Elgato_dark/appwrite
1
0
Fork 0
mirror of https://github.com/appwrite/appwrite synced 2026-05-24 09:28:40 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

previewHostname security

Browse source
This commit is contained in:
Matej Bačo 2025-02-17 11:54:07 +01:00
parent d1978b102f
commit e5e7c50ca4
2 changed files with 42 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

37
app/init.php
View file

@ -1910,9 +1910,38 @@ App::setResource(
fn () => fn (Document $project, string $resourceType, ?string $resourceId) => false fn () => fn (Document $project, string $resourceType, ?string $resourceId) => false
); );
App::setResource('previewHostname', function (Request $request) { /**
// TODO: @Meldiron Allow in production too for internal communication (authorized with secret) * JWT key from x-appwrite-key header.
if (App::isDevelopment()) { *
* @return array<string, mixed> Decoded key-value pair from JWT
*/
App::setResource('dynamicKey', function (Request $request) {
$apiKey = $request->getHeader('x-appwrite-key', '');
if (empty($apiKey) || !\str_contains($apiKey, '_')) {
return [];
}
[ $keyType, $authKey ] = \explode('_', $apiKey, 2);
if($keyType !== API_KEY_DYNAMIC) {
return [];
}
$jwtObj = new JWT(System::getEnv('_APP_OPENSSL_KEY_V1'), 'HS256', 86400, 0);
try {
$payload = $jwtObj->decode($authKey);
} catch (JWTException $error) {
return [];
}
return $payload;
}, ['request']);
App::setResource('previewHostname', function (Request $request, array $dynamicKey) {
if (App::isDevelopment() || $dynamicKey['overrideHostname'] ?? false) {
$host = $request->getQuery('appwrite-hostname', $request->getHeader('x-appwrite-hostname', '')); $host = $request->getQuery('appwrite-hostname', $request->getHeader('x-appwrite-hostname', ''));
if (!empty($host)) { if (!empty($host)) {
return $host; return $host;
@ -1920,4 +1949,4 @@ App::setResource('previewHostname', function (Request $request) {
} }
return ''; return '';
}, ['request']); }, ['request', 'dynamicKey']);

9
src/Appwrite/Platform/Modules/Functions/Workers/Builds.php
View file

@ -738,8 +738,17 @@ class Builds extends Action
], ],
]; ];
$jwtObj = new JWT(System::getEnv('_APP_OPENSSL_KEY_V1'), 'HS256', 900, 0);
$apiKey = $jwtObj->encode([
'overrideHostname' => true
]);
// TODO: @Meldiron if becomes too slow, do concurrently // TODO: @Meldiron if becomes too slow, do concurrently
foreach ($configs as $key => $config) { foreach ($configs as $key => $config) {
$config['headers'] = \array_merge($config['headers'] ?? [], [
'x-appwrite-key' => API_KEY_DYNAMIC . '_' . $apiKey
]);
$response = $client->fetch( $response = $client->fetch(
url: 'http://appwrite-browser:3000/v1/screenshots', url: 'http://appwrite-browser:3000/v1/screenshots',
method: 'POST', method: 'POST',