Merge branch 'main' into feature-5232-OSV-Security-Scans

.env

@@ -9,7 +9,9 @@ _APP_SYSTEM_EMAIL_ADDRESS=team@appwrite.io
 _APP_SYSTEM_SECURITY_EMAIL_ADDRESS=security@appwrite.io
 _APP_SYSTEM_RESPONSE_FORMAT=
 _APP_OPTIONS_ABUSE=disabled
+_APP_OPTIONS_ROUTER_PROTECTION=disbled
 _APP_OPTIONS_FORCE_HTTPS=disabled
+_APP_OPTIONS_FUNCTIONS_FORCE_HTTPS=disabled
 _APP_OPENSSL_KEY_V1=your-secret-key
 _APP_DOMAIN=localhost
 _APP_DOMAIN_FUNCTIONS=functions.localhost

.github/workflows/publish.yml

@@ -16,7 +16,7 @@ jobs:
       with:
         fetch-depth: 2
         submodules: recursive
-        ref: master
+        ref: cl-1.4.x
 
     - name: Login to Docker Hub
       uses: docker/login-action@v2

.gitmodules

@@ -1,4 +1,4 @@
 [submodule "app/console"]
 	path = app/console
 	url = https://github.com/appwrite/console
-	branch = 3.1.1
+	branch = 3.2.1

CHANGES.md

@@ -1,3 +1,39 @@
+# Version 1.4.5
+
+## Changes
+- Bump console to version 3.2.1 in [#6868](https://github.com/appwrite/appwrite/pull/6868)
+
+## Fixes
+- Fix realtime logs in [#6478](https://github.com/appwrite/appwrite/pull/6478)
+- Fix "File not found" error in executor in [#6476](https://github.com/appwrite/appwrite/pull/6476)
+- Fix missing array flag on migration errors response model rule in [#6469](https://github.com/appwrite/appwrite/pull/6469)
+- Ensure openruntimes-executor restarts after a server reboot in [#6490](https://github.com/appwrite/appwrite/pull/6490)
+
+# Version 1.4.4
+
+## Features
+- Feat: Function domains force https in [#6269](https://github.com/appwrite/appwrite/pull/6269)
+- Feat: router protection in [#6272](https://github.com/appwrite/appwrite/pull/6272)
+- Feat: Parse event body in [#6317](https://github.com/appwrite/appwrite/pull/6317)
+
+## Fixes
+- Fix: wrong device type in [#6271](https://github.com/appwrite/appwrite/pull/6271)
+- Fix: build race condition in [#6270](https://github.com/appwrite/appwrite/pull/6270)
+- Fix: Large builds in [#6273](https://github.com/appwrite/appwrite/pull/6273)
+- Fix: migrations in [#6302](https://github.com/appwrite/appwrite/pull/6302)
+- Add Description for Download Deployment in [#6268](https://github.com/appwrite/appwrite/pull/6268)
+- Fix deployment delete in [#6290](https://github.com/appwrite/appwrite/pull/6290)
+- Fix project deletion in [#6260](https://github.com/appwrite/appwrite/pull/6260)
+- fix-6212-Issue-With-Linkedin-OAuth in [#6229](https://github.com/appwrite/appwrite/pull/6229)
+- Fix: Execution body limit in [#6326](https://github.com/appwrite/appwrite/pull/6326)
+- Patch: Disable console protection in [#6329](https://github.com/appwrite/appwrite/pull/6329)
+- converted desc to sentence case in [#5926](https://github.com/appwrite/appwrite/pull/5926)
+- Update avatar font and default colors in [#6277](https://github.com/appwrite/appwrite/pull/6277)
+- Bump composer to fix migration bug in [#6344](https://github.com/appwrite/appwrite/pull/6344)
+- Fix execution call timeout in [#6332](https://github.com/appwrite/appwrite/pull/6332)
+- Bump appwrite-assistant to prevent it from crashing w/o open ai key in [#6342](https://github.com/appwrite/appwrite/pull/6342)
+- Remove Special Chars from Initials [#6164](https://github.com/appwrite/appwrite/pull/6164)
+
 # Version 1.4.3
 
 ## Features

HACKTOBERFEST.md

@@ -0,0 +1,57 @@
+# Appwrite hacktoberfest contribution
+
+Welcome to the Appwrite Hacktoberfest contribution! We appreciate your interest in contributing to our open-source project. Please read this carefully to understand how to get started and make your contributions count.
+
+## Familiarize with the project
+
+Before you start contributing, familiarize yourself with our project by reading the [main README](https://github.com/appwrite/appwrite/blob/main/README.md).
+
+## Code of conduct
+
+Please ensure that you always follow our [Code of Conduct](https://github.com/appwrite/awesome-appwrite/blob/master/CODE_OF_CONDUCT.md). We aim to maintain a respectful and inclusive community.
+
+## Contributing guide
+
+Please review our [Contributing Guide](https://github.com/appwrite/appwrite/blob/main/CONTRIBUTING.md) before contributing. It will help you learn about the architecture, instructions on how to update code, run tests, and submit a PR.
+
+## Hacktoberfest contribution guidelines
+
+To participate in Hacktoberfest with Appwrite, follow these guidelines:
+
+1. **Valid issues**: To make your contribution count, please look for issues labeled with `hacktoberfest`. Only issues labeled with `hacktoberfest` will count as a valid contribution.
+
+2. **Wait for issue assignment**: After you have identified an issue to work on, please wait for it to be assigned to you by our team. We assign issues on a first-come, first-serve basis.
+
+3. **Knowing about labels**:  We do not have the `hacktoberfest` label in our repositories, but we use it on specific issues. For your pull request to be valid, our team will review and add the `hacktoberfest-accepted` label once it meets the criteria.
+
+4. **Discuss new issues**: If you're interested in finding and adding new issues for Hacktoberfest, please discuss it with the team on our [Discord server](https://appwrite.io/discord) in the `#hacktoberfest` channel.
+
+5. **Be patient with pull request reviews**: PR reviews may take up to 15 days due to the volume of contributions. However, we also host PR review parties every week where you can add your PRs for instant review.
+
+6. **Regular updates**: If you've been assigned an issue, it's essential to share updates every 3 days. Failure to do so may result in being unassigned from the issue.
+
+## Getting started
+
+1. Fork the Appwrite repository you'd like to contribute to.
+
+2. Clone your forked repository to your local machine.
+
+   ```bash
+   git clone https://github.com/your-username/repository-name.git
+   ```
+
+3. Create a new branch for your contribution.
+
+   ```bash
+   git checkout -b TYPE-ISSUE_ID-DESCRIPTION
+   ```
+4. Make your changes, commit them, and push them to your forked repository.
+
+   ```bash
+   git commit -m "Add your commit message here"
+   git push origin TYPE-ISSUE_ID-DESCRIPTION
+   ```
+ 
+5. Create a Pull Request (PR) from your forked repository to the Appwrite repository. Be sure to reference the issue you are addressing in your PR description.
+
+Thank you for contributing to Appwrite, and we look forward to your Hacktoberfest contributions! If you have any questions or need assistance, feel free to ask on our Discord server or in the issue discussion. Happy hacking!

README-CN.md

@@ -2,7 +2,7 @@
 
 <br />
 <p align="center">
-    <a href="https://appwrite.io" target="_blank"><img width="260" height="39" src="https://appwrite.io/images/appwrite.svg" alt="Appwrite Logo"></a>
+    <a href="https://appwrite.io" target="_blank"><img src="./public/images/banner.png" alt="Appwrite Logo"></a>
     <br />
     <br />
     <b>适用于[Flutter/Vue/Angular/React/iOS/Android/* 等等平台 *]的完整后端服务</b>
@@ -66,7 +66,7 @@ docker run -it --rm \
     --volume /var/run/docker.sock:/var/run/docker.sock \
     --volume "$(pwd)"/appwrite:/usr/src/code/appwrite:rw \
     --entrypoint="install" \
-    appwrite/appwrite:1.4.3
+    appwrite/appwrite:1.4.5
 ```
 
 ### Windows
@@ -78,7 +78,7 @@ docker run -it --rm ^
     --volume //var/run/docker.sock:/var/run/docker.sock ^
     --volume "%cd%"/appwrite:/usr/src/code/appwrite:rw ^
     --entrypoint="install" ^
-    appwrite/appwrite:1.4.3
+    appwrite/appwrite:1.4.5
 ```
 
 #### PowerShell
@@ -88,7 +88,7 @@ docker run -it --rm `
     --volume /var/run/docker.sock:/var/run/docker.sock `
     --volume ${pwd}/appwrite:/usr/src/code/appwrite:rw `
     --entrypoint="install" `
-    appwrite/appwrite:1.4.3
+    appwrite/appwrite:1.4.5
 ```
 
 运行后，可以在浏览器上访问 http://localhost 找到 Appwrite 控制台。在非 Linux 的本机主机上完成安装后，服务器可能需要几分钟才能启动。

README.md

@@ -76,7 +76,7 @@ docker run -it --rm \
     --volume /var/run/docker.sock:/var/run/docker.sock \
     --volume "$(pwd)"/appwrite:/usr/src/code/appwrite:rw \
     --entrypoint="install" \
-    appwrite/appwrite:1.4.3
+    appwrite/appwrite:1.4.5
 ```
 
 ### Windows
@@ -88,7 +88,7 @@ docker run -it --rm ^
     --volume //var/run/docker.sock:/var/run/docker.sock ^
     --volume "%cd%"/appwrite:/usr/src/code/appwrite:rw ^
     --entrypoint="install" ^
-    appwrite/appwrite:1.4.3
+    appwrite/appwrite:1.4.5
 ```
 
 #### PowerShell
@@ -98,7 +98,7 @@ docker run -it --rm `
     --volume /var/run/docker.sock:/var/run/docker.sock `
     --volume ${pwd}/appwrite:/usr/src/code/appwrite:rw `
     --entrypoint="install" `
-    appwrite/appwrite:1.4.3
+    appwrite/appwrite:1.4.5
 ```
 
 Once the Docker installation is complete, go to http://localhost to access the Appwrite console from your browser. Please note that on non-Linux native hosts, the server might take a few minutes to start after completing the installation.

app/config/locale/translations/es.json

@@ -2,31 +2,31 @@
     "settings.inspire": "\"El arte de ser sabio es el arte de saber qué pasar por alto\"",
     "settings.locale": "es",
     "settings.direction": "ltr",
-    "emails.sender": "Equipo %s",
+    "emails.sender": "El equipo de %s",
     "emails.verification.subject": "Verificación de cuenta",
-    "emails.verification.hello": "Hola {{user}}",
-    "emails.verification.body": "Haz clic en este enlace para verificar tu correo.",
+    "emails.verification.hello": "Hola, {{name}}",
+    "emails.verification.body": "Haz clic en este enlace para verificar tu correo:",
     "emails.verification.footer": "Si no has solicitado verificar este correo, puedes ignorar este mensaje.",
-    "emails.verification.thanks": "Gracias",
-    "emails.verification.signature": "Equipo de {{project}}",
+    "emails.verification.thanks": "Gracias.",
+    "emails.verification.signature": "El equipo de {{project}}.",
     "emails.magicSession.subject": "Inicio de sesión",
-    "emails.magicSession.hello": "Hola,",
-    "emails.magicSession.body": "Haz clic en este enlace para iniciar sesión.",
-    "emails.magicSession.footer": "Si no has solicitado ingresar usando este correo, puedes ignorar este mensaje.",
-    "emails.magicSession.thanks": "Gracias",
-    "emails.magicSession.signature": "Equipo de {{project}}",
+    "emails.magicSession.hello": "Hola",
+    "emails.magicSession.body": "Haz clic en este enlace para iniciar sesión:",
+    "emails.magicSession.footer": "Si no has solicitado iniciar sesión usando este correo, puedes ignorar este mensaje.",
+    "emails.magicSession.thanks": "Gracias.",
+    "emails.magicSession.signature": "El equipo de {{project}}",
     "emails.recovery.subject": "Restablecer contraseña",
-    "emails.recovery.hello": "Hola {{user}}",
-    "emails.recovery.body": "Haz clic en este enlace para restablecer la contraseña de {{project}}.",
+    "emails.recovery.hello": "Hola, {{name}}",
+    "emails.recovery.body": "Haz clic en este enlace para restablecer la contraseña de {{project}}:",
     "emails.recovery.footer": "Si no has solicitado restablecer la contraseña, puedes ignorar este mensaje.",
-    "emails.recovery.thanks": "Gracias",
-    "emails.recovery.signature": "Equipo de {{project}}",
+    "emails.recovery.thanks": "Gracias.",
+    "emails.recovery.signature": "El equipo de {{project}}",
     "emails.invitation.subject": "Invitación al equipo %s en %s",
     "emails.invitation.hello": "Hola",
-    "emails.invitation.body": "Este correo ha sido enviado a petición de {{owner}} quien quiere invitarte a formar parte del equipo {{team}} en {{project}}.",
-    "emails.invitation.footer": "Si no estas interesado, puedes ignorar este mensaje.",
-    "emails.invitation.thanks": "Gracias",
-    "emails.invitation.signature": "Equipo de {{project}}",
+    "emails.invitation.body": "Este correo ha sido enviado a petición de {{owner}} quién quiere invitarte a formar parte del equipo {{team}} en {{project}}.",
+    "emails.invitation.footer": "Si no estás interesado, puedes ignorar este mensaje.",
+    "emails.invitation.thanks": "Gracias.",
+    "emails.invitation.signature": "El equipo de {{project}}",
     "locale.country.unknown": "Desconocido",
     "countries.af": "Afganistán",
     "countries.ao": "Angola",
@@ -229,4 +229,4 @@
     "continents.na": "América del Norte",
     "continents.oc": "Oceanía",
     "continents.sa": "América del Sur"
-}
+}

app/config/platforms.php

@@ -8,7 +8,7 @@ return [
     APP_PLATFORM_CLIENT => [
         'key' => APP_PLATFORM_CLIENT,
         'name' => 'Client',
-        'description' => 'Client libraries for integrating with Appwrite to build client-based applications and websites. Read the [getting started for web](/docs/getting-started-for-web) or [getting started for Flutter](/docs/getting-started-for-flutter) tutorials to start building your first application.',
+        'description' => 'Client libraries for integrating with Appwrite to build client-based applications and websites. Read the [getting started for web](https://appwrite.io/docs/getting-started-for-web) or [getting started for Flutter](https://appwrite.io/docs/getting-started-for-flutter) tutorials to start building your first application.',
         'enabled' => true,
         'beta' => false,
         'sdks' => [
@@ -224,7 +224,7 @@ return [
     APP_PLATFORM_SERVER => [
         'key' => APP_PLATFORM_SERVER,
         'name' => 'Server',
-        'description' => 'Libraries for integrating with Appwrite to build server side integrations. Read the [getting started for server](/docs/getting-started-for-server) tutorial to start building your first server integration.',
+        'description' => 'Libraries for integrating with Appwrite to build server side integrations. Read the [getting started for server](https://appwrite.io/docs/getting-started-for-server) tutorial to start building your first server integration.',
         'enabled' => true,
         'beta' => false,
         'sdks' => [

app/config/variables.php

@@ -36,13 +36,31 @@ return [
             ],
             [
                 'name' => '_APP_OPTIONS_FORCE_HTTPS',
-                'description' => 'Allows you to force HTTPS connection to your API. This feature redirects any HTTP call to HTTPS and adds the \'Strict-Transport-Security\' header to all HTTP responses. By default, set to \'enabled\'. To disable, set to \'disabled\'. This feature will work only when your ports are set to default 80 and 443.',
+                'description' => 'Allows you to force HTTPS connection to your API. This feature redirects any HTTP call to HTTPS and adds the \'Strict-Transport-Security\' header to all HTTP responses. By default, set to \'enabled\'. To disable, set to \'disabled\'. This feature will work only when your ports are set to default 80 and 443, and you have set up wildcard certificates with DNS challenge.',
                 'introduction' => '',
                 'default' => 'disabled',
                 'required' => false,
                 'question' => '',
                 'filter' => ''
             ],
+            [
+                'name' => '_APP_OPTIONS_FUNCTIONS_FORCE_HTTPS',
+                'description' => 'Allows you to force HTTPS connection to function domains. This feature redirects any HTTP call to HTTPS and adds the \'Strict-Transport-Security\' header to all HTTP responses. By default, set to \'enabled\'. To disable, set to \'disabled\'. This feature will work only when your ports are set to default 80 and 443.',
+                'introduction' => '',
+                'default' => 'disabled',
+                'required' => false,
+                'question' => '',
+                'filter' => ''
+            ],
+            [
+                'name' => '_APP_OPTIONS_ROUTER_PROTECTION',
+                'description' => 'Protects server from serving requests from unknown hostnames, and from serving Console for custom project domains. By default, set to \'disabled\'. To start router protection, set to \'enabled\'. It is recommended to enable this variable on production environment.',
+                'introduction' => '1.4.4',
+                'default' => 'disabled',
+                'required' => false,
+                'question' => '',
+                'filter' => ''
+            ],
             [
                 'name' => '_APP_OPENSSL_KEY_V1',
                 'description' => 'This is your server private secret key that is used to encrypt all sensitive data on your server. Appwrite server encrypts all secret data on your server like webhooks, HTTP passwords, user sessions, and storage files. The var is not set by default, if you wish to take advantage of Appwrite encryption capabilities you should change it and make sure to **keep it a secret and have a backup for it**.',

app/console

@@ -1 +1 @@
-Subproject commit 9b4bcb8140484669421685b4ba89fa1c4d331360
+Subproject commit 2f47e4e77b3c832679c5a83a604dd7b8e8fc1903

app/controllers/api/avatars.php

@@ -509,12 +509,11 @@ App::get('/v1/avatars/initials')
     ->action(function (string $name, int $width, int $height, string $background, Response $response, Document $user) {
 
         $themes = [
-            ['background' => '#FFA1CE'], // Default (Pink)
-            ['background' => '#FDC584'], // Orange
-            ['background' => '#94DBD1'], // Green
-            ['background' => '#A1C4FF'], // Blue
-            ['background' => '#FFA1CE'], // Pink
-            ['background' => '#CBB1FC'] // Purple
+            ['background' => '#FD366E'], // Default (Pink)
+            ['background' => '#FE9567'], // Orange
+            ['background' => '#7C67FE'], // Purple
+            ['background' => '#68A3FE'], // Blue
+            ['background' => '#85DBD8'], // Mint
         ];
 
         $name = (!empty($name)) ? $name : $user->getAttribute('name', $user->getAttribute('email', ''));
@@ -526,11 +525,13 @@ App::get('/v1/avatars/initials')
         $code = 0;
 
         foreach ($words as $key => $w) {
-            $initials .= $w[0] ?? '';
-            $code += (isset($w[0])) ? \ord($w[0]) : 0;
+            if (ctype_alnum($w[0] ?? '')) {
+                $initials .= $w[0];
+                $code += ord($w[0]);
 
-            if ($key == 1) {
-                break;
+                if ($key == 1) {
+                    break;
+                }
             }
         }
 
@@ -548,8 +549,8 @@ App::get('/v1/avatars/initials')
 
         $punch->newImage($width, $height, 'transparent');
 
-        $draw->setFont(__DIR__ . "/../../assets/fonts/poppins-v9-latin-500.ttf");
-        $image->setFont(__DIR__ . "/../../assets/fonts/poppins-v9-latin-500.ttf");
+        $draw->setFont(__DIR__ . "/../../assets/fonts/inter-v8-latin-regular.woff2");
+        $image->setFont(__DIR__ . "/../../assets/fonts/inter-v8-latin-regular.woff2");
 
         $draw->setFillColor(new ImagickPixel('black'));
         $draw->setFontSize($fontSize);
@@ -724,7 +725,7 @@ App::get('/v1/cards/cloud')
 
         $text = new \ImagickDraw();
         $text->setTextAlignment(Imagick::ALIGN_CENTER);
-        $text->setFont(__DIR__ . '/../../../public/fonts/Poppins-Bold.ttf');
+        $text->setFont(__DIR__ . '/../../../public/fonts/Inter-Bold.ttf');
         $text->setFillColor(new \ImagickPixel('#FFFFFF'));
 
         if (\strlen($name) > 32) {
@@ -1108,7 +1109,7 @@ App::get('/v1/cards/cloud-og')
 
         $textName = new \ImagickDraw();
         $textName->setTextAlignment(Imagick::ALIGN_CENTER);
-        $textName->setFont(__DIR__ . '/../../../public/fonts/Poppins-Bold.ttf');
+        $textName->setFont(__DIR__ . '/../../../public/fonts/Inter-Bold.ttf');
         $textName->setFillColor(new \ImagickPixel('#FFFFFF'));
 
         if (\strlen($name) > 32) {

app/controllers/api/databases.php

@@ -716,8 +716,8 @@ App::post('/v1/databases/:databaseId/collections')
     ->param('databaseId', '', new UID(), 'Database ID.')
     ->param('collectionId', '', new CustomId(), 'Unique Id. Choose a custom ID or generate a random ID with `ID.unique()`. Valid chars are a-z, A-Z, 0-9, period, hyphen, and underscore. Can\'t start with a special char. Max length is 36 chars.')
     ->param('name', '', new Text(128), 'Collection name. Max length: 128 chars.')
-    ->param('permissions', null, new Permissions(APP_LIMIT_ARRAY_PARAMS_SIZE), 'An array of permissions strings. By default, no user is granted with any permissions. [Learn more about permissions](/docs/permissions).', true)
-    ->param('documentSecurity', false, new Boolean(true), 'Enables configuring permissions for individual documents. A user needs one of document or collection level permissions to access a document. [Learn more about permissions](/docs/permissions).', true)
+    ->param('permissions', null, new Permissions(APP_LIMIT_ARRAY_PARAMS_SIZE), 'An array of permissions strings. By default, no user is granted with any permissions. [Learn more about permissions](https://appwrite.io/docs/permissions).', true)
+    ->param('documentSecurity', false, new Boolean(true), 'Enables configuring permissions for individual documents. A user needs one of document or collection level permissions to access a document. [Learn more about permissions](https://appwrite.io/docs/permissions).', true)
     ->param('enabled', true, new Boolean(), 'Is collection enabled? When set to \'disabled\', users cannot access the collection but Server SDKs with and API key can still read and write to the collection. No data is lost when this is toggled.', true)
     ->inject('response')
     ->inject('dbForProject')
@@ -977,8 +977,8 @@ App::put('/v1/databases/:databaseId/collections/:collectionId')
     ->param('databaseId', '', new UID(), 'Database ID.')
     ->param('collectionId', '', new UID(), 'Collection ID.')
     ->param('name', null, new Text(128), 'Collection name. Max length: 128 chars.')
-    ->param('permissions', null, new Permissions(APP_LIMIT_ARRAY_PARAMS_SIZE), 'An array of permission strings. By default, the current permissions are inherited. [Learn more about permissions](/docs/permissions).', true)
-    ->param('documentSecurity', false, new Boolean(true), 'Enables configuring permissions for individual documents. A user needs one of document or collection level permissions to access a document. [Learn more about permissions](/docs/permissions).', true)
+    ->param('permissions', null, new Permissions(APP_LIMIT_ARRAY_PARAMS_SIZE), 'An array of permission strings. By default, the current permissions are inherited. [Learn more about permissions](https://appwrite.io/docs/permissions).', true)
+    ->param('documentSecurity', false, new Boolean(true), 'Enables configuring permissions for individual documents. A user needs one of document or collection level permissions to access a document. [Learn more about permissions](https://appwrite.io/docs/permissions).', true)
     ->param('enabled', true, new Boolean(), 'Is collection enabled? When set to \'disabled\', users cannot access the collection but Server SDKs with and API key can still read and write to the collection. No data is lost when this is toggled.', true)
     ->inject('response')
     ->inject('dbForProject')
@@ -2718,7 +2718,7 @@ App::post('/v1/databases/:databaseId/collections/:collectionId/documents')
     ->param('documentId', '', new CustomId(), 'Document ID. Choose a custom ID or generate a random ID with `ID.unique()`. Valid chars are a-z, A-Z, 0-9, period, hyphen, and underscore. Can\'t start with a special char. Max length is 36 chars.')
     ->param('collectionId', '', new UID(), 'Collection ID. You can create a new collection using the Database service [server integration](https://appwrite.io/docs/server/databases#databasesCreateCollection). Make sure to define attributes before creating documents.')
     ->param('data', [], new JSON(), 'Document data as JSON object.')
-    ->param('permissions', null, new Permissions(APP_LIMIT_ARRAY_PARAMS_SIZE, [Database::PERMISSION_READ, Database::PERMISSION_UPDATE, Database::PERMISSION_DELETE, Database::PERMISSION_WRITE]), 'An array of permissions strings. By default, only the current user is granted all permissions. [Learn more about permissions](/docs/permissions).', true)
+    ->param('permissions', null, new Permissions(APP_LIMIT_ARRAY_PARAMS_SIZE, [Database::PERMISSION_READ, Database::PERMISSION_UPDATE, Database::PERMISSION_DELETE, Database::PERMISSION_WRITE]), 'An array of permissions strings. By default, only the current user is granted all permissions. [Learn more about permissions](https://appwrite.io/docs/permissions).', true)
     ->inject('response')
     ->inject('dbForProject')
     ->inject('user')
@@ -3281,7 +3281,7 @@ App::patch('/v1/databases/:databaseId/collections/:collectionId/documents/:docum
     ->param('collectionId', '', new UID(), 'Collection ID.')
     ->param('documentId', '', new UID(), 'Document ID.')
     ->param('data', [], new JSON(), 'Document data as JSON object. Include only attribute and value pairs to be updated.', true)
-    ->param('permissions', null, new Permissions(APP_LIMIT_ARRAY_PARAMS_SIZE, [Database::PERMISSION_READ, Database::PERMISSION_UPDATE, Database::PERMISSION_DELETE, Database::PERMISSION_WRITE]), 'An array of permissions strings. By default, the current permissions are inherited. [Learn more about permissions](/docs/permissions).', true)
+    ->param('permissions', null, new Permissions(APP_LIMIT_ARRAY_PARAMS_SIZE, [Database::PERMISSION_READ, Database::PERMISSION_UPDATE, Database::PERMISSION_DELETE, Database::PERMISSION_WRITE]), 'An array of permissions strings. By default, the current permissions are inherited. [Learn more about permissions](https://appwrite.io/docs/permissions).', true)
     ->inject('requestTimestamp')
     ->inject('response')
     ->inject('dbForProject')

app/controllers/api/functions.php

@@ -84,6 +84,7 @@ $redeployVcs = function (Request $request, Document $function, Document $project
             Permission::delete(Role::any()),
         ],
         'resourceId' => $function->getId(),
+        'resourceInternalId' => $function->getInternalId(),
         'resourceType' => 'functions',
         'entrypoint' => $entrypoint,
         'commands' => $function->getAttribute('commands', ''),
@@ -1079,7 +1080,7 @@ App::post('/v1/functions/:functionId/deployments')
         }
 
         $fileExt = new FileExt([FileExt::TYPE_GZIP]);
-        $fileSizeValidator = new FileSize(App::getEnv('_APP_FUNCTIONS_SIZE_LIMIT', 0));
+        $fileSizeValidator = new FileSize(App::getEnv('_APP_FUNCTIONS_SIZE_LIMIT', '30000000'));
         $upload = new Upload();
 
         // Make sure we handle a single file and multiple files the same way
@@ -1495,7 +1496,7 @@ App::post('/v1/functions/:functionId/executions')
     ->label('sdk.response.type', Response::CONTENT_TYPE_JSON)
     ->label('sdk.response.model', Response::MODEL_EXECUTION)
     ->param('functionId', '', new UID(), 'Function ID.')
-    ->param('body', '', new Text(8192, 0), 'HTTP body of execution. Default value is empty string.', true)
+    ->param('body', '', new Text(0, 0), 'HTTP body of execution. Default value is empty string.', true)
     ->param('async', false, new Boolean(), 'Execute code in the background. Default value is false.', true)
     ->param('path', '/', new Text(2048), 'HTTP path of execution. Path can include query params. Default value is /', true)
     ->param('method', 'POST', new Whitelist(['GET', 'POST', 'PUT', 'PATCH', 'DELETE', 'OPTIONS'], true), 'HTTP method of execution. Default value is GET.', true)
@@ -1707,7 +1708,8 @@ App::post('/v1/functions/:functionId/executions')
                 path: $path,
                 method: $method,
                 headers: $headers,
-                runtimeEntrypoint: $command
+                runtimeEntrypoint: $command,
+                requestTimeout: 30
             );
 
             $headersFiltered = [];

app/controllers/api/health.php

@@ -166,7 +166,7 @@ App::get('/v1/health/cache')
     });
 
 App::get('/v1/health/queue')
-    ->desc('Get Queue')
+    ->desc('Get queue')
     ->groups(['api', 'health'])
     ->label('scope', 'health.read')
     ->label('sdk.auth', [APP_AUTH_TYPE_KEY])
@@ -223,7 +223,7 @@ App::get('/v1/health/queue')
     });
 
 App::get('/v1/health/pubsub')
-    ->desc('Get PubSub')
+    ->desc('Get pubsub')
     ->groups(['api', 'health'])
     ->label('scope', 'health.read')
     ->label('sdk.auth', [APP_AUTH_TYPE_KEY])
@@ -387,6 +387,108 @@ App::get('/v1/health/queue/certificates')
         $response->dynamic(new Document([ 'size' => Resque::size(Event::CERTIFICATES_QUEUE_NAME) ]), Response::MODEL_HEALTH_QUEUE);
     }, ['response']);
 
+App::get('/v1/health/queue/builds')
+    ->desc('Get builds queue')
+    ->groups(['api', 'health'])
+    ->label('scope', 'health.read')
+    ->label('sdk.auth', [APP_AUTH_TYPE_KEY])
+    ->label('sdk.namespace', 'health')
+    ->label('sdk.method', 'getQueueBuilds')
+    ->label('sdk.description', '/docs/references/health/get-queue-builds.md')
+    ->label('sdk.response.code', Response::STATUS_CODE_OK)
+    ->label('sdk.response.type', Response::CONTENT_TYPE_JSON)
+    ->label('sdk.response.model', Response::MODEL_HEALTH_QUEUE)
+    ->inject('response')
+    ->action(function (Response $response) {
+
+        $response->dynamic(new Document([ 'size' => Resque::size(Event::BUILDS_QUEUE_NAME) ]), Response::MODEL_HEALTH_QUEUE);
+    }, ['response']);
+
+App::get('/v1/health/queue/databases')
+    ->desc('Get databases queue')
+    ->groups(['api', 'health'])
+    ->label('scope', 'health.read')
+    ->label('sdk.auth', [APP_AUTH_TYPE_KEY])
+    ->label('sdk.namespace', 'health')
+    ->label('sdk.method', 'getQueueDatabases')
+    ->label('sdk.description', '/docs/references/health/get-queue-databases.md')
+    ->label('sdk.response.code', Response::STATUS_CODE_OK)
+    ->label('sdk.response.type', Response::CONTENT_TYPE_JSON)
+    ->label('sdk.response.model', Response::MODEL_HEALTH_QUEUE)
+    ->inject('response')
+    ->action(function (Response $response) {
+
+        $response->dynamic(new Document([ 'size' => Resque::size(Event::DATABASE_QUEUE_NAME) ]), Response::MODEL_HEALTH_QUEUE);
+    }, ['response']);
+
+App::get('/v1/health/queue/deletes')
+    ->desc('Get deletes queue')
+    ->groups(['api', 'health'])
+    ->label('scope', 'health.read')
+    ->label('sdk.auth', [APP_AUTH_TYPE_KEY])
+    ->label('sdk.namespace', 'health')
+    ->label('sdk.method', 'getQueueDeletes')
+    ->label('sdk.description', '/docs/references/health/get-queue-deletes.md')
+    ->label('sdk.response.code', Response::STATUS_CODE_OK)
+    ->label('sdk.response.type', Response::CONTENT_TYPE_JSON)
+    ->label('sdk.response.model', Response::MODEL_HEALTH_QUEUE)
+    ->inject('response')
+    ->action(function (Response $response) {
+
+        $response->dynamic(new Document([ 'size' => Resque::size(Event::DELETE_QUEUE_NAME) ]), Response::MODEL_HEALTH_QUEUE);
+    }, ['response']);
+
+App::get('/v1/health/queue/mails')
+    ->desc('Get mails queue')
+    ->groups(['api', 'health'])
+    ->label('scope', 'health.read')
+    ->label('sdk.auth', [APP_AUTH_TYPE_KEY])
+    ->label('sdk.namespace', 'health')
+    ->label('sdk.method', 'getQueueMails')
+    ->label('sdk.description', '/docs/references/health/get-queue-mails.md')
+    ->label('sdk.response.code', Response::STATUS_CODE_OK)
+    ->label('sdk.response.type', Response::CONTENT_TYPE_JSON)
+    ->label('sdk.response.model', Response::MODEL_HEALTH_QUEUE)
+    ->inject('response')
+    ->action(function (Response $response) {
+
+        $response->dynamic(new Document([ 'size' => Resque::size(Event::MAILS_QUEUE_NAME) ]), Response::MODEL_HEALTH_QUEUE);
+    }, ['response']);
+
+App::get('/v1/health/queue/messaging')
+    ->desc('Get messaging queue')
+    ->groups(['api', 'health'])
+    ->label('scope', 'health.read')
+    ->label('sdk.auth', [APP_AUTH_TYPE_KEY])
+    ->label('sdk.namespace', 'health')
+    ->label('sdk.method', 'getQueueMessaging')
+    ->label('sdk.description', '/docs/references/health/get-queue-messaging.md')
+    ->label('sdk.response.code', Response::STATUS_CODE_OK)
+    ->label('sdk.response.type', Response::CONTENT_TYPE_JSON)
+    ->label('sdk.response.model', Response::MODEL_HEALTH_QUEUE)
+    ->inject('response')
+    ->action(function (Response $response) {
+
+        $response->dynamic(new Document([ 'size' => Resque::size(Event::MESSAGING_QUEUE_NAME) ]), Response::MODEL_HEALTH_QUEUE);
+    }, ['response']);
+
+App::get('/v1/health/queue/migrations')
+    ->desc('Get migrations queue')
+    ->groups(['api', 'health'])
+    ->label('scope', 'health.read')
+    ->label('sdk.auth', [APP_AUTH_TYPE_KEY])
+    ->label('sdk.namespace', 'health')
+    ->label('sdk.method', 'getQueueMigrations')
+    ->label('sdk.description', '/docs/references/health/get-queue-migrations.md')
+    ->label('sdk.response.code', Response::STATUS_CODE_OK)
+    ->label('sdk.response.type', Response::CONTENT_TYPE_JSON)
+    ->label('sdk.response.model', Response::MODEL_HEALTH_QUEUE)
+    ->inject('response')
+    ->action(function (Response $response) {
+
+        $response->dynamic(new Document([ 'size' => Resque::size(Event::MIGRATIONS_QUEUE_NAME) ]), Response::MODEL_HEALTH_QUEUE);
+    }, ['response']);
+
 App::get('/v1/health/queue/functions')
     ->desc('Get functions queue')
     ->groups(['api', 'health'])

app/controllers/api/projects.php

@@ -92,16 +92,17 @@ App::post('/v1/projects')
 
         $projectId = ($projectId == 'unique()') ? ID::unique() : $projectId;
 
-        $backups['database_db_fra1_02'] = ['from' => '7:30', 'to' => '8:15'];
-        $backups['database_db_fra1_03'] = ['from' => '10:30', 'to' => '11:15'];
-        $backups['database_db_fra1_04'] = ['from' => '13:30', 'to' => '14:15'];
-        $backups['database_db_fra1_05'] = ['from' => '4:30', 'to' => '5:15'];
-        $backups['database_db_fra1_06'] = ['from' => '16:30', 'to' => '17:15'];
+        $backups['database_db_fra1_v14x_02'] = ['from' => '7:30', 'to' => '8:15'];
+        $backups['database_db_fra1_v14x_03'] = ['from' => '10:30', 'to' => '11:15'];
+        $backups['database_db_fra1_v14x_04'] = ['from' => '13:30', 'to' => '14:15'];
+        $backups['database_db_fra1_v14x_05'] = ['from' => '4:30', 'to' => '5:15'];
+        $backups['database_db_fra1_v14x_06'] = ['from' => '16:30', 'to' => '17:15'];
+        $backups['database_db_fra1_v14x_07'] = ['from' => '19:30', 'to' => '20:15'];
 
         $databases = Config::getParam('pools-database', []);
 
         /**
-         * Extract db from list while backing
+         * Remove databases from the list that are currently undergoing an backup
          */
         if (count($databases) > 1) {
             $now = new \DateTime();
@@ -120,7 +121,9 @@ App::post('/v1/projects')
             }
         }
 
-        if ($index = array_search('database_db_fra1_06', $databases)) {
+        $databaseOverride = App::getEnv('_APP_DATABASE_OVERRIDE', null);
+        $index = array_search($databaseOverride, $databases);
+        if ($index) {
             $database = $databases[$index];
         } else {
             $database = $databases[array_rand($databases)];
@@ -478,15 +481,43 @@ App::patch('/v1/projects/:projectId/team')
             throw new Exception(Exception::TEAM_NOT_FOUND);
         }
 
-        $project = $dbForConsole->updateDocument('projects', $project->getId(), $project
+        $permissions = [
+            Permission::read(Role::team(ID::custom($teamId))),
+            Permission::update(Role::team(ID::custom($teamId), 'owner')),
+            Permission::update(Role::team(ID::custom($teamId), 'developer')),
+            Permission::delete(Role::team(ID::custom($teamId), 'owner')),
+            Permission::delete(Role::team(ID::custom($teamId), 'developer')),
+        ];
+
+        $project
             ->setAttribute('teamId', $teamId)
-            ->setAttribute('$permissions', [
-                Permission::read(Role::team(ID::custom($teamId))),
-                Permission::update(Role::team(ID::custom($teamId), 'owner')),
-                Permission::update(Role::team(ID::custom($teamId), 'developer')),
-                Permission::delete(Role::team(ID::custom($teamId), 'owner')),
-                Permission::delete(Role::team(ID::custom($teamId), 'developer')),
-            ]));
+            ->setAttribute('teamInternalId', $team->getInternalId())
+            ->setAttribute('$permissions', $permissions);
+        $project = $dbForConsole->updateDocument('projects', $project->getId(), $project);
+
+        $installations = $dbForConsole->find('installations', [
+            Query::equal('projectInternalId', [$project->getInternalId()]),
+        ]);
+        foreach ($installations as $installation) {
+            $installation->getAttribute('$permissions', $permissions);
+            $dbForConsole->updateDocument('installations', $installation->getId(), $installation);
+        }
+
+        $repositories = $dbForConsole->find('repositories', [
+            Query::equal('projectInternalId', [$project->getInternalId()]),
+        ]);
+        foreach ($repositories as $repository) {
+            $repository->getAttribute('$permissions', $permissions);
+            $dbForConsole->updateDocument('repositories', $repository->getId(), $repository);
+        }
+
+        $vcsComments = $dbForConsole->find('vcsComments', [
+            Query::equal('projectInternalId', [$project->getInternalId()]),
+        ]);
+        foreach ($vcsComments as $vcsComment) {
+            $vcsComment->getAttribute('$permissions', $permissions);
+            $dbForConsole->updateDocument('vcsComments', $vcsComment->getId(), $vcsComment);
+        }
 
         $response->dynamic($project, Response::MODEL_PROJECT);
     });

app/controllers/api/storage.php

@@ -62,8 +62,8 @@ App::post('/v1/storage/buckets')
     ->label('sdk.response.model', Response::MODEL_BUCKET)
     ->param('bucketId', '', new CustomId(), 'Unique Id. Choose a custom ID or generate a random ID with `ID.unique()`. Valid chars are a-z, A-Z, 0-9, period, hyphen, and underscore. Can\'t start with a special char. Max length is 36 chars.')
     ->param('name', '', new Text(128), 'Bucket name')
-    ->param('permissions', null, new Permissions(APP_LIMIT_ARRAY_PARAMS_SIZE), 'An array of permission strings. By default, no user is granted with any permissions. [Learn more about permissions](/docs/permissions).', true)
-    ->param('fileSecurity', false, new Boolean(true), 'Enables configuring permissions for individual file. A user needs one of file or bucket level permissions to access a file. [Learn more about permissions](/docs/permissions).', true)
+    ->param('permissions', null, new Permissions(APP_LIMIT_ARRAY_PARAMS_SIZE), 'An array of permission strings. By default, no user is granted with any permissions. [Learn more about permissions](https://appwrite.io/docs/permissions).', true)
+    ->param('fileSecurity', false, new Boolean(true), 'Enables configuring permissions for individual file. A user needs one of file or bucket level permissions to access a file. [Learn more about permissions](https://appwrite.io/docs/permissions).', true)
     ->param('enabled', true, new Boolean(true), 'Is bucket enabled? When set to \'disabled\', users cannot access the files in this bucket but Server SDKs with and API key can still access the bucket. No files are lost when this is toggled.', true)
     ->param('maximumFileSize', (int) App::getEnv('_APP_STORAGE_LIMIT', 0), new Range(1, (int) App::getEnv('_APP_STORAGE_LIMIT', 0)), 'Maximum file size allowed in bytes. Maximum allowed value is ' . Storage::human(App::getEnv('_APP_STORAGE_LIMIT', 0), 0) . '.', true)
     ->param('allowedFileExtensions', [], new ArrayList(new Text(64), APP_LIMIT_ARRAY_PARAMS_SIZE), 'Allowed file extensions. Maximum of ' . APP_LIMIT_ARRAY_PARAMS_SIZE . ' extensions are allowed, each 64 characters long.', true)
@@ -236,8 +236,8 @@ App::put('/v1/storage/buckets/:bucketId')
     ->label('sdk.response.model', Response::MODEL_BUCKET)
     ->param('bucketId', '', new UID(), 'Bucket unique ID.')
     ->param('name', null, new Text(128), 'Bucket name', false)
-    ->param('permissions', null, new Permissions(APP_LIMIT_ARRAY_PARAMS_SIZE), 'An array of permission strings. By default, the current permissions are inherited. [Learn more about permissions](/docs/permissions).', true)
-    ->param('fileSecurity', false, new Boolean(true), 'Enables configuring permissions for individual file. A user needs one of file or bucket level permissions to access a file. [Learn more about permissions](/docs/permissions).', true)
+    ->param('permissions', null, new Permissions(APP_LIMIT_ARRAY_PARAMS_SIZE), 'An array of permission strings. By default, the current permissions are inherited. [Learn more about permissions](https://appwrite.io/docs/permissions).', true)
+    ->param('fileSecurity', false, new Boolean(true), 'Enables configuring permissions for individual file. A user needs one of file or bucket level permissions to access a file. [Learn more about permissions](https://appwrite.io/docs/permissions).', true)
     ->param('enabled', true, new Boolean(true), 'Is bucket enabled? When set to \'disabled\', users cannot access the files in this bucket but Server SDKs with and API key can still access the bucket. No files are lost when this is toggled.', true)
     ->param('maximumFileSize', null, new Range(1, (int) App::getEnv('_APP_STORAGE_LIMIT', 0)), 'Maximum file size allowed in bytes. Maximum allowed value is ' . Storage::human((int)App::getEnv('_APP_STORAGE_LIMIT', 0), 0) . '.', true)
     ->param('allowedFileExtensions', [], new ArrayList(new Text(64), APP_LIMIT_ARRAY_PARAMS_SIZE), 'Allowed file extensions. Maximum of ' . APP_LIMIT_ARRAY_PARAMS_SIZE . ' extensions are allowed, each 64 characters long.', true)
@@ -351,10 +351,10 @@ App::post('/v1/storage/buckets/:bucketId/files')
     ->label('sdk.response.code', Response::STATUS_CODE_CREATED)
     ->label('sdk.response.type', Response::CONTENT_TYPE_JSON)
     ->label('sdk.response.model', Response::MODEL_FILE)
-    ->param('bucketId', '', new UID(), 'Storage bucket unique ID. You can create a new storage bucket using the Storage service [server integration](/docs/server/storage#createBucket).')
+    ->param('bucketId', '', new UID(), 'Storage bucket unique ID. You can create a new storage bucket using the Storage service [server integration](https://appwrite.io/docs/server/storage#createBucket).')
     ->param('fileId', '', new CustomId(), 'File ID. Choose a custom ID or generate a random ID with `ID.unique()`. Valid chars are a-z, A-Z, 0-9, period, hyphen, and underscore. Can\'t start with a special char. Max length is 36 chars.')
-    ->param('file', [], new File(), 'Binary file. Appwrite SDKs provide helpers to handle file input. [Learn about file input](/docs/storage#file-input).', skipValidation: true)
-    ->param('permissions', null, new Permissions(APP_LIMIT_ARRAY_PARAMS_SIZE, [Database::PERMISSION_READ, Database::PERMISSION_UPDATE, Database::PERMISSION_DELETE, Database::PERMISSION_WRITE]), 'An array of permission strings. By default, only the current user is granted all permissions. [Learn more about permissions](/docs/permissions).', true)
+    ->param('file', [], new File(), 'Binary file. Appwrite SDKs provide helpers to handle file input. [Learn about file input](https://appwrite.io/docs/storage#file-input).', skipValidation: true)
+    ->param('permissions', null, new Permissions(APP_LIMIT_ARRAY_PARAMS_SIZE, [Database::PERMISSION_READ, Database::PERMISSION_UPDATE, Database::PERMISSION_DELETE, Database::PERMISSION_WRITE]), 'An array of permission strings. By default, only the current user is granted all permissions. [Learn more about permissions](https://appwrite.io/docs/permissions).', true)
     ->inject('request')
     ->inject('response')
     ->inject('dbForProject')
@@ -696,7 +696,7 @@ App::get('/v1/storage/buckets/:bucketId/files')
     ->label('sdk.response.code', Response::STATUS_CODE_OK)
     ->label('sdk.response.type', Response::CONTENT_TYPE_JSON)
     ->label('sdk.response.model', Response::MODEL_FILE_LIST)
-    ->param('bucketId', '', new UID(), 'Storage bucket unique ID. You can create a new storage bucket using the Storage service [server integration](/docs/server/storage#createBucket).')
+    ->param('bucketId', '', new UID(), 'Storage bucket unique ID. You can create a new storage bucket using the Storage service [server integration](https://appwrite.io/docs/server/storage#createBucket).')
     ->param('queries', [], new Files(), 'Array of query strings generated using the Query class provided by the SDK. [Learn more about queries](https://appwrite.io/docs/queries). Maximum of ' . APP_LIMIT_ARRAY_PARAMS_SIZE . ' queries are allowed, each ' . APP_LIMIT_ARRAY_ELEMENT_SIZE . ' characters long. You may filter on the following attributes: ' . implode(', ', Files::ALLOWED_ATTRIBUTES), true)
     ->param('search', '', new Text(256), 'Search term to filter your list results. Max length: 256 chars.', true)
     ->inject('response')
@@ -777,7 +777,7 @@ App::get('/v1/storage/buckets/:bucketId/files/:fileId')
     ->label('sdk.response.code', Response::STATUS_CODE_OK)
     ->label('sdk.response.type', Response::CONTENT_TYPE_JSON)
     ->label('sdk.response.model', Response::MODEL_FILE)
-    ->param('bucketId', '', new UID(), 'Storage bucket unique ID. You can create a new storage bucket using the Storage service [server integration](/docs/server/storage#createBucket).')
+    ->param('bucketId', '', new UID(), 'Storage bucket unique ID. You can create a new storage bucket using the Storage service [server integration](https://appwrite.io/docs/server/storage#createBucket).')
     ->param('fileId', '', new UID(), 'File ID.')
     ->inject('response')
     ->inject('dbForProject')
@@ -829,7 +829,7 @@ App::get('/v1/storage/buckets/:bucketId/files/:fileId/preview')
     ->label('sdk.response.code', Response::STATUS_CODE_OK)
     ->label('sdk.response.type', Response::CONTENT_TYPE_IMAGE)
     ->label('sdk.methodType', 'location')
-    ->param('bucketId', '', new UID(), 'Storage bucket unique ID. You can create a new storage bucket using the Storage service [server integration](/docs/server/storage#createBucket).')
+    ->param('bucketId', '', new UID(), 'Storage bucket unique ID. You can create a new storage bucket using the Storage service [server integration](https://appwrite.io/docs/server/storage#createBucket).')
     ->param('fileId', '', new UID(), 'File ID')
     ->param('width', 0, new Range(0, 4000), 'Resize preview image width, Pass an integer between 0 to 4000.', true)
     ->param('height', 0, new Range(0, 4000), 'Resize preview image height, Pass an integer between 0 to 4000.', true)
@@ -995,7 +995,7 @@ App::get('/v1/storage/buckets/:bucketId/files/:fileId/download')
     ->label('sdk.response.code', Response::STATUS_CODE_OK)
     ->label('sdk.response.type', '*/*')
     ->label('sdk.methodType', 'location')
-    ->param('bucketId', '', new UID(), 'Storage bucket ID. You can create a new storage bucket using the Storage service [server integration](/docs/server/storage#createBucket).')
+    ->param('bucketId', '', new UID(), 'Storage bucket ID. You can create a new storage bucket using the Storage service [server integration](https://appwrite.io/docs/server/storage#createBucket).')
     ->param('fileId', '', new UID(), 'File ID.')
     ->inject('request')
     ->inject('response')
@@ -1138,7 +1138,7 @@ App::get('/v1/storage/buckets/:bucketId/files/:fileId/view')
     ->label('sdk.response.code', Response::STATUS_CODE_OK)
     ->label('sdk.response.type', '*/*')
     ->label('sdk.methodType', 'location')
-    ->param('bucketId', '', new UID(), 'Storage bucket unique ID. You can create a new storage bucket using the Storage service [server integration](/docs/server/storage#createBucket).')
+    ->param('bucketId', '', new UID(), 'Storage bucket unique ID. You can create a new storage bucket using the Storage service [server integration](https://appwrite.io/docs/server/storage#createBucket).')
     ->param('fileId', '', new UID(), 'File ID.')
     ->inject('response')
     ->inject('request')
@@ -1297,10 +1297,10 @@ App::put('/v1/storage/buckets/:bucketId/files/:fileId')
     ->label('sdk.response.code', Response::STATUS_CODE_OK)
     ->label('sdk.response.type', Response::CONTENT_TYPE_JSON)
     ->label('sdk.response.model', Response::MODEL_FILE)
-    ->param('bucketId', '', new UID(), 'Storage bucket unique ID. You can create a new storage bucket using the Storage service [server integration](/docs/server/storage#createBucket).')
+    ->param('bucketId', '', new UID(), 'Storage bucket unique ID. You can create a new storage bucket using the Storage service [server integration](https://appwrite.io/docs/server/storage#createBucket).')
     ->param('fileId', '', new UID(), 'File unique ID.')
     ->param('name', null, new Text(255), 'Name of the file', true)
-    ->param('permissions', null, new Permissions(APP_LIMIT_ARRAY_PARAMS_SIZE, [Database::PERMISSION_READ, Database::PERMISSION_UPDATE, Database::PERMISSION_DELETE, Database::PERMISSION_WRITE]), 'An array of permission string. By default, the current permissions are inherited. [Learn more about permissions](/docs/permissions).', true)
+    ->param('permissions', null, new Permissions(APP_LIMIT_ARRAY_PARAMS_SIZE, [Database::PERMISSION_READ, Database::PERMISSION_UPDATE, Database::PERMISSION_DELETE, Database::PERMISSION_WRITE]), 'An array of permission string. By default, the current permissions are inherited. [Learn more about permissions](https://appwrite.io/docs/permissions).', true)
     ->inject('response')
     ->inject('dbForProject')
     ->inject('user')
@@ -1405,7 +1405,7 @@ App::delete('/v1/storage/buckets/:bucketId/files/:fileId')
     ->label('sdk.description', '/docs/references/storage/delete-file.md')
     ->label('sdk.response.code', Response::STATUS_CODE_NOCONTENT)
     ->label('sdk.response.model', Response::MODEL_NONE)
-    ->param('bucketId', '', new UID(), 'Storage bucket unique ID. You can create a new storage bucket using the Storage service [server integration](/docs/server/storage#createBucket).')
+    ->param('bucketId', '', new UID(), 'Storage bucket unique ID. You can create a new storage bucket using the Storage service [server integration](https://appwrite.io/docs/server/storage#createBucket).')
     ->param('fileId', '', new UID(), 'File ID.')
     ->inject('response')
     ->inject('dbForProject')

app/controllers/api/teams.php

@@ -56,7 +56,7 @@ App::post('/v1/teams')
     ->label('sdk.response.model', Response::MODEL_TEAM)
     ->param('teamId', '', new CustomId(), 'Team ID. Choose a custom ID or generate a random ID with `ID.unique()`. Valid chars are a-z, A-Z, 0-9, period, hyphen, and underscore. Can\'t start with a special char. Max length is 36 chars.')
     ->param('name', null, new Text(128), 'Team name. Max length: 128 chars.')
-    ->param('roles', ['owner'], new ArrayList(new Key(), APP_LIMIT_ARRAY_PARAMS_SIZE), 'Array of strings. Use this param to set the roles in the team for the user who created it. The default role is **owner**. A role can be any string. Learn more about [roles and permissions](/docs/permissions). Maximum of ' . APP_LIMIT_ARRAY_PARAMS_SIZE . ' roles are allowed, each 32 characters long.', true)
+    ->param('roles', ['owner'], new ArrayList(new Key(), APP_LIMIT_ARRAY_PARAMS_SIZE), 'Array of strings. Use this param to set the roles in the team for the user who created it. The default role is **owner**. A role can be any string. Learn more about [roles and permissions](https://appwrite.io/docs/permissions). Maximum of ' . APP_LIMIT_ARRAY_PARAMS_SIZE . ' roles are allowed, each 32 characters long.', true)
     ->inject('response')
     ->inject('user')
     ->inject('dbForProject')
@@ -377,7 +377,7 @@ App::post('/v1/teams/:teamId/memberships')
     ->param('email', '', new Email(), 'Email of the new team member.', true)
     ->param('userId', '', new UID(), 'ID of the user to be added to a team.', true)
     ->param('phone', '', new Phone(), 'Phone number. Format this number with a leading \'+\' and a country code, e.g., +16175551212.', true)
-    ->param('roles', [], new ArrayList(new Key(), APP_LIMIT_ARRAY_PARAMS_SIZE), 'Array of strings. Use this param to set the user roles in the team. A role can be any string. Learn more about [roles and permissions](/docs/permissions). Maximum of ' . APP_LIMIT_ARRAY_PARAMS_SIZE . ' roles are allowed, each 32 characters long.')
+    ->param('roles', [], new ArrayList(new Key(), APP_LIMIT_ARRAY_PARAMS_SIZE), 'Array of strings. Use this param to set the user roles in the team. A role can be any string. Learn more about [roles and permissions](https://appwrite.io/docs/permissions). Maximum of ' . APP_LIMIT_ARRAY_PARAMS_SIZE . ' roles are allowed, each 32 characters long.')
     ->param('url', '', fn($clients) => new Host($clients), 'URL to redirect the user back to your app from the invitation email.  Only URLs from hostnames in your project platform list are allowed. This requirement helps to prevent an [open redirect](https://cheatsheetseries.owasp.org/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.html) attack against your project API.', true, ['clients']) // TODO add our own built-in confirm page
     ->param('name', '', new Text(128), 'Name of the new team member. Max length: 128 chars.', true)
     ->inject('response')

app/controllers/api/vcs.php

@@ -50,6 +50,7 @@ $createGitDeployments = function (GitHub $github, string $providerInstallationId
 
             $functionId = $resource->getAttribute('resourceId');
             $function = Authorization::skip(fn () => $dbForProject->getDocument('functions', $functionId));
+            $functionInternalId = $function->getInternalId();
 
             $deploymentId = ID::unique();
             $repositoryId = $resource->getId();
@@ -173,6 +174,7 @@ $createGitDeployments = function (GitHub $github, string $providerInstallationId
                     Permission::delete(Role::any()),
                 ],
                 'resourceId' => $functionId,
+                'resourceInternalId' => $functionInternalId,
                 'resourceType' => 'functions',
                 'entrypoint' => $function->getAttribute('entrypoint'),
                 'commands' => $function->getAttribute('commands'),

app/controllers/general.php

@@ -47,6 +47,8 @@ Config::setParam('cookieSamesite', Response::COOKIE_SAMESITE_NONE);
 
 function router(App $utopia, Database $dbForConsole, SwooleRequest $swooleRequest, Request $request, Response $response)
 {
+    $utopia->getRoute()?->label('error', __DIR__ . '/../views/general/error.phtml');
+
     $host = $request->getHostname() ?? '';
 
     $route = Authorization::skip(
@@ -57,12 +59,25 @@ function router(App $utopia, Database $dbForConsole, SwooleRequest $swooleReques
     )[0] ?? null;
 
     if ($route === null) {
+        if ($host === App::getEnv('_APP_DOMAIN_FUNCTIONS', '')) {
+            throw new AppwriteException(AppwriteException::GENERAL_ACCESS_FORBIDDEN, 'This domain cannot be used for security reasons. Please use any subdomain instead.');
+        }
+
+        if (\str_ends_with($host, App::getEnv('_APP_DOMAIN_FUNCTIONS', ''))) {
+            throw new AppwriteException(AppwriteException::GENERAL_ACCESS_FORBIDDEN, 'This domain is not connected to any Appwrite resource yet. Please configure custom domain or function domain to allow this request.');
+        }
+
+        if (App::getEnv('_APP_OPTIONS_ROUTER_PROTECTION', 'disabled') === 'enabled') {
+            if ($host !== 'localhost' && $host !== APP_HOSTNAME_INTERNAL) { // localhost allowed for proxy, APP_HOSTNAME_INTERNAL allowed for migrations
+                throw new AppwriteException(AppwriteException::GENERAL_ACCESS_FORBIDDEN, 'Router protection does not allow accessing Appwrite over this domain. Please add it as custom domain to your project or disable _APP_OPTIONS_ROUTER_PROTECTION environment variable.');
+            }
+        }
+
         // Act as API - no Proxy logic
+        $utopia->getRoute()?->label('error', '');
         return false;
     }
 
-    $utopia->getRoute()?->label('error', __DIR__ . '/../views/general/error.phtml');
-
     $projectId = $route->getAttribute('projectId');
     $project = Authorization::skip(
         fn () => $dbForConsole->getDocument('projects', $projectId)
@@ -83,6 +98,16 @@ function router(App $utopia, Database $dbForConsole, SwooleRequest $swooleReques
     $type = $route->getAttribute('resourceType');
 
     if ($type === 'function') {
+        if (App::getEnv('_APP_OPTIONS_FUNCTIONS_FORCE_HTTPS', 'disabled') === 'enabled') { // Force HTTPS
+            if ($request->getProtocol() !== 'https') {
+                if ($request->getMethod() !== Request::METHOD_GET) {
+                    throw new AppwriteException(AppwriteException::GENERAL_PROTOCOL_UNSUPPORTED, 'Method unsupported over HTTP. Please use HTTPS instead.');
+                }
+
+                return $response->redirect('https://' . $request->getHostname() . $request->getURI());
+            }
+        }
+
         $functionId = $route->getAttribute('resourceId');
         $projectId = $route->getAttribute('projectId');
 
@@ -114,6 +139,7 @@ function router(App $utopia, Database $dbForConsole, SwooleRequest $swooleReques
         \curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
         // \curl_setopt($ch, CURLOPT_HEADER, true);
         \curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 10);
+        \curl_setopt($ch, CURLOPT_TIMEOUT, 30);
 
         $executionResponse = \curl_exec($ch);
         $statusCode = \curl_getinfo($ch, CURLINFO_HTTP_CODE);
@@ -164,6 +190,7 @@ function router(App $utopia, Database $dbForConsole, SwooleRequest $swooleReques
         throw new AppwriteException(AppwriteException::GENERAL_SERVER_ERROR, 'Unknown resource type ' . $type);
     }
 
+    $utopia->getRoute()?->label('error', '');
     return false;
 }
 
@@ -380,7 +407,7 @@ App::init()
         if (App::getEnv('_APP_OPTIONS_FORCE_HTTPS', 'disabled') === 'enabled') { // Force HTTPS
             if ($request->getProtocol() !== 'https' && ($swooleRequest->header['host'] ?? '') !== 'localhost' && ($swooleRequest->header['host'] ?? '') !== APP_HOSTNAME_INTERNAL) { // localhost allowed for proxy, APP_HOSTNAME_INTERNAL allowed for migrations
                 if ($request->getMethod() !== Request::METHOD_GET) {
-                    throw new AppwriteException(AppwriteException::GENERAL_PROTOCOL_UNSUPPORTED, 'Method unsupported over HTTP.');
+                    throw new AppwriteException(AppwriteException::GENERAL_PROTOCOL_UNSUPPORTED, 'Method unsupported over HTTP. Please use HTTPS instead.');
                 }
 
                 return $response->redirect('https://' . $request->getHostname() . $request->getURI());