) {
-        if (System::getEnv('_APP_RULES_FORMAT') === 'md5') {
-            $rule = Authorization::skip(fn () => $dbForPlatform->getDocument('rules', md5($origin ?? '')));
-        } else {
-            $rule = Authorization::skip(
-                fn () => $dbForPlatform->find('rules', [
-                    Query::equal('domain', [$origin]),
-                    Query::limit(1)
-                ])
-            )[0] ?? new Document();
-        }
-
-        if (!$rule->isEmpty() && $rule->getAttribute('projectInternalId') === $project->getSequence()) {
-            return $referrer;
-        }
-    }
-
     // Unsafe; Localhost is always safe for ease of local development
     $origin = 'localhost';
     $protocol = \parse_url($request->getOrigin($httpReferrer), PHP_URL_SCHEME);

From dedc7a35c96f3e4a7bc89ff363fabf2d35e5be86 Mon Sep 17 00:00:00 2001
From: Hemachandar <hmac.devo@gmail.com>
Date: Thu, 18 Sep 2025 12:38:18 +0530
Subject: [PATCH 2/4] remove debug output

---
 app/init/resources.php | 16 +++++++---------
 1 file changed, 7 insertions(+), 9 deletions(-)

diff --git a/app/init/resources.php b/app/init/resources.php
index 99b6e74382..4b5452eb46 100644
--- a/app/init/resources.php
+++ b/app/init/resources.php
@@ -212,8 +212,6 @@ App::setResource('platforms', function (Request $request, Document $console, Doc
         var_dump($rule);
 
         if (!$rule->isEmpty() && $rule->getAttribute('projectInternalId') === $project->getSequence()) {
-            echo "inside project internal id\n";
-
             $project->setAttribute('platforms', [
                 '$collection' => ID::custom('platforms'),
                 'type' => Platform::TYPE_WEB,
@@ -416,7 +414,7 @@ App::setResource('dbForProject', function (Group $pools, Database $dbForPlatform
     if (\in_array($dsn->getHost(), $sharedTables)) {
         $database
             ->setSharedTables(true)
-            ->setTenant((int)$project->getSequence())
+            ->setTenant((int) $project->getSequence())
             ->setNamespace($dsn->getParam('namespace'));
     } else {
         $database
@@ -469,7 +467,7 @@ App::setResource('getProjectDB', function (Group $pools, Database $dbForPlatform
             if (\in_array($dsn->getHost(), $sharedTables)) {
                 $database
                     ->setSharedTables(true)
-                    ->setTenant((int)$project->getSequence())
+                    ->setTenant((int) $project->getSequence())
                     ->setNamespace($dsn->getParam('namespace'));
             } else {
                 $database
@@ -499,7 +497,7 @@ App::setResource('getLogsDB', function (Group $pools, Cache $cache) {
 
     return function (?Document $project = null) use ($pools, $cache, &$database) {
         if ($database !== null && $project !== null && !$project->isEmpty() && $project->getId() !== 'console') {
-            $database->setTenant((int)$project->getSequence());
+            $database->setTenant((int) $project->getSequence());
             return $database;
         }
 
@@ -514,7 +512,7 @@ App::setResource('getLogsDB', function (Group $pools, Cache $cache) {
 
         // set tenant
         if ($project !== null && !$project->isEmpty() && $project->getId() !== 'console') {
-            $database->setTenant((int)$project->getSequence());
+            $database->setTenant((int) $project->getSequence());
         }
 
         return $database;
@@ -542,7 +540,7 @@ App::setResource('redis', function () {
     $pass = System::getEnv('_APP_REDIS_PASS', '');
 
     $redis = new \Redis();
-    @$redis->pconnect($host, (int)$port);
+    @$redis->pconnect($host, (int) $port);
     if ($pass) {
         $redis->auth($pass);
     }
@@ -755,7 +753,7 @@ App::setResource('schema', function ($utopia, $dbForProject) {
     // NOTE: `params` and `urls` are not used internally in the `Schema::build` function below!
     $params = [
         'list' => function (string $databaseId, string $collectionId, array $args) {
-            return [ 'queries' => $args['queries']];
+            return ['queries' => $args['queries']];
         },
         'create' => function (string $databaseId, string $collectionId, array $args) {
             $id = $args['id'] ?? 'unique()';
@@ -1004,7 +1002,7 @@ App::setResource('resourceToken', function ($project, $dbForProject, $request) {
                 }
 
                 $accessedAt = $token->getAttribute('accessedAt', 0);
-                if (empty($accessedAt) || DatabaseDateTime::formatTz(DatabaseDateTime::addSeconds(new \DateTime(), - APP_RESOURCE_TOKEN_ACCESS)) > $accessedAt) {
+                if (empty($accessedAt) || DatabaseDateTime::formatTz(DatabaseDateTime::addSeconds(new \DateTime(), -APP_RESOURCE_TOKEN_ACCESS)) > $accessedAt) {
                     $token->setAttribute('accessedAt', DatabaseDateTime::now());
                     Authorization::skip(fn () => $dbForProject->updateDocument('resourceTokens', $token->getId(), $token));
                 }

From 5fd2dfafb72ab4500cc4e2d3b0279a3bb21583af Mon Sep 17 00:00:00 2001
From: Hemachandar <hmac.devo@gmail.com>
Date: Thu, 18 Sep 2025 14:10:56 +0530
Subject: [PATCH 3/4] remove var_dump

---
 app/init/resources.php | 2 --
 1 file changed, 2 deletions(-)

diff --git a/app/init/resources.php b/app/init/resources.php
index 4b5452eb46..211bc52a8e 100644
--- a/app/init/resources.php
+++ b/app/init/resources.php
@@ -209,8 +209,6 @@ App::setResource('platforms', function (Request $request, Document $console, Doc
             )[0] ?? new Document();
         }
 
-        var_dump($rule);
-
         if (!$rule->isEmpty() && $rule->getAttribute('projectInternalId') === $project->getSequence()) {
             $project->setAttribute('platforms', [
                 '$collection' => ID::custom('platforms'),

From 2f1046db2b1f63b1fd7bd7989d1b20ec74e86d10 Mon Sep 17 00:00:00 2001
From: Hemachandar <hmac.devo@gmail.com>
Date: Mon, 22 Sep 2025 12:10:55 +0530
Subject: [PATCH 4/4] fix tests

---
 app/init/resources.php | 8 --------
 1 file changed, 8 deletions(-)

diff --git a/app/init/resources.php b/app/init/resources.php
index 211bc52a8e..16307edee3 100644
--- a/app/init/resources.php
+++ b/app/init/resources.php
@@ -219,14 +219,6 @@ App::setResource('platforms', function (Request $request, Document $console, Doc
         }
     }
 
-    // Unsafe; Localhost is always safe for ease of local development
-    $project->setAttribute('platforms', [
-        '$collection' => ID::custom('platforms'),
-        'type' => Platform::TYPE_WEB,
-        'name' => "localhost",
-        'hostname' => "localhost",
-    ], Document::SET_TYPE_APPEND);
-
     return [
         ...$console->getAttribute('platforms', []),
         ...$project->getAttribute('platforms', []),