Chirag Aggarwal
8ebf4fee46
Use storage cache callback max age
2026-05-08 11:18:55 +05:30
Chirag Aggarwal
9337daf7ac
Preserve default storage cache hit max age
2026-05-08 11:15:17 +05:30
Chirag Aggarwal
bf76736971
Split storage cache control context
2026-05-08 09:57:33 +05:30
Chirag Aggarwal
6abd88b8f1
Type storage cache control config
2026-05-08 09:44:00 +05:30
Chirag Aggarwal
7b5a5b8d19
Rename storage cache control hook
2026-05-08 08:44:35 +05:30
Chirag Aggarwal
20ab5b026e
Add cached response cache-control callback
2026-05-08 08:33:37 +05:30
loks0n
7d0843cc7f
Migrate queueForBuilds to publisherForBuilds pattern
...
Replaces the stateful Appwrite\Event\Build queue class with a stateless
BuildPublisher and BuildMessage DTO, matching the publisher pattern used
by audits, certificates, executions, migrations, screenshots, stats, and
usage. Call sites now enqueue messages directly instead of mutating a
shared event object and relying on the API shutdown hook.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-07 13:23:21 +01:00
Matej Bačo
ec927104fe
Merge pull request #12221 from appwrite/fix-variables-api-feature-parity
...
Feat: Variables API feature parity
2026-05-06 11:27:32 +02:00
Matej Bačo
1ccf058c14
Fix failing tests
2026-05-06 10:19:30 +02:00
Matej Bačo
305e8e1ec7
Add request filter
2026-05-05 16:24:41 +02:00
ArnabChatterjee20k
bca876acaf
Merge remote-tracking branch 'origin/1.9.x' into big-int
2026-05-05 18:55:11 +05:30
fogelito
d98bd8c972
Remove line
2026-04-30 10:44:21 +03:00
fogelito
c0bba74eee
set setGlobalCollections logs
2026-04-30 10:36:12 +03:00
fogelito
f03cc847f8
Merge branch '1.9.x' of https://github.com/appwrite/appwrite into set-global-collection
...
# Conflicts:
# composer.lock
2026-04-29 17:07:32 +03:00
fogelito
8eed06678b
formatting
2026-04-29 15:54:05 +03:00
fogelito
7a9a2899ff
setGlobalCollections
2026-04-29 15:41:56 +03:00
Torsten Dittmann
dfbf45f4cc
Merge branch '1.9.x' into feat-out-of-order-chunk-uploads
2026-04-29 15:03:33 +04:00
Matej Bačo
e75fc5b859
Add list scopes endpoint for Console
2026-04-29 10:08:31 +02:00
Matej Bačo
c1f61b22aa
Merge branch '1.9.x' into feat-create-dynamic-keys
2026-04-28 17:18:36 +02:00
Matej Bačo
980762fc3e
Rename from dynamic key to ephemeral key (api keys)
2026-04-28 17:18:06 +02:00
Matej Bačo
b2ce95a0cd
Dynamic key backwards compatibility
2026-04-28 16:14:10 +02:00
Harsh Mahajan
67d24d3ef1
Merge branch '1.9.x' into feat/impersonation-query-params
2026-04-28 19:11:14 +05:30
harsh mahajan
87ed7c3817
feat: add query param fallback for all impersonation params and simplify tests
2026-04-28 19:10:55 +05:30
Torsten Dittmann
a0ef145b92
Merge branch '1.9.x' of https://github.com/appwrite/appwrite into feat-out-of-order-chunk-uploads
2026-04-28 17:10:56 +04:00
Matej Bačo
cb4cff120b
Add Keycloak oauth support
2026-04-28 10:54:13 +02:00
Matej Bačo
49e6a38e7f
Add fusionauth oauth
2026-04-28 10:43:16 +02:00
harsh mahajan
bda823ac0e
chore: format
2026-04-28 13:38:00 +05:30
harsh mahajan
5afc8f462d
fix: allow same-site in CSRF guard to support Console on subdomains
2026-04-28 13:26:13 +05:30
Matej Bačo
d25707346f
Add console oauth endpoint
2026-04-28 09:47:27 +02:00
harsh mahajan
a3f6cf4645
fix: restrict CSRF guard to same-origin only, drop same-site
2026-04-28 13:00:18 +05:30
harsh mahajan
5465be6301
fix: make CSRF guard fail-closed by requiring explicit same-origin Sec-Fetch-Site
2026-04-28 12:27:57 +05:30
harsh mahajan
46a457bfa3
fix: block impersonateUserId query param on cross-site requests to prevent CSRF
2026-04-28 12:10:51 +05:30
harsh mahajan
4c989f99c3
fix: cast impersonateUserId query param to string to prevent array injection
2026-04-28 12:05:02 +05:30
harsh mahajan
8f1d73a6cb
chore: clarify intentional header-only restriction for email/phone impersonation
2026-04-28 12:02:00 +05:30
harsh mahajan
01b5fa8ecb
fix: restrict impersonation query param fallback to userId only
...
Remove query param fallback for impersonateEmail and impersonatePhone
to avoid PII exposure in server logs, browser history, and Referer
headers. Only impersonateUserId (an opaque internal ID) is safe to
pass via URL query param.
2026-04-28 11:58:25 +05:30
harsh mahajan
d73b7a70d8
feat: add query param fallback for impersonation headers
...
Allow impersonation to be specified via URL query params
(?impersonateUserId, ?impersonateEmail, ?impersonatePhone) as a
fallback to the existing headers, enabling Console to embed
impersonation in direct file/image URLs where headers cannot be set.
2026-04-28 11:44:39 +05:30
Matej Bačo
b28b851bb2
microsoft oauth endpoint
2026-04-27 15:49:44 +02:00
Torsten Dittmann
49d2db65e6
feat: support out-of-order chunked uploads
...
- Add APP_LIMIT_UPLOAD_CHUNK_SIZE constant (5MB) matching official SDKs
- Replace dynamic chunk calculation with fixed 5MB chunk math in all upload endpoints
- Remove -1 last-chunk sentinel that broke when last chunk arrived first
- Fix duplicate-retry guards: return existing resource instead of erroring for chunked uploads
- Add out-of-order e2e tests for Storage, Functions, and Sites
- Upgrade utopia-php/storage to 2.0.0 for device-level out-of-order assembly support
2026-04-27 17:15:00 +04:00
Matej Bačo
a781325679
Add oauth read operations
2026-04-27 14:47:47 +02:00
Matej Bačo
15f94d99ca
Add Kick OAuth adapter
2026-04-27 14:02:30 +02:00
Matej Bačo
e4bfb38a57
add okta provider
2026-04-26 11:14:50 +02:00
Matej Bačo
d25dac7d60
Manual quality improvmenets
2026-04-26 10:29:41 +02:00
Matej Bačo
ffd0dbd406
Add OIDC endpoint
2026-04-25 10:20:00 +02:00
Matej Bačo
d9d87f813f
apple oauth endpoints
2026-04-24 16:31:21 +02:00
Matej Bačo
db7acd4b8b
More OAuth endpoints
2026-04-24 15:02:36 +02:00
Matej Bačo
a62ca8612d
More OAuth endpoints
2026-04-24 14:31:38 +02:00
Matej Bačo
8cdcd379c8
Add more oauth endpoints
2026-04-24 14:15:34 +02:00
Matej Bačo
fe08978851
More OAuth provider endpoints
2026-04-24 12:58:32 +02:00
Matej Bačo
c097d9fcdd
Dropbox adapter
2026-04-24 12:20:48 +02:00
Matej Bačo
335b1c2f6c
Figma OAuth endpoint
2026-04-24 11:45:59 +02:00
