From 4161a65e0be5d9605b102161571549ef0e986224 Mon Sep 17 00:00:00 2001 From: Matej Baco Date: Mon, 31 Jan 2022 16:04:30 +0100 Subject: [PATCH 01/16] Path validator + tests --- app/controllers/general.php | 10 +++- src/Appwrite/Storage/Validator/Path.php | 78 +++++++++++++++++++++++++ tests/e2e/Client.php | 17 +++++- tests/e2e/General/HTTPTest.php | 17 ++++++ 4 files changed, 119 insertions(+), 3 deletions(-) create mode 100644 src/Appwrite/Storage/Validator/Path.php diff --git a/app/controllers/general.php b/app/controllers/general.php index 7f82c36a30..64e122ff8e 100644 --- a/app/controllers/general.php +++ b/app/controllers/general.php @@ -2,6 +2,7 @@ require_once __DIR__.'/../init.php'; +use Appwrite\Storage\Validator\Path; use Utopia\App; use Utopia\Logger\Log; use Utopia\Logger\Log\User; @@ -525,8 +526,15 @@ App::get('/.well-known/acme-challenge') ->inject('request') ->inject('response') ->action(function ($request, $response) { + $filePath = $request->getURI(); + + $validator = new Path(); + if (!$validator->isValid($filePath)) { + throw new Exception('Invalid file path. Please use relative path without \'../\'', 400); + } + $base = \realpath(APP_STORAGE_CERTIFICATES); - $path = \str_replace('/.well-known/acme-challenge/', '', $request->getURI()); + $path = \str_replace('/.well-known/acme-challenge/', '', $filePath); $absolute = \realpath($base.'/.well-known/acme-challenge/'.$path); if (!$base) { diff --git a/src/Appwrite/Storage/Validator/Path.php b/src/Appwrite/Storage/Validator/Path.php new file mode 100644 index 0000000000..110ab47d88 --- /dev/null +++ b/src/Appwrite/Storage/Validator/Path.php @@ -0,0 +1,78 @@ +endpoint; + } + /** * @param string $key * @param string $value @@ -183,12 +195,13 @@ class Client unset($headers[$i]); } + curl_setopt($ch, CURLOPT_PATH_AS_IS, 1); curl_setopt($ch, CURLOPT_CUSTOMREQUEST, $method); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true); curl_setopt($ch, CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36'); curl_setopt($ch, CURLOPT_HTTPHEADER, $headers); - curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 0); + curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 0); curl_setopt($ch, CURLOPT_TIMEOUT, 15); curl_setopt($ch, CURLOPT_HEADERFUNCTION, function ($curl, $header) use (&$responseHeaders) { $len = strlen($header); diff --git a/tests/e2e/General/HTTPTest.php b/tests/e2e/General/HTTPTest.php index a832379282..4e2647f316 100644 --- a/tests/e2e/General/HTTPTest.php +++ b/tests/e2e/General/HTTPTest.php @@ -94,6 +94,23 @@ class HTTPTest extends Scope $this->assertStringContainsString('# robotstxt.org/', $response['body']); } + public function testAcmeChallenge() + { + $previousEndpoint = $this->client->getEndpoint(); + $this->client->setEndpoint("http://localhost"); + + /** + * Test for FAILURE + */ + $response = $this->client->call(Client::METHOD_GET, '/.well-known/acme-challenge/../../../../../../../etc/passwd', \array_merge([ + 'origin' => 'http://localhost', + ]), []); + + $this->client->setEndpoint($previousEndpoint); + + $this->assertEquals(400, $response['headers']['status-code']); + } + // public function testSpecSwagger2() // { // $response = $this->client->call(Client::METHOD_GET, '/specs/swagger2?platform=client', [ From 3293d15eff8382d1ba6cfa253f34eae08dc2e3ad Mon Sep 17 00:00:00 2001 From: Matej Baco Date: Mon, 31 Jan 2022 16:07:07 +0100 Subject: [PATCH 02/16] Cleanup --- app/controllers/general.php | 2 +- tests/e2e/Client.php | 4 ---- 2 files changed, 1 insertion(+), 5 deletions(-) diff --git a/app/controllers/general.php b/app/controllers/general.php index 64e122ff8e..206cb0d454 100644 --- a/app/controllers/general.php +++ b/app/controllers/general.php @@ -2,7 +2,6 @@ require_once __DIR__.'/../init.php'; -use Appwrite\Storage\Validator\Path; use Utopia\App; use Utopia\Logger\Log; use Utopia\Logger\Log\User; @@ -14,6 +13,7 @@ use Utopia\Config\Config; use Utopia\Domains\Domain; use Appwrite\Auth\Auth; use Appwrite\Network\Validator\Origin; +use Appwrite\Storage\Validator\Path; use Appwrite\Utopia\Response\Filters\V06; use Appwrite\Utopia\Response\Filters\V07; use Appwrite\Utopia\Response\Filters\V08; diff --git a/tests/e2e/Client.php b/tests/e2e/Client.php index c6c4ff83c4..16e3466f78 100644 --- a/tests/e2e/Client.php +++ b/tests/e2e/Client.php @@ -3,10 +3,6 @@ namespace Tests\E2E; use Exception; -use function curl_setopt; -use function http_build_query; -use const CURLOPT_PATH_AS_IS; -use const CURLOPT_TIMEOUT; class Client { From 3bc4d08c4d2e05310de8d1a24370563c7bf356d1 Mon Sep 17 00:00:00 2001 From: Khushboo Verma <43381712+vermakhushboo@users.noreply.github.com> Date: Mon, 31 Jan 2022 20:40:14 +0530 Subject: [PATCH 03/16] Add LogOwl logger details --- app/config/variables.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/app/config/variables.php b/app/config/variables.php index 43687110ae..1561c21b18 100644 --- a/app/config/variables.php +++ b/app/config/variables.php @@ -152,7 +152,7 @@ return [ ], [ 'name' => '_APP_LOGGING_PROVIDER', - 'description' => 'This variable allows you to enable logging errors to 3rd party providers. This value is empty by default, to enable the logger set the value to one of \'sentry\', \'raygun\', \'appsignal\'', + 'description' => 'This variable allows you to enable logging errors to 3rd party providers. This value is empty by default, to enable the logger set the value to one of \'sentry\', \'raygun\', \'appsignal\', \'logowl\'', 'introduction' => '0.12.0', 'default' => '', 'required' => false, @@ -161,7 +161,7 @@ return [ ], [ 'name' => '_APP_LOGGING_CONFIG', - 'description' => 'This variable configures authentication to 3rd party error logging providers. If using Sentry, this should be \'SENTRY_API_KEY;SENTRY_APP_ID\'. If using Raygun, this should be Raygun API key. If using AppSignal, this should be AppSignal API key.', + 'description' => 'This variable configures authentication to 3rd party error logging providers. If using Sentry, this should be \'SENTRY_API_KEY;SENTRY_APP_ID\'. If using Raygun, this should be Raygun API key. If using AppSignal, this should be AppSignal API key. If using LogOwl, this should be LogOwl Service Ticket.', 'introduction' => '0.12.0', 'default' => '', 'required' => false, From a8a61701b29c0ffdedcd3374e470ed9386afd447 Mon Sep 17 00:00:00 2001 From: Matej Baco Date: Sat, 5 Feb 2022 16:25:47 +0100 Subject: [PATCH 04/16] Fixed GitHub response parsing --- src/Appwrite/Auth/OAuth2/Github.php | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/src/Appwrite/Auth/OAuth2/Github.php b/src/Appwrite/Auth/OAuth2/Github.php index 22ffbe937f..ceda2a4740 100644 --- a/src/Appwrite/Auth/OAuth2/Github.php +++ b/src/Appwrite/Auth/OAuth2/Github.php @@ -53,7 +53,7 @@ class Github extends OAuth2 protected function getTokens(string $code): array { if(empty($this->tokens)) { - $this->tokens = \json_decode($this->request( + $response = $this->request( 'POST', 'https://github.com/login/oauth/access_token', [], @@ -63,7 +63,11 @@ class Github extends OAuth2 'client_secret' => $this->appSecret, 'code' => $code ]) - ), true); + ); + + $output = []; + \parse_str($response, $output); + $this->tokens = $output; } return $this->tokens; From ecb1d21953f32e163e8a67aa99d7bddb5baaeeb6 Mon Sep 17 00:00:00 2001 From: Matej Baco Date: Sat, 5 Feb 2022 16:38:08 +0100 Subject: [PATCH 05/16] Fixed Bitly response parsing --- src/Appwrite/Auth/OAuth2/Bitly.php | 18 +++++++++++++----- src/Appwrite/Auth/OAuth2/Github.php | 8 ++++++-- 2 files changed, 19 insertions(+), 7 deletions(-) diff --git a/src/Appwrite/Auth/OAuth2/Bitly.php b/src/Appwrite/Auth/OAuth2/Bitly.php index 4b7e525a76..fb1cb57e18 100644 --- a/src/Appwrite/Auth/OAuth2/Bitly.php +++ b/src/Appwrite/Auth/OAuth2/Bitly.php @@ -65,7 +65,7 @@ class Bitly extends OAuth2 protected function getTokens(string $code): array { if(empty($this->tokens)) { - $this->tokens = \json_decode($this->request( + $response = $this->request( 'POST', $this->resourceEndpoint . 'oauth/access_token', ["Content-Type: application/x-www-form-urlencoded"], @@ -76,8 +76,12 @@ class Bitly extends OAuth2 "redirect_uri" => $this->callback, "state" => \json_encode($this->state) ]) - ), true); - } + ); + + $output = []; + \parse_str($response, $output); + $this->tokens = $output; + } return $this->tokens; } @@ -89,7 +93,7 @@ class Bitly extends OAuth2 */ public function refreshTokens(string $refreshToken):array { - $this->tokens = \json_decode($this->request( + $response = $this->request( 'POST', $this->resourceEndpoint . 'oauth/access_token', ["Content-Type: application/x-www-form-urlencoded"], @@ -99,7 +103,11 @@ class Bitly extends OAuth2 "refresh_token" => $refreshToken, 'grant_type' => 'refresh_token' ]) - ), true); + ); + + $output = []; + \parse_str($response, $output); + $this->tokens = $output; if(empty($this->tokens['refresh_token'])) { $this->tokens['refresh_token'] = $refreshToken; diff --git a/src/Appwrite/Auth/OAuth2/Github.php b/src/Appwrite/Auth/OAuth2/Github.php index ceda2a4740..dddd4a5181 100644 --- a/src/Appwrite/Auth/OAuth2/Github.php +++ b/src/Appwrite/Auth/OAuth2/Github.php @@ -80,7 +80,7 @@ class Github extends OAuth2 */ public function refreshTokens(string $refreshToken):array { - $this->tokens = \json_decode($this->request( + $response = $this->request( 'POST', 'https://github.com/login/oauth/access_token', [], @@ -90,7 +90,11 @@ class Github extends OAuth2 'grant_type' => 'refresh_token', 'refresh_token' => $refreshToken ]) - ), true); + ); + + $output = []; + \parse_str($response, $output); + $this->tokens = $output; if(empty($this->tokens['refresh_token'])) { $this->tokens['refresh_token'] = $refreshToken; From 9d24a1532b4bd12d803b27ecddf124d01968558f Mon Sep 17 00:00:00 2001 From: Matej Baco Date: Sat, 5 Feb 2022 16:49:34 +0100 Subject: [PATCH 06/16] Cleanup --- src/Appwrite/Auth/OAuth2/Bitly.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/Appwrite/Auth/OAuth2/Bitly.php b/src/Appwrite/Auth/OAuth2/Bitly.php index fb1cb57e18..02a21dc29e 100644 --- a/src/Appwrite/Auth/OAuth2/Bitly.php +++ b/src/Appwrite/Auth/OAuth2/Bitly.php @@ -78,10 +78,10 @@ class Bitly extends OAuth2 ]) ); - $output = []; - \parse_str($response, $output); - $this->tokens = $output; - } + $output = []; + \parse_str($response, $output); + $this->tokens = $output; + } return $this->tokens; } From 399adace02d0b920bce7e11441a1449aa4ed7a07 Mon Sep 17 00:00:00 2001 From: Jake Lees Date: Thu, 10 Feb 2022 14:54:27 +1100 Subject: [PATCH 07/16] Update usage container to include redis vars The existing compose file has appwrite-usage rely on the redis container, however, no redis connection env variables are being passed in. This just includes them for instances where you're using an external redis instance. --- docker-compose.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/docker-compose.yml b/docker-compose.yml index 1ac7e1b0b0..a2ebc6575e 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -437,6 +437,10 @@ services: - _APP_INFLUXDB_HOST - _APP_INFLUXDB_PORT - _APP_USAGE_SYNC_INTERVAL + - _APP_REDIS_HOST + - _APP_REDIS_PORT + - _APP_REDIS_USER + - _APP_REDIS_PASS appwrite-schedule: entrypoint: schedule From e098943a15b240a0e9b1e7cf5457f3f68598e267 Mon Sep 17 00:00:00 2001 From: Jake Lees Date: Thu, 10 Feb 2022 16:37:48 +1100 Subject: [PATCH 08/16] Update compose.phtml to match docker-compose.yaml --- app/views/install/compose.phtml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/app/views/install/compose.phtml b/app/views/install/compose.phtml index 9da6d6fe57..c29c324452 100644 --- a/app/views/install/compose.phtml +++ b/app/views/install/compose.phtml @@ -365,6 +365,10 @@ services: - _APP_INFLUXDB_HOST - _APP_INFLUXDB_PORT - _APP_USAGE_AGGREGATION_INTERVAL + - _APP_REDIS_HOST + - _APP_REDIS_PORT + - _APP_REDIS_USER + - _APP_REDIS_PASS appwrite-schedule: image: /: From db7ebbd009232badb7289e1801606d422d8feb8a Mon Sep 17 00:00:00 2001 From: Matej Baco Date: Fri, 11 Feb 2022 09:44:04 +0100 Subject: [PATCH 09/16] Update to new utopia framework validators --- app/controllers/general.php | 19 +++- composer.lock | 190 ++++++++++++++++----------------- tests/e2e/General/HTTPTest.php | 16 ++- 3 files changed, 124 insertions(+), 101 deletions(-) diff --git a/app/controllers/general.php b/app/controllers/general.php index f56f569dd7..7615719629 100644 --- a/app/controllers/general.php +++ b/app/controllers/general.php @@ -19,6 +19,7 @@ use Utopia\Database\Document; use Utopia\Database\Query; use Utopia\Database\Validator\Authorization; use Appwrite\Utopia\Request\Filters\V12; +use Utopia\Validator\Text; Config::setParam('domainVerification', false); Config::setParam('cookieDomain', 'localhost'); @@ -513,13 +514,23 @@ App::get('/.well-known/acme-challenge') ->inject('request') ->inject('response') ->action(function ($request, $response) { - $filePath = $request->getURI(); + $uriChunks = \explode('/', $request->getURI()); + $token = $uriChunks[\count($uriChunks) - 1]; - $validator = new Path(); - if (!$validator->isValid($filePath)) { - throw new Exception('Invalid file path. Please use relative path without \'../\'', 400); + $validator = new Text(100, [ + ...Text::NUMBERS, + ...Text::ALPHABET_LOWER, + ...Text::ALPHABET_UPPER, + '-', + '_' + ]); + + if (!$validator->isValid($token) || \count($uriChunks) !== 4) { + throw new Exception('Invalid challenge token.', 400); } + $filePath = '/.well-known/acme-challenge' . $token; + $base = \realpath(APP_STORAGE_CERTIFICATES); $path = \str_replace('/.well-known/acme-challenge/', '', $filePath); $absolute = \realpath($base.'/.well-known/acme-challenge/'.$path); diff --git a/composer.lock b/composer.lock index 91440e4a7a..6f7b167745 100644 --- a/composer.lock +++ b/composer.lock @@ -1033,12 +1033,12 @@ } }, "autoload": { - "psr-4": { - "MongoDB\\": "src/" - }, "files": [ "src/functions.php" - ] + ], + "psr-4": { + "MongoDB\\": "src/" + } }, "notification-url": "https://packagist.org/downloads/", "license": [ @@ -1766,12 +1766,12 @@ } }, "autoload": { - "psr-4": { - "Symfony\\Polyfill\\Php80\\": "" - }, "files": [ "bootstrap.php" ], + "psr-4": { + "Symfony\\Polyfill\\Php80\\": "" + }, "classmap": [ "Resources/stubs" ] @@ -2141,16 +2141,16 @@ }, { "name": "utopia-php/database", - "version": "0.14.0", + "version": "0.14.1", "source": { "type": "git", "url": "https://github.com/utopia-php/database.git", - "reference": "2f2527bb080cf578fba327ea2ec637064561d403" + "reference": "ecc143f2cfe16b23675407035c6b5375ba263285" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/utopia-php/database/zipball/2f2527bb080cf578fba327ea2ec637064561d403", - "reference": "2f2527bb080cf578fba327ea2ec637064561d403", + "url": "https://api.github.com/repos/utopia-php/database/zipball/ecc143f2cfe16b23675407035c6b5375ba263285", + "reference": "ecc143f2cfe16b23675407035c6b5375ba263285", "shasum": "" }, "require": { @@ -2198,9 +2198,9 @@ ], "support": { "issues": "https://github.com/utopia-php/database/issues", - "source": "https://github.com/utopia-php/database/tree/0.14.0" + "source": "https://github.com/utopia-php/database/tree/0.14.1" }, - "time": "2022-01-21T16:34:34+00:00" + "time": "2022-01-25T13:01:20+00:00" }, { "name": "utopia-php/domains", @@ -2258,16 +2258,16 @@ }, { "name": "utopia-php/framework", - "version": "0.19.5", + "version": "0.19.6", "source": { "type": "git", "url": "https://github.com/utopia-php/framework.git", - "reference": "1c28ba9a5b491cf7c90c535fefee5832c7133623" + "reference": "7d9b28365fb794001cb34dd028659452d4e71b7d" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/utopia-php/framework/zipball/1c28ba9a5b491cf7c90c535fefee5832c7133623", - "reference": "1c28ba9a5b491cf7c90c535fefee5832c7133623", + "url": "https://api.github.com/repos/utopia-php/framework/zipball/7d9b28365fb794001cb34dd028659452d4e71b7d", + "reference": "7d9b28365fb794001cb34dd028659452d4e71b7d", "shasum": "" }, "require": { @@ -2301,9 +2301,9 @@ ], "support": { "issues": "https://github.com/utopia-php/framework/issues", - "source": "https://github.com/utopia-php/framework/tree/0.19.5" + "source": "https://github.com/utopia-php/framework/tree/0.19.6" }, - "time": "2022-01-04T14:40:23+00:00" + "time": "2022-02-10T17:05:22+00:00" }, { "name": "utopia-php/image", @@ -2688,16 +2688,16 @@ }, { "name": "utopia-php/swoole", - "version": "0.3.2", + "version": "0.3.3", "source": { "type": "git", "url": "https://github.com/utopia-php/swoole.git", - "reference": "2b714eddf77cd5eda1889219c9656d7c0a63ce73" + "reference": "8312df69233b5dcd3992de88f131f238002749de" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/utopia-php/swoole/zipball/2b714eddf77cd5eda1889219c9656d7c0a63ce73", - "reference": "2b714eddf77cd5eda1889219c9656d7c0a63ce73", + "url": "https://api.github.com/repos/utopia-php/swoole/zipball/8312df69233b5dcd3992de88f131f238002749de", + "reference": "8312df69233b5dcd3992de88f131f238002749de", "shasum": "" }, "require": { @@ -2738,9 +2738,9 @@ ], "support": { "issues": "https://github.com/utopia-php/swoole/issues", - "source": "https://github.com/utopia-php/swoole/tree/0.3.2" + "source": "https://github.com/utopia-php/swoole/tree/0.3.3" }, - "time": "2021-12-13T15:37:41+00:00" + "time": "2022-01-20T09:58:43+00:00" }, { "name": "utopia-php/system", @@ -3037,12 +3037,12 @@ } }, "autoload": { - "psr-4": { - "Amp\\ByteStream\\": "lib" - }, "files": [ "lib/functions.php" - ] + ], + "psr-4": { + "Amp\\ByteStream\\": "lib" + } }, "notification-url": "https://packagist.org/downloads/", "license": [ @@ -3132,23 +3132,23 @@ }, { "name": "composer/pcre", - "version": "1.0.0", + "version": "1.0.1", "source": { "type": "git", "url": "https://github.com/composer/pcre.git", - "reference": "3d322d715c43a1ac36c7fe215fa59336265500f2" + "reference": "67a32d7d6f9f560b726ab25a061b38ff3a80c560" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/composer/pcre/zipball/3d322d715c43a1ac36c7fe215fa59336265500f2", - "reference": "3d322d715c43a1ac36c7fe215fa59336265500f2", + "url": "https://api.github.com/repos/composer/pcre/zipball/67a32d7d6f9f560b726ab25a061b38ff3a80c560", + "reference": "67a32d7d6f9f560b726ab25a061b38ff3a80c560", "shasum": "" }, "require": { "php": "^5.3.2 || ^7.0 || ^8.0" }, "require-dev": { - "phpstan/phpstan": "^1", + "phpstan/phpstan": "^1.3", "phpstan/phpstan-strict-rules": "^1.1", "symfony/phpunit-bridge": "^4.2 || ^5" }, @@ -3183,7 +3183,7 @@ ], "support": { "issues": "https://github.com/composer/pcre/issues", - "source": "https://github.com/composer/pcre/tree/1.0.0" + "source": "https://github.com/composer/pcre/tree/1.0.1" }, "funding": [ { @@ -3199,27 +3199,27 @@ "type": "tidelift" } ], - "time": "2021-12-06T15:17:27+00:00" + "time": "2022-01-21T20:24:37+00:00" }, { "name": "composer/semver", - "version": "3.2.7", + "version": "3.2.9", "source": { "type": "git", "url": "https://github.com/composer/semver.git", - "reference": "deac27056b57e46faf136fae7b449eeaa71661ee" + "reference": "a951f614bd64dcd26137bc9b7b2637ddcfc57649" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/composer/semver/zipball/deac27056b57e46faf136fae7b449eeaa71661ee", - "reference": "deac27056b57e46faf136fae7b449eeaa71661ee", + "url": "https://api.github.com/repos/composer/semver/zipball/a951f614bd64dcd26137bc9b7b2637ddcfc57649", + "reference": "a951f614bd64dcd26137bc9b7b2637ddcfc57649", "shasum": "" }, "require": { "php": "^5.3.2 || ^7.0 || ^8.0" }, "require-dev": { - "phpstan/phpstan": "^0.12.54", + "phpstan/phpstan": "^1.4", "symfony/phpunit-bridge": "^4.2 || ^5" }, "type": "library", @@ -3264,7 +3264,7 @@ "support": { "irc": "irc://irc.freenode.org/composer", "issues": "https://github.com/composer/semver/issues", - "source": "https://github.com/composer/semver/tree/3.2.7" + "source": "https://github.com/composer/semver/tree/3.2.9" }, "funding": [ { @@ -3280,7 +3280,7 @@ "type": "tidelift" } ], - "time": "2022-01-04T09:57:54+00:00" + "time": "2022-02-04T13:58:43+00:00" }, { "name": "composer/xdebug-handler", @@ -3710,12 +3710,12 @@ }, "type": "library", "autoload": { - "psr-4": { - "DeepCopy\\": "src/DeepCopy/" - }, "files": [ "src/DeepCopy/deep_copy.php" - ] + ], + "psr-4": { + "DeepCopy\\": "src/DeepCopy/" + } }, "notification-url": "https://packagist.org/downloads/", "license": [ @@ -3963,16 +3963,16 @@ }, { "name": "phar-io/version", - "version": "3.1.0", + "version": "3.1.1", "source": { "type": "git", "url": "https://github.com/phar-io/version.git", - "reference": "bae7c545bef187884426f042434e561ab1ddb182" + "reference": "15a90844ad40f127afd244c0cad228de2a80052a" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/phar-io/version/zipball/bae7c545bef187884426f042434e561ab1ddb182", - "reference": "bae7c545bef187884426f042434e561ab1ddb182", + "url": "https://api.github.com/repos/phar-io/version/zipball/15a90844ad40f127afd244c0cad228de2a80052a", + "reference": "15a90844ad40f127afd244c0cad228de2a80052a", "shasum": "" }, "require": { @@ -4008,9 +4008,9 @@ "description": "Library for handling version information and constraints", "support": { "issues": "https://github.com/phar-io/version/issues", - "source": "https://github.com/phar-io/version/tree/3.1.0" + "source": "https://github.com/phar-io/version/tree/3.1.1" }, - "time": "2021-02-23T14:00:09+00:00" + "time": "2022-02-07T21:56:48+00:00" }, { "name": "phpdocumentor/reflection-common", @@ -4619,11 +4619,11 @@ } }, "autoload": { - "classmap": [ - "src/" - ], "files": [ "src/Framework/Assert/Functions.php" + ], + "classmap": [ + "src/" ] }, "notification-url": "https://packagist.org/downloads/", @@ -5219,16 +5219,16 @@ }, { "name": "sebastian/global-state", - "version": "5.0.3", + "version": "5.0.4", "source": { "type": "git", "url": "https://github.com/sebastianbergmann/global-state.git", - "reference": "23bd5951f7ff26f12d4e3242864df3e08dec4e49" + "reference": "19c519631c5a511b7ed0ad64a6713fdb3fd25fe4" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/sebastianbergmann/global-state/zipball/23bd5951f7ff26f12d4e3242864df3e08dec4e49", - "reference": "23bd5951f7ff26f12d4e3242864df3e08dec4e49", + "url": "https://api.github.com/repos/sebastianbergmann/global-state/zipball/19c519631c5a511b7ed0ad64a6713fdb3fd25fe4", + "reference": "19c519631c5a511b7ed0ad64a6713fdb3fd25fe4", "shasum": "" }, "require": { @@ -5271,7 +5271,7 @@ ], "support": { "issues": "https://github.com/sebastianbergmann/global-state/issues", - "source": "https://github.com/sebastianbergmann/global-state/tree/5.0.3" + "source": "https://github.com/sebastianbergmann/global-state/tree/5.0.4" }, "funding": [ { @@ -5279,7 +5279,7 @@ "type": "github" } ], - "time": "2021-06-11T13:31:12+00:00" + "time": "2022-02-10T07:01:19+00:00" }, { "name": "sebastian/lines-of-code", @@ -5721,16 +5721,16 @@ }, { "name": "symfony/console", - "version": "v6.0.2", + "version": "v6.0.3", "source": { "type": "git", "url": "https://github.com/symfony/console.git", - "reference": "dd434fa8d69325e5d210f63070014d889511fcb3" + "reference": "22e8efd019c3270c4f79376234a3f8752cd25490" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/console/zipball/dd434fa8d69325e5d210f63070014d889511fcb3", - "reference": "dd434fa8d69325e5d210f63070014d889511fcb3", + "url": "https://api.github.com/repos/symfony/console/zipball/22e8efd019c3270c4f79376234a3f8752cd25490", + "reference": "22e8efd019c3270c4f79376234a3f8752cd25490", "shasum": "" }, "require": { @@ -5796,7 +5796,7 @@ "terminal" ], "support": { - "source": "https://github.com/symfony/console/tree/v6.0.2" + "source": "https://github.com/symfony/console/tree/v6.0.3" }, "funding": [ { @@ -5812,7 +5812,7 @@ "type": "tidelift" } ], - "time": "2021-12-27T21:05:08+00:00" + "time": "2022-01-26T17:23:29+00:00" }, { "name": "symfony/polyfill-intl-grapheme", @@ -5845,12 +5845,12 @@ } }, "autoload": { - "psr-4": { - "Symfony\\Polyfill\\Intl\\Grapheme\\": "" - }, "files": [ "bootstrap.php" - ] + ], + "psr-4": { + "Symfony\\Polyfill\\Intl\\Grapheme\\": "" + } }, "notification-url": "https://packagist.org/downloads/", "license": [ @@ -5926,12 +5926,12 @@ } }, "autoload": { - "psr-4": { - "Symfony\\Polyfill\\Intl\\Normalizer\\": "" - }, "files": [ "bootstrap.php" ], + "psr-4": { + "Symfony\\Polyfill\\Intl\\Normalizer\\": "" + }, "classmap": [ "Resources/stubs" ] @@ -6090,12 +6090,12 @@ } }, "autoload": { - "psr-4": { - "Symfony\\Polyfill\\Php72\\": "" - }, "files": [ "bootstrap.php" - ] + ], + "psr-4": { + "Symfony\\Polyfill\\Php72\\": "" + } }, "notification-url": "https://packagist.org/downloads/", "license": [ @@ -6222,16 +6222,16 @@ }, { "name": "symfony/string", - "version": "v6.0.2", + "version": "v6.0.3", "source": { "type": "git", "url": "https://github.com/symfony/string.git", - "reference": "bae261d0c3ac38a1f802b4dfed42094296100631" + "reference": "522144f0c4c004c80d56fa47e40e17028e2eefc2" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/string/zipball/bae261d0c3ac38a1f802b4dfed42094296100631", - "reference": "bae261d0c3ac38a1f802b4dfed42094296100631", + "url": "https://api.github.com/repos/symfony/string/zipball/522144f0c4c004c80d56fa47e40e17028e2eefc2", + "reference": "522144f0c4c004c80d56fa47e40e17028e2eefc2", "shasum": "" }, "require": { @@ -6287,7 +6287,7 @@ "utf8" ], "support": { - "source": "https://github.com/symfony/string/tree/v6.0.2" + "source": "https://github.com/symfony/string/tree/v6.0.3" }, "funding": [ { @@ -6303,7 +6303,7 @@ "type": "tidelift" } ], - "time": "2021-12-16T22:13:01+00:00" + "time": "2022-01-02T09:55:41+00:00" }, { "name": "textalk/websocket", @@ -6406,16 +6406,16 @@ }, { "name": "twig/twig", - "version": "v2.14.10", + "version": "v2.14.11", "source": { "type": "git", "url": "https://github.com/twigphp/Twig.git", - "reference": "95fb194cd4dd6ac373a27af2bde2bad5d3f27aba" + "reference": "66baa66f29ee30e487e05f1679903e36eb01d727" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/twigphp/Twig/zipball/95fb194cd4dd6ac373a27af2bde2bad5d3f27aba", - "reference": "95fb194cd4dd6ac373a27af2bde2bad5d3f27aba", + "url": "https://api.github.com/repos/twigphp/Twig/zipball/66baa66f29ee30e487e05f1679903e36eb01d727", + "reference": "66baa66f29ee30e487e05f1679903e36eb01d727", "shasum": "" }, "require": { @@ -6470,7 +6470,7 @@ ], "support": { "issues": "https://github.com/twigphp/Twig/issues", - "source": "https://github.com/twigphp/Twig/tree/v2.14.10" + "source": "https://github.com/twigphp/Twig/tree/v2.14.11" }, "funding": [ { @@ -6482,7 +6482,7 @@ "type": "tidelift" } ], - "time": "2022-01-03T21:13:26+00:00" + "time": "2022-02-04T06:57:25+00:00" }, { "name": "vimeo/psalm", @@ -6561,13 +6561,13 @@ } }, "autoload": { - "psr-4": { - "Psalm\\": "src/Psalm/" - }, "files": [ "src/functions.php", "src/spl_object_id.php" - ] + ], + "psr-4": { + "Psalm\\": "src/Psalm/" + } }, "notification-url": "https://packagist.org/downloads/", "license": [ diff --git a/tests/e2e/General/HTTPTest.php b/tests/e2e/General/HTTPTest.php index 50d44cd86f..f9914806ea 100644 --- a/tests/e2e/General/HTTPTest.php +++ b/tests/e2e/General/HTTPTest.php @@ -96,9 +96,20 @@ class HTTPTest extends Scope public function testAcmeChallenge() { + // Preparation $previousEndpoint = $this->client->getEndpoint(); $this->client->setEndpoint("http://localhost"); + /** + * Test for SUCCESS + */ + $response = $this->client->call(Client::METHOD_GET, '/.well-known/acme-challenge/8DdIKX257k6Dih5s_saeVMpTnjPJdKO5Ase0OCiJrIg', \array_merge([ + 'origin' => 'http://localhost', + ]), []); + + $this->assertEquals(404, $response['headers']['status-code']); + // 'Unknown path', but validation passed + /** * Test for FAILURE */ @@ -106,9 +117,10 @@ class HTTPTest extends Scope 'origin' => 'http://localhost', ]), []); - $this->client->setEndpoint($previousEndpoint); - $this->assertEquals(400, $response['headers']['status-code']); + + // Cleanup + $this->client->setEndpoint($previousEndpoint); } // public function testSpecSwagger2() From 5028598f43101701622663a71a234086dc80cd1b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Matej=20Ba=C4=8Do?= Date: Fri, 11 Feb 2022 10:43:12 +0000 Subject: [PATCH 10/16] Removed unused validator --- src/Appwrite/Storage/Validator/Path.php | 78 ------------------------- 1 file changed, 78 deletions(-) delete mode 100644 src/Appwrite/Storage/Validator/Path.php diff --git a/src/Appwrite/Storage/Validator/Path.php b/src/Appwrite/Storage/Validator/Path.php deleted file mode 100644 index 110ab47d88..0000000000 --- a/src/Appwrite/Storage/Validator/Path.php +++ /dev/null @@ -1,78 +0,0 @@ - Date: Fri, 11 Feb 2022 12:32:16 +0100 Subject: [PATCH 11/16] Update tests/e2e/Client.php Co-authored-by: Eldad A. Fux --- tests/e2e/Client.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/e2e/Client.php b/tests/e2e/Client.php index 16e3466f78..c86ebc5951 100644 --- a/tests/e2e/Client.php +++ b/tests/e2e/Client.php @@ -122,7 +122,7 @@ class Client * @param string $endpoint * @return self $this */ - public function setEndpoint($endpoint): self + public function setEndpoint(string $endpoint): self { $this->endpoint = $endpoint; From 9162e197bf9c4d615f075a682aba0a436c035199 Mon Sep 17 00:00:00 2001 From: Torsten Dittmann Date: Fri, 11 Feb 2022 18:44:10 +0100 Subject: [PATCH 12/16] chore: release 0.12.2 --- CHANGES.md | 13 +++++++++++++ README-CN.md | 6 +++--- README.md | 6 +++--- 3 files changed, 19 insertions(+), 6 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index bccf34dd1d..578aeb6a38 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -1,3 +1,16 @@ +# Version 0.12.2 + +## Bugs +- Fix security vulnerability in the Console (#2778) +- Fix security vulnerability in the ACME-Challenge (#2780) + +## Upgrades + +- Upgraded `redis` extenstion to version 5.3.6 +- Upgraded `swoole` extenstion to version 4.8.6 +- Upgraded `imagick` extenstion to version 3.7.0 +- Upgraded GEO IP database to version February 2022 + # Version 0.12.1 ## Bugs diff --git a/README-CN.md b/README-CN.md index 5c4ce54433..5611487644 100644 --- a/README-CN.md +++ b/README-CN.md @@ -59,7 +59,7 @@ docker run -it --rm \ --volume /var/run/docker.sock:/var/run/docker.sock \ --volume "$(pwd)"/appwrite:/usr/src/code/appwrite:rw \ --entrypoint="install" \ - appwrite/appwrite:0.12.1 + appwrite/appwrite:0.12.2 ``` ### Windows @@ -71,7 +71,7 @@ docker run -it --rm ^ --volume //var/run/docker.sock:/var/run/docker.sock ^ --volume "%cd%"/appwrite:/usr/src/code/appwrite:rw ^ --entrypoint="install" ^ - appwrite/appwrite:0.12.1 + appwrite/appwrite:0.12.2 ``` #### PowerShell @@ -81,7 +81,7 @@ docker run -it --rm , --volume /var/run/docker.sock:/var/run/docker.sock , --volume ${pwd}/appwrite:/usr/src/code/appwrite:rw , --entrypoint="install" , - appwrite/appwrite:0.12.1 + appwrite/appwrite:0.12.2 ``` 运行后,可以在浏览器上访问 http://localhost 找到 Appwrite 控制台。在非 Linux 的本机主机上完成安装后,服务器可能需要几分钟才能启动。 diff --git a/README.md b/README.md index 4cf345f250..c2e802bacb 100644 --- a/README.md +++ b/README.md @@ -62,7 +62,7 @@ docker run -it --rm \ --volume /var/run/docker.sock:/var/run/docker.sock \ --volume "$(pwd)"/appwrite:/usr/src/code/appwrite:rw \ --entrypoint="install" \ - appwrite/appwrite:0.12.1 + appwrite/appwrite:0.12.2 ``` ### Windows @@ -74,7 +74,7 @@ docker run -it --rm ^ --volume //var/run/docker.sock:/var/run/docker.sock ^ --volume "%cd%"/appwrite:/usr/src/code/appwrite:rw ^ --entrypoint="install" ^ - appwrite/appwrite:0.12.1 + appwrite/appwrite:0.12.2 ``` #### PowerShell @@ -84,7 +84,7 @@ docker run -it --rm , --volume /var/run/docker.sock:/var/run/docker.sock , --volume ${pwd}/appwrite:/usr/src/code/appwrite:rw , --entrypoint="install" , - appwrite/appwrite:0.12.1 + appwrite/appwrite:0.12.2 ``` Once the Docker installation completes, go to http://localhost to access the Appwrite console from your browser. Please note that on non-Linux native hosts, the server might take a few minutes to start after installation completes. From 7e8f6aa1e47fcab0ab5692184b0905cb3ed8b9a0 Mon Sep 17 00:00:00 2001 From: Eldad Fux Date: Sat, 12 Feb 2022 06:35:28 +0200 Subject: [PATCH 13/16] Added 0.11.1 to change log --- CHANGES.md | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/CHANGES.md b/CHANGES.md index 578aeb6a38..f271eefa11 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -97,6 +97,20 @@ - Upgraded InfluxDB to 1.4.0 - Upgraded Telegraf to 1.3.0 +# Version 0.11.1 + +## Bugs +Fix security vulnerability in the Console (#2777) +Fix security vulnerability in the ACME-Challenge (#2779) + +## Upgrades +Upgraded redis extenstion to version 5.3.6 +Upgraded swoole extenstion to version 4.8.6 +Upgraded imagick extenstion to version 3.7.0 +Upgraded yaml extenstion to version 2.2.2 +Upgraded maxminddb extenstion to version 1.11.0 +Upgraded GEO IP database to version February 2022 + # Version 0.11.0 ## Features From fc64607c4b2754f48d150e1aea3a1943aad36010 Mon Sep 17 00:00:00 2001 From: Eldad Fux Date: Sat, 12 Feb 2022 06:36:19 +0200 Subject: [PATCH 14/16] Updated changes style --- CHANGES.md | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index f271eefa11..02d04700a2 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -100,16 +100,16 @@ # Version 0.11.1 ## Bugs -Fix security vulnerability in the Console (#2777) -Fix security vulnerability in the ACME-Challenge (#2779) +- Fix security vulnerability in the Console (#2777) +- Fix security vulnerability in the ACME-Challenge (#2779) ## Upgrades -Upgraded redis extenstion to version 5.3.6 -Upgraded swoole extenstion to version 4.8.6 -Upgraded imagick extenstion to version 3.7.0 -Upgraded yaml extenstion to version 2.2.2 -Upgraded maxminddb extenstion to version 1.11.0 -Upgraded GEO IP database to version February 2022 +- Upgraded redis extenstion to version 5.3.6 +- Upgraded swoole extenstion to version 4.8.6 +- Upgraded imagick extenstion to version 3.7.0 +- Upgraded yaml extenstion to version 2.2.2 +- Upgraded maxminddb extenstion to version 1.11.0 +- Upgraded GEO IP database to version February 2022 # Version 0.11.0 From 7c9daf8cef7dd76c72a8b46c9f51bd153b05e438 Mon Sep 17 00:00:00 2001 From: "Eldad A. Fux" Date: Sat, 12 Feb 2022 16:40:12 +0200 Subject: [PATCH 15/16] Update SECURITY.md --- SECURITY.md | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/SECURITY.md b/SECURITY.md index 66bdeb985f..89aa610910 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -4,11 +4,10 @@ | Version | Supported | | ------- | ------------------ | -| < 0.5 | :x: | -| 0.6.x | :white_check_mark: | -| 0.7.x | :white_check_mark: | -| 0.8.0 | :white_check_mark: | +| <= 0.10 | :x: | +| 0.11.x | :white_check_mark: | +| 0.12.x | :white_check_mark: | ## Reporting a Vulnerability -For security issues, kindly email us at security@appwrite.io instead of posting a public issue in GitHub. \ No newline at end of file +For security issues, kindly email us at security@appwrite.io instead of posting a public issue in GitHub. From f3f2b5a3fc80d5877efb7af9966357217a4d3373 Mon Sep 17 00:00:00 2001 From: Vincent Ge Date: Mon, 14 Feb 2022 16:58:31 -0500 Subject: [PATCH 16/16] Correct dcoker as docker --- README-CN.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README-CN.md b/README-CN.md index 5611487644..c815eaedd8 100644 --- a/README-CN.md +++ b/README-CN.md @@ -18,7 +18,7 @@ [English](README.md) | 简体中文 -Appwrite是一个基于dcoker的端到端开发者平台,其容器化的微服务库可应用于网页端,移动端,以及后端。Appwrite 通过视觉化界面极简了从零编写 API 的繁琐过程,在保证软件安全的前提下为开发者创造了一个高效的开发环境。 +Appwrite是一个基于Docker的端到端开发者平台,其容器化的微服务库可应用于网页端,移动端,以及后端。Appwrite 通过视觉化界面极简了从零编写 API 的繁琐过程,在保证软件安全的前提下为开发者创造了一个高效的开发环境。 Appwrite 可以提供给开发者用户验证,外部授权,用户数据读写检索,文件储存, 图像处理,云函数计算,[等多种服务](https:/ /appwrite.io/docs)。